Export IIS 7 SSL key and certificate in x509 format?

RichardKline used Ask the Experts™
I have a working SSL certificate installed on a WIndows 2008 R2 (IIS 7.5) server.

I've been asked to export the certificate and key in x509 format.

Can someone provide a step-by-step "for Dummies" recipe for doing that?   I assume that I must first export the certificate to PFX and then convert it?

I understand that I don't understand all the definitions/relationships/formats of PEM, DER, PKCS7, x509, CRT, CER.  While I want to understand it all better, I first need to get the export completed.

Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
X.509 is "the certificate" definition and define which content is included.
PEM, DER, PKCS7, x509, CRT, CER are only file extensions and define how the x.509 cert is stored/encoded.
so the .p12 file (PKCS#12) may contain the password protected private key. but it is also X.509.

the questions at windows IIS should be:
- with or without private key
- DER or base64 coded

mostly the certificates are usable if i save the files as .txt or .test also. because the file header contains the necessary information.

more details:
Exec Consultant
Distinguished Expert 2018
iis support pfx as it is and the key has to be marked as exportable else it cannot be exported as required. the below is reference on the requirement and steps per se.

in fact x.509 should be x.509v3. the other format (such as p12 or pkcs12, pem, der) is not the direct mapping for pfx. there are means to convert them and most are using the s/w called openssl. below are some example.


My question could not be answered as simply as I would have liked.     Both answers contain part of the needed information.    btan's showed me the necessary program and command line Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial