CloudFlare Dedicated SSL to IIS

Hi, I’ve bought a dedicated wildcard SSL certificate from the CF control panel. I’m trying to install it on IIS 6.1.

I’ve tried a myriad of different things, converting formats with OpenSSL and I can’t get it to recognise it as a valid certificate.

To import a certificate, it needs to be .pfx
To complete a CSR request, the file provided needs to be .cer

CF doesn’t provide files, just the raw keys to make the certificates. I’ve followed their guide for IIS but it just takes me to Digicert’s website where the advice is not tailored to CF’s format.

CF offers to generate a CSR and just give you the cert key and the private key but then you have to convert that to RSA private key and then bundle both of those into a pfx or cer file? And what of the CA key?

You can provide your own CSR but that only gets me as far as needing to complete the CSR myself in IIS.

Can anyone help with a few simple steps to get it into IIS?

Any advice appreciated!

You bought a dedicated certificate or you got a free origin certificate? The former cannot be installed on your server, only the latter.

I bought a dedicated certificate. Is there anywhere I can read more about this? Is it possible to buy a certificate that can be installed on a server or would the free one suffice? I’d need it to be a wildcard certificate that can be used on approx 10 different sub-domains (different servers for each sub-domain)

The dedicated certificates Cloudflare sells are exclusively for their own edge server in the context of your domain. You cant obtain them. You will need a free origin certificate, which - however - is only valid in a proxied Cloudflare context and not outside of that. If you need a certificate which is valid in all cases you will need to go for Lets Encrypt or any other paid one.