Look at openssl tooling for unpacking/repacking certificate info.
pkcs7 handling
http://www.openssl.org/docs/apps/pkcs7.htmlpfx file are pkcs12 files:
http://www.openssl.org/docs/apps/pkcs12.htmlFor a service you need the Private Key + Certificate (=IIS)
For validation you only need the Certificate. (This is the Public Key + its CA -signature).