Converting LetsEncrypt certs to .pfx for IIS

By sduncan 0 Comment

Converting LetsEncrypt certs to .pfx for IIS

Uncategorised

OpenSSL for Windows is available here in binary format (no compiling needed) I chose the 1st one in the list. Worked fine.

openssl pkcs12 -export -out LetsEncrypt.pfx -inkey mysite-key.pem -in mysite-crt.pem -certfile mysite-chain.pem (you will be asked to add a password)

Then use IIS to IMPORT the cert. You will be asked for the password from the previous step.

Multiple certificates may be bound to a single Site and TCP port (https/443) Which certificate is used is based on the URL in the address bar. This allows us to point 2 URLs to the same IP address, thereby allowing to choose a working certificate.


The requirement for binding multiple certs to a single TCP port is to Require Server Name Indication and supply a Host name. Recommend leaving a single binding without to deal with browsers that don’t support this feature.

more info here

If you run into the error HRESULT: 0x80070520; mare sure you are importing the certificate into the LOCAL MACHINE private store and not the CURRENT USER private store.

enter image description here

sduncan