Converting OpenSSL PEM certificates and keys into a P12 format for IIS

Sometimes you want the same public key and certificate to operate on both *NIX and Windows machines. 

One way to do this is to create your key pair using openssl, obtain a certificate in PEM format, and then use openssl to convert the key and corresponding certificate into a P12 format that can be consumed by Windows.

PEM format is base64 encoded, meaning it is standard text that can be put into an ascii editor like Windows notepad.

Openssl needs you to give it a single file with a “.PEM” extension combining both your certificate and private key.  You do this by cutting and pasting the text from your certificate and private key files to produce a “.PEM” file like this:

Next, use openss to create a “p12” file using the combined “.PEM” file.  The command is shown below.  Assuming your private key is protected by a passphrase, you will first be asked for the passphrase to unlock your “.pem” key, and then asked for another to protect the newly created “p12” file.  (I use the same one to reduce prospects of insanity).

The result will be a “.p12” file that you can install into Windows.


Published by

Kim Cameron

Work on identity.

One thought on “Converting OpenSSL PEM certificates and keys into a P12 format for IIS”

Comments are closed.