How to import a certificate into IIS without creating a new CSR request from that IIS server?

rivkamak used Ask the Experts™
I need to import an ssl certificate into my IIS web server.  The csr was not requested by this web server but I have access to the private key, and the .pem file from GoDaddy. The certificate is also in use by a different web server.
I believe I need to create a pfx to import into IIS. Is it possible to create a pfx file from just the pem and private key, or any other way. Does the intermediate certificate need to be added?

Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This can be done quite easily using OpenSSL (which you can download and run on a Windows machine). You will need to first install OpenSSL  on to a PC/Server then copy the CRT (pem) file, the private key file and also the intermediaries from GoDaddy (these are CRT and Intermediary files are actually flat text files and can be combined in to a single flat file with a CRT extension using a text editor).

Once you have OpenSSL installed, open a command prompt on your Windows PC and navigate to the OpenSSL directory, and execute the following command:

openssl pkcs12 -export -out YourCertName.pfx -inkey YourCertName.key -in YourCertName.crt

Open in new window

In the above example replace "YourCertName" with whatever name you have given your domain/files. When OpenSSL runs it will prompt you to enter a Password - and this can anything of your choosing, and will be used later during the Import process for IIS.

The resulting "YourCertName.pfx" file can then be copied out of the OpenSSL directory and imported in to IIS.

If needed you can download OpenSSL for windows from here:


Thank you. Is it necessary to give the intermediate? I already have one installed one the iis web server.
The intermediary is optional and not essential - just the primary cert and key are essential.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Director of Technology Development, IPM
If the intermediate certificate on the server is the same one that issued your web server certificate, then you do not need to re-import it. If it is not, then you DO need to import it, and it should go into the Intermediate certificate store (NOT the personal store).

You can check to see if your certificate chain is complete by going to DigiCert's Certificate Checker.
Top Expert 2016

on the server that has the certificate installed run certificate manager and export the certificate and private key to a pfx, install the certificate on the new server into the web server store, change your ssl binding to point to the new certificate.


Thank you very much!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial