I was quite surprised today to find that there is no built in facility to export a SSL certificate through WHM/cPanel. We needed to move the certificate to our Windows network from our Linux box and it wasn’t as straightforward as you may think.
Still after a bot of googling we came up with the following steps to create a pfx file which is simple to import into IIS on Windows:
Step 1 – Get the key/crt files
You can grab these two files by going to cPanel > Manage SSL hosts. Just select the domain you are exporting and cPanel will then display the key and certificate (crt) files
Step 2 – Create the files through SSH
Now this part may be un-required but I couldn’t locate the path to the files so I simply logged into SSH as root and entered the following:
[root@host ~]#nano domain.key
Save and exit (CTRL+X confirm save)
Now you need to repeat this for the certificate file as well.
Step 3 – Create the PFX file for export
OK now you have your crt and key files you need to create a pfx file for the export. For this we just use OpenSSL with the command:
[root@host ~]#openssl pkcs12 -export -out /home/pathtodomain/yourdomain.pfx -inkey yourdomain.key -in yourdomain.crt
You will be asked to set a password and also confirm that password. This will create the pfx file in the domain root.
You can download the generated pfx file and import into IIS.
If you need to go the other way around – importing .pfx and setup using WHM/Cpanel, I couldn’t find much help, so hope this helps someone:
If you’re trying to setup a GoDaddy SSL from a .pfx file in Cpanel or WHM, here are a couple tips:
* first remove any files in the ssl/certs/ and ssl/private/ directories for the account (i.e. home/yoursite/ssl/)
* if you have access to WHM, use the “Manage SSL Hosts” to double check for entries – delete any for the domain in question
* then check the “SSL Key/Crt Manager” – delete anything related to the domain you’re setting up SSL for
* if you followed the instructions above, you’ll have the certs.pem and the now decrypted key.pem, but for GoDaddy you need the CA:
* openssl pkcs12 -in filename.pfx -cacerts -nokeys -out cabundle.pem
* the text in those three .pem files (certs, key, cabundle) is all you need to copy into your SSL install page – crt, key, ca bundle
* for WHM it’s the “Install a SSL Certificate and Setup the Domain” tool
…maybe this is the long way around, but wanted to make sure I used the WHM/Cpanel tools since I don’t know everything it’s doing under the hood.
Yep good response, thanks for the tip 🙂