How to export SSL from cPanel with .pfx

webdsn

Active Member
Mar 4, 2018
41
2
8
Taiwan
cPanel Access Level
Root Administrator
I have one server use cpanel with linux OS
but I have one account need export SSL Certificate to windows server

I saw some teaching post say use this command with root

openssl pkcs12 -export -out /backup/domain_name.pfx -inkey /etc/ssl/private/domain_name.key -in /etc/ssl/certs/domain_name.crt
but in my server I do not find these file
/etc/ssl/private/domain_name.key
/etc/ssl/certs/domain_name.crt
I can confirm these Certificate already installed

In fact I do not find the domain key or crt file in /etc/ssl/certs/ or /etc/ssl/private
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello @webdsn,

Certificates are not stored as .crt or .key files in cPanel & WHM. You can find the combined key and certificate in the following file:

Code:
/var/cpanel/ssl/apache_tls/domain.tld/combined
Replace "domain.tld" with the domain name of the certificate and key you want to obtain. You can then manually copy the certificate and key text into individual .crt and .key files in order to run that command.

Thank you.
 

webdsn

Active Member
Mar 4, 2018
41
2
8
Taiwan
cPanel Access Level
Root Administrator
Hello @webdsn,

Certificates are not stored as .crt or .key files in cPanel & WHM. You can find the combined key and certificate in the following file:

Code:
/var/cpanel/ssl/apache_tls/domain.tld/combined
Replace "domain.tld" with the domain name of the certificate and key you want to obtain. You can then manually copy the certificate and key text into individual .crt and .key files in order to run that command.

Thank you.
Thanks your reply

I already found that file

But I saw several sets of encoded content in this file
one start by BEGIN RSA PRIVATE KEY
and three start by BEGIN CERTIFICATE

I don't know which part is .key or .crt file

In addition, I searched for some teaching articles to use this command to generate PFX files.
Is this directive wrong or not applicable?
openssl pkcs12 -export -out /backup/domain_name.pfx -inkey /etc/ssl/private/domain_name.key -in /etc/ssl/certs/domain_name.crt
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
But I saw several sets of encoded content in this file
one start by BEGIN RSA PRIVATE KEY
and three start by BEGIN CERTIFICATE

I don't know which part is .key or .crt file
Hello @webdsn,

The following content is for the .key file:

Code:
-----BEGIN RSA PRIVATE KEY-----
CONTENTHERE
-----END RSA PRIVATE KEY-----
The following content is for the .crt file:

Code:
-----BEGIN CERTIFICATE-----
CONTENTHERE
-----END CERTIFICATE-----
In addition, I searched for some teaching articles to use this command to generate PFX files. Is this directive wrong or not applicable?
That command should work as long as you manually separate out the data from the combined file into individual .key and .crt files.

Thank you.
 

webdsn

Active Member
Mar 4, 2018
41
2
8
Taiwan
cPanel Access Level
Root Administrator
Hello @webdsn,

The following content is for the .key file:

Code:
-----BEGIN RSA PRIVATE KEY-----
CONTENTHERE
-----END RSA PRIVATE KEY-----
The following content is for the .crt file:

Code:
-----BEGIN CERTIFICATE-----
CONTENTHERE
-----END CERTIFICATE-----


That command should work as long as you manually separate out the data from the combined file into individual .key and .crt files.

Thank you.
Thanks your reply
I will try this~