1. Click Start followed by Run. Type MMC.exe, and then click OK. Click File and then Add/Remove Snap-in.
2. Click Add. Highlight the "certificates" and then click Add again.
3. Choose Computer account and then click Next. Select Local Computer followed by OK. Click Close and then OK to close the "Snap-in" window.
4. Open the Certificates (Local Computer) snap-in that you created. Go to Personal followed by Certificates.
5. Right-click on the server certificate you want to convert, and then select All Tasks followed by Export.
6. Click Next on the wizard that opens. If the wizard doesn't open, repeat Step 5. If it still doesn't open, restart your computer and go back to Step 4.
7. Choose Private key as your export, and then click Next.
8. Choose the Personal Information Exchange (PFX) file format to create a PFX file.
9. Click Next and choose a password for the file. Click Next again.
10. Choose the file name. Don't include an extension, as the wizard automatically adds the PFX extension.
11. Click Next, write down where the file is saved to, and then click Finish.
Alternately (using OpenSSL cmd line, and GoDaddy signed certificate as example):
We generate CSR via OpenSSL command prompt:
>openssl req –new –newkey rsa:2048 –nodes –keyout yourdomain.key –out yourdomain.csr
Please refer to this site for command examples: http://www.sslshopper.com/article-most-common-openssl-commands.html
1. Convert private key, certificate and godaddy certificate bundle into .PEM file
2. Concatenate .PEM files of private key, certificate, godaddy certificates into one single .PEM file
3. Convert final .PEM file into .pfx file
When creating PFX, the middle/intermediate layer CA cert must be included. If the PFX does not contain the direct issuer’s CA, issues may be seen from portable OS.
The openssl command line is:
openssl pkcs12 -export -out output.pfx -inkey private.key -in star-splashtop.com.crt -certfile int.cer
Openssl will prompt IT to input password to protect output PFX file.
Output.pfx: the output file name.
Private.key: the private key for certificate.
Star-splashtop.com.crt: the signature for our site, provided by 3rd CA
Int.cer: 3rd CA’s certificate