Password protect PFX File?

Hey guys,

I am new to the SSL game and used LetsEncrypt to get my site properly secured. Imported into IIS no problem, my site using https:// is valid and secure no issues. A requirement for a server app I am installing requires the root, intermediate and certificate to work. The problem is the software requires the PFX has a password which mine does not so it errors out. Is there an easy way to set a password for the file without having to regenerate the certificate?


edit: i see the option in the .config file to set the password and set one. if i run letsencrypt.exe --renew --baseuri will this automatically renew the cert (even tho its not expired on my server) and password protect my pfx? would this change anything that I would have to update on IIS?

thanks again

Hi traviss

Very good questions.

Microsoft likes pfx format because the key and cert are in one
You can create a PFX from a key and cert using OpenSSL
A lot of useful OpenSSL commands:
The command you need is

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

After you type that command OpenSSL will ask you for a password so enter one

A few other points:
You wanto use the certificate which has the intermediate certificates as well
Have a read of a couple of articles I wrote below about using LetsEncrypt with Windows


1 Like

… the cipher-key material is the same, but the packaging is different, and that particular packaging includes a password feature …

hey thanks for the reply this has helped a lot. can i simply rename the key letsencrypt generated from <>-key.pem to <>.key? i couldn’t find an explanation of the various extensions. Thanks for those two links they’ve helped with some clarity there.

hi traviss

no need to change the extensions just use the names as they are

openssl doesn’t really care about extensions but rather evaluates the contents of the file


1 Like

perfect it worked! thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.