Convert PEM Certificates from Certbot to PKCS12

I have followed the guide Certbot Instructions | Certbot and successfully got a certification at my domain

i got the following files to my certificate;
privkey.pem : the private key for your certificate.
fullchain.pem : the certificate file used in most server software.
chain.pem : used for OCSP stapling in Nginx >=1.3.7.
cert.pem : will break many server configurations, and should not be used

How do I make them to a PKCS12 / PFX certificate?

My domain is:
I ran this command: Certbot Instructions | Certbot
The operating system my web server runs on is (include version): Windows 10 Pro Virtual Machine

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out YOUR.pfx

OR, if that fails...
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out YOUR.pfx

But a much simpler, and more automated solution, is to change to a Windows based ACME client - which can create the certs in a PFX format and also install them into the Windows cert store.


where should i write this command? just open up PowerShell and run the command.
do I need to download any software in order to use the openssl command, I've been reading about something that seems like you have to download openssl

The simpler way, how do I set that up? I'm gonna use the .pfx file to my Emby server so if it can be automated easier, then I'm all in :slight_smile:

OpenSSL may, or may not, be part of your Windows system.
[if not, you should be able to download it]
[also check "add or remove programs" for it - I know windows now has curl and OpenSSH available]

If the Emby system can use certs directly from the Windows certificate store is the main question now.


wich type should i download :open_mouth:
I'm running windows 10 pro
I cannot find openssl under "add or remove programs"

I agree with rg305 that using a Windows based ACME client seems better for you. The Certify The Web is a popular gui system.

Here is the Let's Encrypt list for Windows ACME clients