Generate a PFX file from a GoDaddy SSL certificate

This happens to me regularly with Azure apps. I need the PFX version of an SSL certificate in order to secure a Web App or service. I'll show you the simplest command to get the job done.

I’m performing this task on Windows 10, but I’m sure it will work on MacOS as long as you have openssl installed.

On Windows you can gain access to OpenSSL by downloading and installing the Putty client from their site. If you’ve got Git Bash installed that should also have OpenSSL available.

OpenSSL is and open-source implementation tool for SSL/TLS, so it contains many useful functions for manipulating certificate files.

To make this work you should have two files handy:

  • A PEM encoded (.pem/.crt/.cer) SSL certificate file from your GoDaddy bundle.
  • The original private key associated with the certificate.

If you don’t have a private key for the GoDaddy cert, follow my guide to recover a private key.

Open your CMD, Terminal, or Git Bash. CD into the directory containing the certificate files and enter the following command:

openssl pkcs12 -export -out new-cert.pfx -inkey my-private.key -in my-ssl-certificate.crt

If the process hangs, try it again by prefixing the command with winpty.

Important! You will be prompted to enter a password that protects the private key embedded in the file. Be sure to record the password.

If you need to include additional intermediate certificates, append the following switch to your command:

-certfile intermediate.crt

The result should be a PFX file containing a password-protected private key that is ready to be used on Azure or another platform requiring the PFX format for SSL certificates.