(PowerShell) Convert Let's Encrypt PEM Files to a PFX

Demonstrates how to convert the .pem files provided by Let's Encrypt to a single PFX.

Chilkat .NET Downloads Chilkat .NET Assemblies

Add-Type -Path "C:\chilkat\ChilkatDotNet47-9.5.0-x64\ChilkatDotNet47.dll"

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Let's Encrypt provides four .pem files
# 1. fullchain.pem
# 2. privkey.pem
# 3. cert.pem
# 4. chain.pem

# The cert.pem and chain.pem are redundant. 
# The fullchain.pem is composed of the cert.pem and chain.pem.

# To convert the PEM's to a single .pfx, we don't need the redundant data.
# The privkey.pem and fullchain.pem provide the required data.
# We can ignore cert.pem and chain.pem (because those certs are already found in fullchain.pem).

# We need a single .pem file that contains both the private key, the cert,
# and the certs in the chain of authentication.
# Let's combine priveky.pem and fullchain.pem into a single .pem

$sbPem = New-Object Chilkat.StringBuilder
$success = $sbPem.LoadFile("qa_data/pem/lets_encrypt/privkey.pem","utf-8")
if ($success -eq $false) {
    $("Failed to load privkey.pem")
    exit
}

# To be safe, append a blank line..
$sbPem.AppendLine("",$false)

$sbFullChainPem = New-Object Chilkat.StringBuilder
$success = $sbFullChainPem.LoadFile("qa_data/pem/lets_encrypt/fullchain.pem","utf-8")
if ($success -eq $false) {
    $("Failed to load fullchain.pem")
    exit
}

# Append the full cert chain PEM to the private key PEM.
$sbPem.AppendSb($sbFullChainPem)

# Load the combined PEM into a Chilkat PFX object.
$pfx = New-Object Chilkat.Pfx
$success = $pfx.LoadPem($sbPem.GetAsString(),"no password required")
if ($success -eq $false) {
    $($pfx.LastErrorText)
    exit
}

# Write the PFX w/ a password.
$pfxPassword = "secret"
$success = $pfx.ToFile($pfxPassword,"qa_output/sample.pfx")
if ($success -eq $false) {
    $($pfx.LastErrorText)
    exit
}

$("Success!")