{"id":527,"date":"2020-01-30T11:30:14","date_gmt":"2020-01-30T16:30:14","guid":{"rendered":"https:\/\/increasec.com\/?p=527"},"modified":"2020-01-30T14:03:30","modified_gmt":"2020-01-30T19:03:30","slug":"converting-letsencrypt-certs-to-pfx-for-iis","status":"publish","type":"post","link":"https:\/\/increasec.com\/?p=527","title":{"rendered":"Converting LetsEncrypt certs to .pfx for IIS"},"content":{"rendered":"\n

OpenSSL for Windows is available here <\/a>in binary format (no compiling needed) I chose the 1st one in the list. Worked fine.<\/p>\n\n\n\n

openssl pkcs12 -export -out LetsEncrypt.pfx -inkey mysite-key.pem -in mysite-crt.pem -certfile mysite-chain.pem (you will be asked to add a password)<\/p>\n\n\n\n

Then use IIS to IMPORT the cert. You will be asked for the password from the previous step.<\/p>\n\n\n\n

Multiple certificates may be bound to a single Site and TCP port (https\/443) Which certificate is used is based on the URL in the address bar. This allows us to point 2 URLs to the same IP address, thereby allowing to choose a working certificate.<\/p>\n\n\n\n

\"\"

<\/figcaption><\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"
The requirement for binding multiple certs to a single TCP port is to Require Server Name Indication and supply a Host name. Recommend leaving a single binding without to deal with browsers that don’t support this feature. <\/figcaption><\/figure>\n\n\n\n

more info here<\/a><\/p>\n\n\n\n

If you run into the error HRESULT: 0x80070520; mare sure you are importing the certificate into the LOCAL MACHINE private store and not the CURRENT USER private store.<\/p>\n\n\n\n

\"enter<\/figure>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

OpenSSL for Windows is available here in binary format (no compiling needed) I chose the 1st one in the list. Worked fine. openssl pkcs12 -export -out LetsEncrypt.pfx -inkey mysite-key.pem -in…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[85,89,88,90],"class_list":["post-527","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-certificates","tag-free","tag-letsencrypt","tag-website"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=527"}],"version-history":[{"count":5,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/527\/revisions"}],"predecessor-version":[{"id":538,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/527\/revisions\/538"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}