How to convert Crt certificate to Pfx format

Conversion of Crt Certificate to Pfx format

Recently we faced an issue where a client renewed his certificate from Godaddy, after renewal client found that the private key was missing from the certificate. Godaddy support suggested importing the certificate on the same server, from where the CSR was generated for this certificate, however, that server was removed from the network.

Conversion from one certificate format to another, such as from .crt to .pfx, is necessary to accommodate different systems or applications that require specific formats for certificate usage. For instance, .pfx files are commonly used for storing private keys with associated public key certificates. This conversion ensures compatibility and proper functionality across various platforms or tools that may have format-specific requirements.

Similarly, converting from .crt to .cer format may be necessary due to different naming conventions or requirements of systems. Both formats essentially contain certificate information, but their extensions might signify their usage or compatibility with particular software or environments. The conversion between these formats helps ensure seamless integration and usage across diverse systems that might necessitate a specific file format.


Objective: Conversion of Crt certificate to Pfx format.


  1. Locate the old PFX file containing the certificate’s password, which is nearing expiration, or export it from the current server.
  2. Download and install OpenSSL on your Windows PC.
  3. Follow these steps in the command prompt:
    C:\Windows\system32>cd \
    C:\>cd OpenSSL-Win64
    C:\OpenSSL-Win64>cd bin
  4. Place your old PFX file in the ‘bin’ directory and execute this command:
    OpenSSL> pkcs12 -in Old.pfx -nocerts -out keyfile-encrypted.key
    • Enter the Import Password when prompted.
    • Set a PEM pass phrase and verify it.
  5. This command will extract the key file and save it in the ‘bin’ folder. Use the following command to generate the PFX format of the certificate:
    OpenSSL> pkcs12 -export -out New.pfx -inkey keyfile-encrypted.key -in certificate.crt
    • Enter the pass phrase for ‘keyfile-encrypted.key’ (same as set in the previous command).
    • Set an Export Password and verify it.
  6. After executing these commands, a new file (‘New.pfx’) will be created in the ‘bin’ folder in PFX format.

In conclusion, by using OpenSSL on a Windows PC, you can extract and generate a new PFX file for an expiring certificate. Following the outlined steps will allow you to manage and safeguard your certificates effectively, ensuring a seamless continuation of secure operations.

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More