Bobcares
Client Area
Emergency Support
Latest | Server Management

How to Convert cPanel SSL Certificate in PEM format to PFX

by | Jul 6, 2020

Can you please help me export the SSL certificate installed on my cPanel account? Please convert it from PEM format to PFX format.

This is a support request that we sometimes receive as a part of Our Server Management Services.

PEM format used is the normal SSL file format used in apache Linux operating systems. PFX files are typically used on Windows and macOS machines to import and export certificates and private keys.

Today, let us today discuss the method for this conversion in a cPanel server.

 

Why do we need to convert from PEM format to PFX?

PEM is the most common format used for SSL certificates. As we discussed earlier apache and other similar web servers use the certificates in PEM format. Also, it can be easily translated into readable data using a simple text editor.

However, PFX is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file.  Thus, it would be required to convert the certificate from PEM format to PFX format to export or import the certificates and private keys in Windows and macOS.

 

How to convert from PEM format to PFX?

The first step to convert the SSL certificate from PEM format to PFX format in cPanel would be to obtain the SSL certificate to be exported. The two different methods for it includes:

1. Obtain the combined file from the backend and split it up.

2. Obtain the certificates directly from the cPanel account.

Now, let’s look at each of these steps in detail.

 

Obtain the certificate from cPanel front end:

The SSL certificate installed on a domain can be easily obtained from the SSL/TLS option in cPanel with the steps below

    1. First, log in to cPanel and navigate to SSL/TLS section.
    2. Then, navigate to the “Install an SSL Website”  by clicking on the “Manage SSL sites” option below the “Install and Manage SSL for your site (HTTPS)” section.convert from PEM format to PFX
    3. Next, select a Domain from the required domain and click on Autofill by Domain.convert from PEM format to PFX
    4. The certificate.crt, private.pem and ca.crt contents will be populated here.
    5. Copy the first part of the certificate (CRT) to certificate.crt, the second part (KEY) to private.pem and the third part (CABUNDLE) to ca.crt respectively.

Now, let us look at how to obtain the certificate from the backend.

 

Obtain the certificates from backend:

cPanel combines the certificate, private key, and certificate authority bundle into one single file named “combined”. This exact location of the file is  /var/cpanel/ssl/apache_tls/DOMAINNAME/combined

The “combined” file contains the certificate.crt, private.pem and ca.crt in order.Each “part” starts and end with a bunch of “-” sign. For instance the private key starts and ends with

—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–

Create separate files for each of the certificate, private key, and certificate authority bundle named certificate.crt, private.pem and ca.crt respectively. Then copy the keys from the combined file and paste in their respective individual files. It is important to make sure there are no extra whitespaces or any other characters that are not a part of the certificate.

 

Convert to PFX format

As we now have the keys in separate files, we can now proceed with exporting the whole key into PFX format. OpenSSL command below will perform this conversion:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile ca.crt

For instance,
$ openssl pkcs12 -export -out bobcares.com.pfx -inkey private.pem -in certificate.crt -certfile ca.crt

 

This command will prompt for a password. We need to use a secure random password. Also, we need to note down this password carefully as we will need it while importing the certificate.

Let us now look at a common error message seen during conversion.

 

Common Error Message

A common error message seen during this conversion is “No certificate matches private key”. It generally happens when there is something wrong with the certificate files. This error most probably shows that we have not copied the correct key part or have accidentally included whitespace or another character. The easiest solution would be to just recopy the key into the file.

[Need help to fix SSL errors? We are available 24×7.]

 

Conclusion

In short, the import and export of certificates and private keys on Windows and macOS machines may require the conversion of the SSL Certificate format from PEM to PFX. Today we saw how our Support Engineers perform the conversion from PEM format to PFX format.

Related posts:

  1. Error 421 misdirected request and how we fix it
  2. How to enable ssl in WAMP server?
  3. SSL3_READ_BYTES: SSLV3 alert handshake failure – How to fix?
  4. How to configure Jenkins with SSL using an Nginx reverse proxy?

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Error 421 misdirected request and how we fix it
  2. How to enable ssl in WAMP server?
  3. SSL3_READ_BYTES: SSLV3 alert handshake failure – How to fix?
  4. How to configure Jenkins with SSL using an Nginx reverse proxy?

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF