SSL Personal Key


I’m running into a similar issue as was discussed here: Short summary: I have the four .crt files, but do not have the ability to get a .pfx file.

I’ve been through the knowledge base, but cannot find any references to how to get the .pfx file or create related personal key. I’m using IIS 7, and while I can import and use the keys for some purposes, but need to actually create the .pfx. Can anyone offer some assistance?


Have you reviewed the Support site lately? [ ] It has all the answers you seek.

You’ll first want to install your certificate on to IIS 7 & then once installed, you can use the MMC to export the cert as a PFX by using the Certificates snap-in.

Hope this helps!!!

Hi Sal,

Unfortunately I’m not given that option in the MMC. From what I can tell, I haven’t actually had the opportunity to connect a private key to the certificate. I generated a .REQ, which contained the requested information on the certificate, but at no point was prompted to create a private key. Through both IIS and the certificates MMC snap-in, there isn’t a spot for it during the request process. I entered key request information as requested during the certificate generation process, then received the 4 .CRTs.

After importing the Certificate, it also shows differently from other certificates with private keys, without the small key logo in the certificate snap-in which indicates an attached private key. Not sure if I missed a step in the process somehow.

Microsoft has many ways to request & install certs. I have personally not found a way to bridge them all together. If you start one way, you must finish that way. I think it’s silly & confusing but that’s what it is.

I believe you made use of ‘certreq’ via the command prompt so therefore you MUST use it to install it. Personally, this function is for more power users but if you feel comfortable, please use it. I personally recommend following these instructions [ CSR Generation: Microsoft IIS 7.x - Powered by Kayako Help Desk Software ] as it will take you from CSR Generation to installation. Once installed, you can use the article that I supplied earlier to get that PFX.

Actually I did go through that exact process in IIS to generate the request. When generating a cert that way, you don’t ever enter a private key. I just ran through the process again as a test, but it go directly from entering company information, to submitting it on the Comodo website, to downloading the .CRTs.