Call Us! [visitorlocation]
Call Us! [visitorlocation]

add SSL


How to Convert cPanel SSL Certificate in PEM format to PFX

Can you please help me export the SSL certificate installed on my cPanel account? Please convert it from PEM format to PFX format.

This is a support request that we sometimes receive as a part of Our Server Management Services.

PEM format used is the normal SSL file format used in apache Linux operating systems. PFX files are typically used on Windows and macOS machines to import and export certificates and private keys.

Today, let us today discuss the method for this conversion in a cPanel server.

 

Why do we need to convert from PEM format to PFX?

PEM is the most common format used for SSL certificates. As we discussed earlier apache and other similar web servers use the certificates in PEM format. Also, it can be easily translated into readable data using a simple text editor.

However, PFX is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file.  Thus, it would be required to convert the certificate from PEM format to PFX format to export or import the certificates and private keys in Windows and macOS.

 

How to convert from PEM format to PFX?

The first step to convert the SSL certificate from PEM format to PFX format in cPanel would be to obtain the SSL certificate to be exported. The two different methods for it includes:

1. Obtain the combined file from the backend and split it up.

2. Obtain the certificates directly from the cPanel account.

Now, let’s look at each of these steps in detail.

 

Obtain the certificate from cPanel front end:

The SSL certificate installed on a domain can be easily obtained from the SSL/TLS option in cPanel with the steps below

    1. First, log in to cPanel and navigate to SSL/TLS section.
    2. Then, navigate to the “Install an SSL Website”  by clicking on the “Manage SSL sites” option below the “Install and Manage SSL for your site (HTTPS)” section.convert from PEM format to PFX
    3. Next, select a Domain from the required domain and click on Autofill by Domain.convert from PEM format to PFX
    4. The certificate.crt, private.pem and ca.crt contents will be populated here.
    5. Copy the first part of the certificate (CRT) to certificate.crt, the second part (KEY) to private.pem and the third part (CABUNDLE) to ca.crt respectively.

Now, let us look at how to obtain the certificate from the backend.

 

Obtain the certificates from backend:

cPanel combines the certificate, private key, and certificate authority bundle into one single file named “combined”. This exact location of the file is  /var/cpanel/ssl/apache_tls/DOMAINNAME/combined

The “combined” file contains the certificate.crt, private.pem and ca.crt in order.Each “part” starts and end with a bunch of “-” sign. For instance the private key starts and ends with

—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–

Create separate files for each of the certificate, private key, and certificate authority bundle named certificate.crt, private.pem and ca.crt respectively. Then copy the keys from the combined file and paste in their respective individual files. It is important to make sure there are no extra whitespaces or any other characters that are not a part of the certificate.

 

Convert to PFX format

As we now have the keys in separate files, we can now proceed with exporting the whole key into PFX format. OpenSSL command below will perform this conversion:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile ca.crt

For instance,
$ openssl pkcs12 -export -out bobcares.com.pfx -inkey private.pem -in certificate.crt -certfile ca.crt

 

This command will prompt for a password. We need to use a secure random password. Also, we need to note down this password carefully as we will need it while importing the certificate.

Let us now look at a common error message seen during conversion.

 

Common Error Message

A common error message seen during this conversion is “No certificate matches private key”. It generally happens when there is something wrong with the certificate files. This error most probably shows that we have not copied the correct key part or have accidentally included whitespace or another character. The easiest solution would be to just recopy the key into the file.

[Need help to fix SSL errors? We are available 24×7.]

 

Conclusion

In short, the import and export of certificates and private keys on Windows and macOS machines may require the conversion of the SSL Certificate format from PEM to PFX. Today we saw how our Support Engineers perform the conversion from PEM format to PFX format.

Install SSL certificate on Apache with Webmin – Related errors and fixes

SSL is one of the standard technology to authenticate and encrypt communication between clients and servers.

Also, SSL encrypts network traffic so that an attacker cannot listen to sensitive information like passwords and credit card numbers on the network.

In some control panels like Webmin, there is a feature to install SSL certificate on Apache to secure website sensitive data.

At Bobcares, we often get requests from our customers to install and configure SSL certificate on Apache with Webmin as part of our Server Management Services.

Today, we’ll see how our Support Engineers install and configure SSL certificate on Apache with Webmin and fix the related errors.

(more…)