Trying to do this with OpenSSL I kept getting the following error:

“unable to load private key

24516:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

So I decided to write this guide to help me next time, and it may help others as well! You will need to have installed OpenSSH for Windows for this to work.

Download the certificates from 123 reg in the IIS format

In the zip file you should find the following files (replace cloudwyse with whatever company name):

  • cloudwyse_iis_intermediates.p7b
  • cloudwyse.crt (identical to .pem file)
  • cloudwyse.pem (identical to crt file)

You will also need the original private key that was created when you first purchased the certificate.  You probably downloaded this as a .txt file. It will contain the private key which will be a hash of encrypted text with —–BEGIN PRIVATE KEY—– at the start and —–END PRIVATE KEY—– at the end of the file.

Step 1 – Change the format of the text file

Open my_rsa_private.txt in Notepad++ and change the encoding from UTF-8-BOM to UTF-8 and save the file.

Change the file extension to .pem so we now have a UTF-8 encoded file named my_rsa_private.pem

Step 2 – Convert PEM to KEY

Step 3 – Convert P7B to CER

Step 4 – Combine the public certificate with the intermediate certs

Open the cloudwyse_iis_intermediates.cer in Notepad++

“Save A Copy” and call it cloudwyse_iis_combined.cer

Open the newly created cloudwyse_iis_combined.cer in Notepad++

Open cloudwyse.crt in Notepad++

Copy everything from cloudwyse.crt (this includes —–BEGIN CERTIFICATE—–, all the hashed text in between and the —–END CERTIFICATE—–)

Go to the top of the cloudwyse_iis_combined.cer file, press return to get a new line and then paste all the text you just copied above the existing root and intermediate certificate information and save the file.

So the file should now contain three certificates that start with —–BEGIN CERTIFICATE—– and end in —–END CERTIFICATE—–

There may also be some text for the intermediate certs detailing the subject name and issuer eg:

subject=C = US, ST = Arizona, L = Scottsdale, O = “Starfield Technologies, Inc.”, OU =, CN = Starfield Secure Certificate Authority – G2

issuer=C = US, ST = Arizona, L = Scottsdale, O = “Starfield Technologies, Inc.”, CN = Starfield Root Certificate Authority – G2

This will be below the certificate we just pasted in.

Step 5 – Convert CER and Private Key to PFX

For this step we will need our combined certificate and the private key.  We will use this to generate the .pfx file.

You will be prompted to enter a password for the .pfx file and then to confirm the password.  You will need these later when importing into your Windows application.

All done!  You know have the full public certificate chain with the root authority, intermediate and your own certificate and your .pfx file for importing into IIS.