Navigating SSL Certificate Conversion: Sectigo CRT Files to PFX Format


I’ve recently acquired a Sectigo SSL Certificate through a reseller. The package included four CRT files: the root, intermediate, and SSL certificates. Could you guide me on how to convert these CRT files into a PFX format suitable for use with IIS and an F5 Load Balancer?

The files I received are:

  • AAACertificateServices.crt
  • SectigoRSADomainValidationSecureServerCA.crt
  • domain_com.crt
  • Thank



When you receive a set of CRT files as part of your SSL certificate purchase, it’s essential to convert them into a format that is compatible with your server setup. For servers like IIS and load balancers like F5, the PFX format is required. This article will guide you through the process of converting your Sectigo SSL Certificate CRT files into a PFX file.

Step-by-Step Guide


Gather Your CRT Files

Ensure you have all the necessary CRT files:

  • AAACertificateServices.crt (Root certificate)
  • SectigoRSADomainValidationSecureServerCA.crt (Intermediate certificate)
  • domain_com.crt (Your domain’s SSL certificate)
  • USERTrustRSAAAACA.crt (Additional intermediate certificate)
  • 2.

Combine Your Certificates

You need to combine your domain’s SSL certificate (domain_com.crt) with the intermediate and root certificates into a single file. This can be done using a text editor. The order should be:

  • Your domain’s SSL certificate
  • Intermediate certificates
  • Root certificate
  • 3.

Convert to PFX

Use the OpenSSL toolkit to convert the combined CRT files into a PFX file. The command will look something like this: “`shell openssl pkcs12 -export -out domain_com.pfx -inkey domain_com.key -in domain_com.crt -certfile additional_certs.crt “` Replace `domain_com.key` with your private key file and `additional_certs.crt` with the combined file of intermediate and root certificates.


Import to IIS

Once you have your PFX file, you can import it into IIS:

  • Open IIS Manager.
  • Go to the server certificates section.
  • Click on “Import” and select your PFX file.
  • 5.

Deploy to F5 Load Balancer

For F5, you’ll upload the PFX file to the load balancer and then assign it to the relevant virtual server:

  • Log into the F5 BIG-IP Configuration utility.
  • Navigate to the SSL certificate list.
  • Upload your PFX file and link it to your service.


Converting CRT files to PFX format is a straightforward process that involves combining your certificates and using OpenSSL to create the PFX file. Once converted, you can easily import this file into IIS and deploy it on an F5 Load Balancer, ensuring secure connections for your users.


: Always keep your private keys secure and never share them publicly. If you encounter any issues during the conversion process, ensure that the OpenSSL toolkit is properly installed and that you have the correct permissions to execute the commands.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us