Bobcares

How to Convert cPanel SSL Certificate in PEM format to PFX

by | Jul 6, 2020

Can you please help me export the SSL certificate installed on my cPanel account? Please convert it from PEM format to PFX format.

This is a support request that we sometimes receive as a part of Our Server Management Services.

PEM format used is the normal SSL file format used in apache Linux operating systems. PFX files are typically used on Windows and macOS machines to import and export certificates and private keys.

Today, let us today discuss the method for this conversion in a cPanel server.

 

Why do we need to convert from PEM format to PFX?

PEM is the most common format used for SSL certificates. As we discussed earlier apache and other similar web servers use the certificates in PEM format. Also, it can be easily translated into readable data using a simple text editor.

However, PFX is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file.  Thus, it would be required to convert the certificate from PEM format to PFX format to export or import the certificates and private keys in Windows and macOS.

 

How to convert from PEM format to PFX?

The first step to convert the SSL certificate from PEM format to PFX format in cPanel would be to obtain the SSL certificate to be exported. The two different methods for it includes:

1. Obtain the combined file from the backend and split it up.

2. Obtain the certificates directly from the cPanel account.

Now, let’s look at each of these steps in detail.

 

Obtain the certificate from cPanel front end:

The SSL certificate installed on a domain can be easily obtained from the SSL/TLS option in cPanel with the steps below

    1. First, log in to cPanel and navigate to SSL/TLS section.
    2. Then, navigate to the “Install an SSL Website”  by clicking on the “Manage SSL sites” option below the “Install and Manage SSL for your site (HTTPS)” section.convert from PEM format to PFX
    3. Next, select a Domain from the required domain and click on Autofill by Domain.convert from PEM format to PFX
    4. The certificate.crt, private.pem and ca.crt contents will be populated here.
    5. Copy the first part of the certificate (CRT) to certificate.crt, the second part (KEY) to private.pem and the third part (CABUNDLE) to ca.crt respectively.

Now, let us look at how to obtain the certificate from the backend.

 

Obtain the certificates from backend:

cPanel combines the certificate, private key, and certificate authority bundle into one single file named “combined”. This exact location of the file is  /var/cpanel/ssl/apache_tls/DOMAINNAME/combined

The “combined” file contains the certificate.crt, private.pem and ca.crt in order.Each “part” starts and end with a bunch of “-” sign. For instance the private key starts and ends with

—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–

Create separate files for each of the certificate, private key, and certificate authority bundle named certificate.crt, private.pem and ca.crt respectively. Then copy the keys from the combined file and paste in their respective individual files. It is important to make sure there are no extra whitespaces or any other characters that are not a part of the certificate.

 

Convert to PFX format

As we now have the keys in separate files, we can now proceed with exporting the whole key into PFX format. OpenSSL command below will perform this conversion:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile ca.crt

For instance,
$ openssl pkcs12 -export -out bobcares.com.pfx -inkey private.pem -in certificate.crt -certfile ca.crt

 

This command will prompt for a password. We need to use a secure random password. Also, we need to note down this password carefully as we will need it while importing the certificate.

Let us now look at a common error message seen during conversion.

 

Common Error Message

A common error message seen during this conversion is “No certificate matches private key”. It generally happens when there is something wrong with the certificate files. This error most probably shows that we have not copied the correct key part or have accidentally included whitespace or another character. The easiest solution would be to just recopy the key into the file.

[Need help to fix SSL errors? We are available 24×7.]

 

Conclusion

In short, the import and export of certificates and private keys on Windows and macOS machines may require the conversion of the SSL Certificate format from PEM to PFX. Today we saw how our Support Engineers perform the conversion from PEM format to PFX format.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF