Exporting SSL certificate to PFX format for using on IIS or Azure

Getting SSL certificate PFX format for IIS or Azure WebApp using OpenSSL

Hether your website requires SSL secured connection through HTTPS or not, it is even recommended by Google to use SSL for your website. Starting from 2005 Google page ranking takes into consideration whether your page has SSL certificate installed and serer content thorough HTTPS.

If you are hosting your website on IIS, you have some built in tols in Internet Information Service (IIS) manager, for SSL certificate operations but they are pretty limited and most of the time confusing to use. 

The best tool to use for certificate operations is OpenSSL. It comes on Linux operating systems as a package or already pre-installed component. For Windows there are various ports of it, but I use the one that comes with Cygwin which enables Linux-like environment on Window OS.

So first thing to do is download and install Cygwin from https://cygwin.com/. Once setup is done, you can run Cygwin terminal and start using it.

Generating Certificate Request (CSR) with OpenSSL

Start Cygwin terminal and execute following command with /CN=mydomain.com replaced with your domain you want to generate CSR for.

openssl req -nodes -newkey rsa:2048 -nodes -keyout certificate.key -out certificate.csr -subj "/CN=mydomain.com"

Your terminal output should look like this

$ openssl req -nodes -newkey rsa:2048 -nodes -keyout certificate.key -out certificate.csr -subj "/CN=mydomain.com"

Generating a 2048 bit RSA private key
writing new private key to 'certificate.key'

Once executed you will have your files generated in cygwin installation folder under home/username. If you install it with default options it will be in C:\cygwin64\home\<your username>

Use .csr and .key file for buying certificate from the SSL certificate provider.

Converting P7B to PFX certificate

In most of the cases you will get p7b certificate from the SSL certificate provider from which you bought certificate. Unfortunately you cannot use p7b directly in IIS or Azure App Service. You have to convert it to pfx format.

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.

We first need to convert p7b to cer before we generate pfx.

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

After running this command you will have .cer file in your Cygwin folder. 

Now we need to perform one more step to get pfx. The following command will export .cer to .pfx 

openssl pkcs12 -export -in certificate.cer -inkey certificate.key -out certificate.pfx

Once you run the command you will be requested to enter and confirm password. Choose any password you want. 


Make sure you save password you choose when exporting to pfx because it will be required later to import certificate to IIS or Azure.

$ openssl pkcs12 -export -in certificate.cer -inkey certificate.key -out certificate.pfx

Enter Export Password:
Verifying - Enter Export Password:

This is the last step fo generating pfx certificate format for using on IIS or Azure. The next thing is applying the certificate to your webiste.

Adding SSL to IIS website 

Now since you have the SSL certificate in PFX (PKCS#12) format, you can easily import it to IIS and use it in the binding for https.

First you need to register your certificate with IIS service. Open Internet Information Service (IIS) manager from Control Panel/Administartion Tools/Internet Information Service (IIS) manager or from windows Run window with inetmgr command.

Iis Cert

Open Server Certificates section and click import in the top right panel of the window. You will be prompted to point to .pfx certificate file and insert password you used when exporting to .pfc from .cer. For Certificate Store use Web Hosting option.

Import Certificate

Once certificate is imported it will be available in the list of certificates for https binding for any website on the IIS service machine.


For more information and useful links please check the references sections with links related to this subject



Purpose of the code contained in snippets or available for download in this article is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.

About the author


Dejan is a passionate Software Architect/Developer. He is highly experienced in .NET programming platform including ASP.NET MVC and WebApi. He likes working on new technologies and exciting challenging projects

CONNECT WITH DEJAN  Loginlinkedin Logintwitter Logingoogleplus Logingoogleplus


read more


read more

Umbraco CMS

read more


read more

Comments for this article