Linux

How to generate pfx file using pb7 file

PFX file is an SSL certificate which is used on IIS (Internet Information Services) on Microsoft Windows servers. When we purchase an SSL certificate from GoDaddy for IIS, it generally provides two files .crt and .pb7 but not the .pfx file which is required for the IIS. In this tutorial, I’ll explain how to generate pfx file using pb7 file provided by GoDaddy.

This will tutorial will also help you if you want to renew your SSL certificate but do not have the old private key file but you have  your old certificate file in pfx format.

Note: You need to have openssl module installed on the system to execute these commands.

Steps to generate key file using the old pfx certificate file

// Files provided by GoDaddy
// certificate : ee000222333444.crt
// ca file : g2_iis_intermediates.p7b
openssl pkcs12 -in oldcert.pfx -nocerts -out key.pem -nodes
openssl pkcs12 -in oldcert.pfx -nokeys -out cert.pem
openssl rsa -in key.pem -out server.key

sever.key is final private key file that we extracted from the certificate file i.e. oldcert.fpx

Steps to generate pfx file using private key file and certificate files (crt and pb7) provided by GoDaddy

openssl pkcs7 -print_certs -in gd-g2_iis_intermediates.p7b -out certificate.cer
openssl pkcs12 -export -in ee000222333444.crt -inkey server.key -out newcert.pfx -certfile certificate.cer

Here newcert.pfx is final certificate that we need to install on the server.

About the author

Sujeet Kr Singh