在IIS上安装.crt SSL证书

Scenario:

Need to set up the existing PHP website on IIS Server.

The existing website uses SSL in some subdomains. The certificate is something.crt.

In IIS, Server Certificates, I try to Import Certificate. But it asks for a file with extention: .pfx. And it asks for a password.

I am not familiar with the SSL setting. Can someone help me out?

UPDATE: Actually I have a .crt file and a gd_iis_intermediates.p7b as well. Looks like they are issued by GoDaddy. Need some hint in how to use these two certificate files.

Thanks in advance.

Answering this in case anyone finds this helpful. So as of now you have a .crt file and .p7b file. Either of these files do not contain private keys. IIS or any web server for that matter needs .pfx (or .p12) which is the only file extension which supports storage of private keys. See this post for more info: https://blogs.msdn.microsoft.com/kaushal/2010/11/04/various-ssltls-certificate-file-typesextensions/

The private key gets created when you had created the certificate request. It is present on the machine where the certificate request was created. In order to get a .pfx file, do this on the machine where the certificate request was created:

  1. Launch MMC
  2. On the File menu, click Add/Remove Snap-in.
  3. Under Available snap-ins, double-click Certificates, and then select Computer account
  4. Expand the tree and right click and browse to Personal->All Tasks->Import.
  5. Follow the steps and select the .crt file that you want to import.

Once the file has been imported. Double click the certificate and check whether you see "You have a private key that corresponds to this certificate" enter image description here

If you dont see this, then try to run this command:

Certutil -repairstore my <Certificate thumbprint>

If the command fails, then it means that the privatekey is either not present or corrupted. In such case, simply restart the entire process.

If you see the private key associated with the certificate, then you can export the certificate along with the private key. The instructions are as same as above.

I found instructions including screenshots here: https://www.sslsupportdesk.com/export-ssl-certificate-private-key-pfx-using-mmc-windows/

HTH :)