.KEY + .CRT + .CA_BUNDLE => .PFX / .P12 (.PFX and .P12 use the same PKCS#12 format!)
*PositiveSSL* *RapidSSL* *DigiCert S/MIME*

.key *:
.crt *OR* ServerCertificate.cer *:
.ca-bundle / DigiCertCA.crt (optional):
Password for PFX *: (Attention: special characters like +äöü etc. are NOT supported!)
 


On Windows you can simply run:
certutil -mergepfx input.p7b output.pfx
Please take note this will require two (!) input files: input.p7b as well as input.key that certutil will automatically be looking for. Certutil will be asking you to choose a password to protect the resulting output.pfx file. It may be installed by double clicking in Windows Explorer and may then be assigned in IIS/Exchange server bindings. For S/MIME certificates the .pfx file may be configured/imported inside Outlook.


Alternatively, you can use OpenSSL:
Download OpenSSL Binaries


OpenSSL Command Line .P7B + .KEY -> .PFX:
openssl pkcs7 -print_certs -in cert.p7b -out cert.cer
openssl pkcs12 -export -in cert.cer -inkey cert.key -out cert.pfx -certfile CACert.cer


OpenSSL Command Line .CER + .KEY -> .PFX:
openssl pkcs12 -export -in cert.cer -inkey private.key -out cert.pfx -certfile CACert.cer


OpenSSL Command Line .CRT + .KEY + .CA_BUNDLE -> .PFX:
# PositiveSSL:
openssl pkcs12 -export -in cert.crt -inkey private.key -out cert.pfx -certfile cert.ca_bundle

# RapidSSL:
openssl pkcs12 -export -in ServerCert.cer -inkey private.key -out cert.pfx -certfile CABundle.ca-bundle


OpenSSL Command Line .CRT + .KEY + COMODORSADomainValidationSecureServerCA.crt + COMODORSAAddTrustCA.crt -> .PFX:
# Certificates issued after Jan 14th 2019, use this command:
openssl pkcs12 -export -in cert.crt -inkey private.key -out cert.pfx \
  -certfile SectigoRSADomainValidationSecureServerCA.crt -certfile USERTrustRSAAddTrustCA.crt

# Certificates issued before Jan 14th 2019, use this command:
openssl pkcs12 -export -in cert.crt -inkey private.key -out cert.pfx \
  -certfile COMODORSADomainValidationSecureServerCA.crt -certfile COMODORSAAddTrustCA.crt


OpenSSL Command Line .PFX -> .CRT / .KEY
openssl pkcs12 -in cert.pfx -nocerts -out cert.key
openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt
openssl pkcs12 -in cert.pfx -nodes -nokeys -passin pass:mypassword -out ca_bundle.pem