After obtaining a certificate and verifying your domain, GoDaddy will supply you with the following files:

generated-private-key.txt
generated-csr.txt
Security Certificate.crt
(“Security Certificate” would be replaced with random characters)

You should be logged into Windows as an account with administrative privileges for these steps to work.

1. Place those files in a new folder, for example C:\Users\BettsM06\Documents\key-conv

2. Install OpenSSL, you can use Win64 OpenSSL v3.0.0 from this site:
   https://slproweb.com/products/Win32OpenSSL.html

3. Open command prompt, use the change directory command to enter your new folder, for example: cd C:\Users\BettsM06\Documents\key-conv

4. Enter the following command: openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in Security Certificate.crt
   *replace “Security Certificate” with the actual name of that .crt file

5. You will be prompted to enter a password.
   *Ensure that you store it somewhere safe, you will need it every time when opening the pfx file.

6. The certificate.pfx will now be in your new folder.

To grant read access to select Windows users that VTScada will be running under:

Double-click on the certificate.pfx to use the import wizard and store it in the Computer Account of the Microsoft Management Console. From within the MMC, right-click on the certificate, select “Manage Private Keys” and add in the Windows users that VTScada will be running under, make sure they have the “read access” privilege.

You can also use the built in Windows utility certutil to do this.

There are some prerequisites:

• The private key file MUST have .KEY extension;
• The certificate and private key files MUST have the same base file name (file name excluding extension);
• The certificate and private key file must be placed in the same directory.

Then use:

certutil -MergePFX certfile.cer certfile.pfx

replacing certfile as required.