Let’s encrypt generate a PFX with IIS


Windows Server 2019

Intro

In this tutorial, I will explain how to generate a Let’s Encrypt certificate in PFX and then import it on another IIS server, in Exchange or on an RDS gateway.

In the tutorial: Installing a Let’s Encrypt certificate on IIS, I explain how to generate a Let’s Encrypt certificate with IIS. This article is produced with a version 1.9 of WACS, which allows the export in PFX of the certificate after generation.

Since version 2.X of WACS is out and no longer allows the export of the private key if we pass the method explained,.

Using Let’s Encrypt services for the generation of certification for the RDS gateway, version 2.X no longer allows the import of the certificate by the administration console, since it is necessary to provide a certificate in PFX format.


Certify The Web

Easily generate and manage your Let’s Encrypt certificates with Certify The Web


Prerequisites

  • An IIS web server.
  • Download Windows ACME Simple (WACS).
  • Have the site (s) to configure on the IIS server on port 80 and accessible from the Internet.
  • If necessary copy the file Web_Config.xml to the directory of Internet sites which available in the WACS archive.

Generate a Let’s Encrypt PFX

Run WACS as Administrator, right click on wacs.exe 1 and click on Run as administrator.

Lauch wacs.exe

Once the menu loaded, enter the letter M to create a certificate in full options mode.

full options

Use option 1 (IIS) to list the available domains.

How to list domain - IIS

Select the IIS site where the domain is linked.

Choose IIS

Enter choice 1: Pick specific binding from the list.

Select site

Include bindings, validate by pressing Enter.

Select domain

Confirm the selection of the domain (s) found by pressing Enter (yes).

valid domain

Confirm again by pressing the Enter key.

Alternative name

Select a validation method, default 2.

Select valid method

Choose the type of key, by default RSA Key 2.

select RSA Key

Choose the certificate output mode, select 1 to generate a PFX – IIS Central Certificate Store (.pfx per domain).

IIS Central Certificate Store (.pfx per domain)

Enter the location where the certificate will be saved.

Folder for save file

Enter the password for the PFX file.

Choose another certificate output location if necessary, default 3.

Enter choice 4 to not take any additional action.

Wait while generating the certificate.

Once the certificate has been generated, WACS offers to update the renewal task, by default No.

Exit WACS.

Get the certificate format PFX

Open Windows Explorer and go to the location configured during the generation of the certificate to recover the file.




Leave a Comment