You will need to use openssl.

您将需要使用 openssl。

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

The key file is just a text file with your private key in it.

密钥文件只是一个文本文件，其中包含您的私钥。

If you have a root CA and intermediate certs, then include them as well using multiple -inparams

如果您有根 CA 和中间证书，那么也使用多个-in参数包含它们

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt

You can install openssl from here: openssl

您可以从这里安装 openssl：openssl

The Microsoft Pvk2Pfx command line utility seems to have the functionality you need:

Microsoft Pvk2Pfx 命令行实用程序似乎具有您需要的功能：

Pvk2Pfx (Pvk2Pfx.exe) is a command-line tool copies public key and private key information contained in .spc, .cer, and .pvk files to a Personal Information Exchange (.pfx) file.
http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672(v=vs.85).aspx

Pvk2Pfx (Pvk2Pfx.exe) 是一种命令行工具，可将 .spc、.cer 和 .pvk 文件中包含的公钥和私钥信息复制到个人信息交换 (.pfx) 文件中。
http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672(v=vs.85).aspx

Note: if you need/want/prefer a C# solution, then you may want to consider using the http://www.bouncycastle.org/api.

注意：如果您需要/想要/喜欢 C# 解决方案，那么您可能需要考虑使用http://www.bouncycastle.org/api。

If you're looking for a Windows GUI, check out DigiCert. I just used this and it was fairly simple.

如果您正在寻找 Windows GUI，请查看 DigiCert。我刚刚使用了这个，它相当简单。

Under the SSL tab, I first Imported the Certificate. Then once I selected the Certificate I was able to export as a PFX, both with and without a keyfile.

在 SSL 选项卡下，我首先导入了证书。然后一旦我选择了证书，我就可以导出为 PFX，无论有没有密钥文件。

https://www.digicert.com/util

https://www.digicert.com/util

You do NOT need openssl or makecert or any of that. You also don't need the personal key given to you by your CA. I can almost guarantee that the problem is that you expect to be able to use the key and cer files provided by your CA but they aren't based on "the IIS way". I'm so tired of seeing bad and difficult info out here that I decided to blog the subject and the solution. When you realize what's going on and see how easy it is, you will want to hug me :)

您不需要 openssl 或 makecert 或任何一个。您也不需要 CA 给您的个人密钥。我几乎可以保证问题在于您希望能够使用 CA 提供的密钥和 cer 文件，但它们不是基于“IIS 方式”。我厌倦了在这里看到不好的和困难的信息，所以我决定把这个主题和解决方案写在博客上。当你意识到发生了什么并看到它是多么容易时，你会想要拥抱我:)

SSL Certs for IIS with PFX once and for all - SSL and IIS Explained - http://rainabba.blogspot.com/2014/03/ssl-certs-for-iis-with-pfx-once-and-for.html

带有 PFX 的 IIS 的 SSL 证书一劳永逸 - SSL 和 IIS 解释 - http://rainabba.blogspot.com/2014/03/ssl-certs-for-iis-with-pfx-once-and-for.html

Use IIS "Server Certificates" UI to "Generate Certificate Request" (the details of this request are out of the scope of this article but those details are critical). This will give you a CSR prepped for IIS. You then give that CSR to your CA and ask for a certificate. Then you take the CER/CRT file they give you, go back to IIS, "Complete Certificate Request" in the same place you generated the request. It may ask for a .CER and you might have a .CRT. They are the same thing. Just change the extension or use the .extension drop-down to select your .CRT. Now provide a proper "friendly name" (*.yourdomain.com, yourdomain.com, foo.yourdomain.com, etc..) THIS IS IMPORTANT! This MUST match what you setup the CSR for and what your CA provided you. If you asked for a wildcard, your CA must have approved and generated a wildcard and you must use the same. If your CSR was generated for foo.yourdomain.com, you MUST provide the same at this step.

