17

We have a client who is directing their traffic to our web servers and needs us to use their wildcard SSL certificate. They gave it to me in two pieces though, one is the public key (.cer) and another file containing the private key (.key). I can't figure out how to get these two to come together in IIS so I can bind it to a site. Assistance is greatly appreciated. Thanks!

splattne
  • 28,508
  • 20
  • 98
  • 148
James Alexander
  • 292
  • 2
  • 3
  • 9

4 Answers4

36

You may need to use OpenSSL to convert the file formats to PFX and then use the Certificates MMC snap-in to import them into the local computer's personal store.

The OpenSSL command is something like this -

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Doug Luxem
  • 9,612
  • 7
  • 50
  • 80
  • 1
    What is certificate.crt and CACert.crt in this case ? – Andreas Mattisson Dec 07 '16 at 15:26
  • 2
    "-inkey privateKey.key" is your private key. "-in certificate.crt" is your certificate. "-certfile CACert.crt" can be used to include any intermediate certificates (optional) Reference "File Creation Options" @ https://www.openssl.org/docs/man1.1.0/apps/openssl-pkcs12.html – Matt Nov 28 '17 at 23:14
4

You'll just need to convert the separate certificate files to a .pfx to import it into IIS: https://www.sslshopper.com/ssl-converter.html

Robert
  • 1,575
  • 7
  • 7
  • 3
    Isn't it a bit of a security risk to send your certificate with private key to a third party site. You have no control over when they then do with that information. Do you trust them? – johnstaveley Mar 26 '19 at 08:45
  • @johnstaveley It absolutely is. I've used this tool once or twice in the past when importing development environment certificates and I wasn't particularly concerned about exposing them. However, I would definitely avoid using this (or any!) site to convert your certificates when you can easily do so with a simple command in `openssl`, which will most likely be installed on your computer. – Dan Atkinson Aug 02 '19 at 12:14
2

You could ask your client if the certificate could be exported as .pfx file. You can easily import the pfx file using IIS Manager.

Here is a link to a tutorial: PFX Export/Import Explained - How to Import and Export your SSL Certificate in IIS 7

splattne
  • 28,508
  • 20
  • 98
  • 148
0

You need to load the certificate into the certificate store on your computer. The certificate store is an MMC snap-in.

Jeff
  • 1,018
  • 1
  • 10
  • 14