Convert a .crt file to .PFX(using IIS) to implement an Private SSL Certificate generated by your Certificate Provider on App Service

Hello, we are going to implement a .cert certificate for being use for an App Service.
For that we will need that you already have bought your certificate or generate it( for free with OpenSSL & Let’s Encrypt).

In this example we are going to use a certificate from GoDaddy, but the steps for mostly provider are almost the same(for example: name.com)

Then we also need to have IIS(Internet Information Services Installed in your PC)

For beginning we need to open IIS on your PC  and click on Server Certificates:

And the click on Create certificate Request in your right side:

Once clicked here, you will have the following screen:

Please fill it out with the information below:

• Common Name: Here we put the link of that domain we are going to protect with this certificate(Normally we buy a SLL certificate, you can choose between wildcards or standards certificates, if this is a Wilcard remember to put the (asterisk ) for example:   *.<your-custom-domain>.org
• The rest of spaces can be fill with your personal information

After filling your information, please click next

It will show an screen like this, please select Microsoft RSA SChannel Cryptographic Provider  as a cryptographic service provider and 2048 as the Bit Length as below and then click next:

It will show an screen like this, here we have to specify a filename for the certificate request, we are going to click on the three dots

And look for the path of “My certificate Files”, name the file in the textbox and then click open and then click on finish and wait for a few seconds.

After clicking finish, we are going to look into the files of “My Certificate Files” and find a .txt file name as you wanted, my case “csr1.txt.”

We double click on it, and then copy everything that is inside, every single line.

Now we go to GoDaddy, sign in, select the Certificate by clicking the “Manage” button

Here we are going to click Re-Key and we will paste the key we already copied, and then click save.

Scroll down and make sure you save all the configuration with a second button of “Save all changes”

After that, we continue by downloading the certificate configuration in the GoDaddy’s website, download it as an IIS.

Now, we take the file we already downloaded and move it to our folder “My Certificate Files”, here we unzip the file, by right clicking and clicking on extract all

After that we return to our IIS to the “Server Certificates” and we click over “Complete certificate request”, the option below we chose before.

Here we choose the path of the .crt file that we already unzipped. In friendly name we are going to put the same name as a the domain we want to protect, we chose Personal a the store of the new certificate, and the click OK.

Now we type “Windows + R” and type “mmc”, it will show a windows like this:

Here we type “Ctrl+ M” and it’ll show a screen like this.

Here we select the certificates option, and click add to move it to the right column

And we click OK.

It will show you at your left side the certificates, you double click it and you will see the storage of certificates. As we stored it in Personal, we’ll look for the certificate there

And we click OK.

It will show you at your left side the certificates, you double click it and you will see the storage of certificates. As we stored it in Personal, we’ll look for the certificate there

You’ll see your certificate installed named as you wished in “Friendly Name”(your domain name)

There we right click, select “All Tasks” and then “Export”. This will open the following wizard

It’ll show you this screen:

We click next and then we make sure to select “Yes, export the private key”

On the next step, make sure you select the first and last check box. The first one it will make sure to select certificate and the CAs together.

After you click on next make sure you include a password. And then on the last step choose a name and where you want to save the .PFX file.

When this steps are done, you can use the .PFX file to upload it to Azure by following the next steps:

Add and Add and manage TLS/SSL certificates – Azure App Service | Microsoft Docs

Further information: Export a Certificate with the Private Key | Microsoft Docs

If you have any further questions or concerns, please feel free to contact me.  I am always glad to advise!

Thanks for reading my blog 🙂

Dorian Isaac Vallecillo Calderón
LinkedIn Profile: https://www.linkedin.com/in/dorianivc/
Email: dorianivc1@gmail.com

Free Certificate for App Services
Azure
Certificate
Convert pem to pfx
convert cer to pfx
use free cert on azure