IIS 4 certificate files usually contain both the private key and public certificate for SSL. To convert these to RSA private key and x.509 public certificates from NET to DER format, you need to manually edit the binary key file as documented on te’s site then run the following OpenSSL commands:
# openssl rsa -inform NET -in iisfile.key -out private.pem<br># openssl x509 -inform NET -in iisfile.key -out public.crt
Eck…no thanks. The te site skips over pulling out the public certificate (yes, I know you could actual just get the certificate from within a browser, but do that for 50+ certificates). Anyways, the following perl script will located the magic hex number “30 82” followed closely by with the string certificate0, copy all the file from that point on to a tmp file, and then make a system call to OpenSSL (must be in your path on Windows platform) to convert it to x.509 formated. Example:
# perl key_to_crt.pl file1.key file2.key ...
Where file1.key ect are the IIS4 pfx key files to extract the public crt in DER format. Get a copy of OpenSSL for Windows http://gnuwin32.sourceforge.net/packages/openssl.htm. Make sure to renamed the two dll files under the bin directory before running the script.