使用 IIS“服务器证书”UI 来“生成证书请求”（此请求的详细信息超出了本文的范围，但这些详细信息至关重要）。这将为您提供为 IIS 准备的 CSR。然后，您将该 CSR 提供​​给您的 CA 并要求提供证书。然后你拿到他们给你的 CER/CRT 文件，回到 IIS，在你生成请求的同一个地方“完成证书请求”。它可能要求 .CER，而您可能有 .CRT。他们是一样的东西。只需更改扩展名或使用.扩展名下拉菜单以选择您的 .CRT。现在提供一个正确的“友好名称”（*.yourdomain.com、yourdomain.com、foo.yourdomain.com 等）这很重要！这必须与您设置 CSR 的内容以及您的 CA 为您提供的内容相匹配。如果您要求使用通配符，则您的 CA 必须已经批准并生成了一个通配符，并且您必须使用它。如果您的 CSR 是为 foo.yourdomain.com 生成的，则您必须在此步骤中提供相同的内容。

I created .pfx file from .key and .pem files.

我从 .key 和 .pem 文件创建了 .pfx 文件。

Like this openssl pkcs12 -inkey rootCA.key -in rootCA.pem -export -out rootCA.pfx

像这样 openssl pkcs12 -inkey rootCA.key -in rootCA.pem -export -out rootCA.pfx

https://msdn.microsoft.com/en-us/library/ff699202.aspx

https://msdn.microsoft.com/en-us/library/ff699202.aspx

(( relevant quotes from the article are below ))

（（文章的相关引述如下））

Next, you have to create the .pfx file that you will use to sign your deployments. Open a Command Prompt window, and type the following command:

PVK2PFX –pvk yourprivatekeyfile.pvk –spc yourcertfile.cer –pfx yourpfxfile.pfx –po yourpfxpassword

where:

• pvk - yourprivatekeyfile.pvk is the private key file that you created in step 4.
• spc - yourcertfile.cer is the certificate file you created in step 4.
• pfx - yourpfxfile.pfx is the name of the .pfx file that will be creating.
• po - yourpfxpassword is the password that you want to assign to the .pfx file. You will be prompted for this password when you add the .pfx file to a project in Visual Studio for the first time.

接下来，您必须创建用于签署部署的 .pfx 文件。打开命令提示符窗口，然后键入以下命令：

PVK2PFX –pvk yourprivatekeyfile.pvk –spc yourcertfile.cer –pfx yourpfxfile.pfx –po yourpfxpassword

在哪里：

• pvk - yourprivatekeyfile.pvk 是您在步骤 4 中创建的私钥文件。
• spc - yourcertfile.cer 是您在步骤 4 中创建的证书文件。
• pfx - yourpfxfile.pfx 是将要创建的 .pfx 文件的名称。
• po - yourpfxpassword 是您要分配给 .pfx 文件的密码。首次将 .pfx 文件添加到 Visual Studio 中的项目时，系统将提示您输入此密码。

(Optionally (and not for the OP, but for future readers), you can create the .cer and .pvk file from scratch) (you would do this BEFORE the above). Note the mm/dd/yyyy are placeholders for start and end dates. see msdn article for full documentation.

（可选（不是针对 OP，而是针对未来的读者），您可以从头开始创建 .cer 和 .pvk 文件（您可以在上述操作之前执行此操作）。请注意 mm/dd/yyyy 是开始和结束日期的占位符。有关完整文档，请参阅 msdn 文章。

makecert -sv yourprivatekeyfile.pvk -n "CN=My Certificate Name" yourcertfile.cer -b mm/dd/yyyy -e mm/dd/yyyy -r

You need to use the makecert tool.

您需要使用 makecert 工具。

Open a command prompt as admin and type the following:

以管理员身份打开命令提示符并键入以下内容：

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

Where <CertifcateName>= the name of your cert to create.

where <CertifcateName>= 要创建的证书的名称。

Then you can open the Certificate Manager snap-in for the management console by typing certmgr.msc in the Start menu, click personal > certificates > and your cert should be available.

然后，您可以通过在“开始”菜单中键入 certmgr.msc 来打开管理控制台的证书管理器管理单元，单击个人 > 证书 > 并且您的证书应该可用。

Here is an article.

