Import SSL Cert into IIS when I have the text of the certificate and private key

Question

I am working on moving a site from Rackspace Cloud Sites onto a server running IIS and need to get the SSL certificate imported into IIS. All I have at the moment for the SSL certificate is what Rackspace gives me.
The text of the certificate -----BEGIN CERTIFICATE----- etc. -----END CERTIFICATE-----

And the text of the private key -----BEGIN RSA PRIVATE KEY----- etc. -----END RSA PRIVATE KEY-----

From what I've found I need to have a .pfx file to import the certificate. How would I get one from having the text of the certificate + the text of the key?

Answer 1

You need to combine your issued certificate and unencrypted private key into a .pfx file (PKCS#12 format) in order to import it into IIS.

Use the following OpenSSL command:

openssl pkcs12 -export -out "output.pfx" -inkey "Unencrypted_Private_Key.pem"
-in  "Issued_Certificate.cer" -certfile CACert.crt

The certificate and key files are just text files with .cer and .pem extensions, respectively.

How to decrypt an encrypted private key:

openssl rsa -in "Encrypted_Private_Key.pem" -out "Decrypted_Private_Key.pem"

See more OpenSSL commands and this helpful online SSL tool.

If your PFX file was created correctly, but you receive an error like "Connection Interrupted" when browsing SSL on your website after installing the certificate, try rebooting the server. It has worked for me in the past. If it doesn't, your private key probably does not match your certificate.

Answer 2

OpenSSL will do this for you, given the cert and keys like this you can combine them into a PKCS#12 format which should work in most cases where .PFX is specified. The documentation for OpenSSL has detailed examples.