这是一篇文章。

https://azure.microsoft.com/documentation/articles/cloud-services-certs-create/

https://azure.microsoft.com/documentation/articles/cloud-services-certs-create/

I got a link with your requirement.Combine CRT and KEY Files into a PFX with OpenSSL

我得到了你的要求的链接。使用 OpenSSL 将 CRT 和 KEY 文件组合成 PFX

Extracts from the above link:

摘自上述链接：

First we need to extract the root CA certificate from the existing .crt file, because we need this later. So open up the .crt and click on the Certification Path tab.

Click the topmost certificate (In this case VeriSign) and hit View Certificate. Select the Details tab and hit Copy to File…

Select Base-64 encoded X.509 (.CER) certificate Save it as rootca.cer or something similar. Place it in the same folder as the other files.

Rename it from rootca.cer to rootca.crt Now we should have 3 files in our folder from which we can create a PFX file.

Here is where we need OpenSSL. We can either download and install it on Windows, or simply open terminal on OSX.

首先我们需要从现有的 .crt 文件中提取根 CA 证书，因为我们稍后需要它。因此，打开 .crt 并单击“认证路径”选项卡。

单击最上面的证书（在本例中为 VeriSign）并点击查看证书。选择详细信息选项卡并点击复制到文件...

选择 Base-64 编码的 X.509 (.CER) 证书 将其另存为 rootca.cer 或类似内容。将它放在与其他文件相同的文件夹中。

将它从 rootca.cer 重命名为 rootca.crt 现在我们的文件夹中应该有 3 个文件，我们可以从中创建一个 PFX 文件。

这就是我们需要 OpenSSL 的地方。我们可以在 Windows 上下载并安装它，或者只需在 OSX 上打开终端。

EDIT:

编辑：

1. There is a support link with step by step information on how to do install the certificate.

2. After successfully install, export the certificate, choose .pfxformat, include private key.

   Important Note:: To export the certificate in .pfx format you need to follow the steps on the same machine from which you have requested the certificate.

3. The imported file can be uploaded to server.

1. 有一个支持链接，其中包含有关如何安装证书的分步信息。

2. 安装成功后，导出证书，选择.pfx格式，包含私钥。

   重要说明：：要以 .pfx 格式导出证书，您需要在请求证书的同一台机器上执行以下步骤。

3. 导入的文件可以上传到服务器。

This is BY FAR the easiest way to convert *.cer to *.pfx files:

这是迄今为止将 *.cer 转换为 *.pfx 文件的最简单方法：

Just download the portable certificate converter from DigiCert: https://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm

只需从 DigiCert 下载便携式证书转换器：https: //www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm

Execute it, select a file and get your *.pfx!!

执行它，选择一个文件并得到你的 *.pfx ！！

When you say the certificate is available in MMC, is it available under "Current User" or "Local Computer"? I've found that I can only export the private key if it is under Local Computer.

当您说证书在 MMC 中可用时，它在“当前用户”或“本地计算机”下可用吗？我发现只有在本地计算机下才能导出私钥。

You can add the snap in for Certificates to MMC and choose which account it should manage certificates for. Choose Local Computer. If your certificate is not there, import it by right clicking the store and choosing All Tasks > Import.

您可以将证书的管理单元添加到 MMC 并选择它应该为其管理证书的帐户。选择本地计算机。如果您的证书不在那里，请通过右键单击商店并选择所有任务 > 导入来导入它。

Now navigate to your imported certificate under the Local Computer version of the certificate snap in. Right click the certificate and choose All Tasks > Export. The second page of the export wizard should ask if you want to export the private key. Select Yes. The PFX option will now be the only one available (it is grayed out if you select no and the option to export the private key isn't available under the Current User account).

现在导航到证书管理单元的本地计算机版本下的导入证书。右键单击证书并选择所有任务 > 导出。导出向导的第二页应询问您是否要导出私钥。选择是。PFX 选项现在将是唯一可用的选项（如果您选择 no 并且导出私钥的选项在当前用户帐户下不可用，则它会变灰）。

You'll be asked to set a password for the PFX file and then to set the certificate name.

系统会要求您为 PFX 文件设置密码，然后设置证书名称。