Easy way to convert cPanel SSL Certificate from PEM format to PFX

I am having difficulty in exporting the SSL Certificate from my cPanel account.
Can you convert it from PEM format to PFX format?

We sometimes get such support request as stated above as part of our Technical Support Services.

In this context, we shall outline the best way by which this conversion can be done successfully.

Why is the conversion of Certificates from PEM format to PFX important?

PEM is the widely used format for SSL certificates. As earlier stated, most web servers such as Apache have their SSL certificates in PEM format. This format can be easily read via any Text editor.

On the other hand, PFX which is a binary format which holds all the Certificate data in a single file. It holds the Certificates as well as the private key in an encrypt format. 

Thus, in order to be able to import and export the certificate in Windows and macOS, it must be converted from PEM format to PFX format.

How can you convert from PEM to PFX format?

To convert an SSL certificate from PEM to PFX format in cPanel, you first have to obtain the SSL certificate which will be exported. There are two ways of obtaining the SSL. They are;

1. Obtaining the certificates directly from the cPanel client area.

2. Obtaining the combined file from the cPanel/WHM Backend area and splitting it up.

We will look into these procedures one after the order to make it clear.

Obtaining the certificates directly from the cPanel client area.

By using this method, simply log into the cPanel client area and navigate to the SSL/TLS section. Do the following to achieve this;

1. To begin, Log into the cPanel area and go to the SSL/TLS area.

2. Next, locate the "Install an SSL Website" which is in the "Manage SSL sites" Section. This is directly below the "Install and Manage SSL for your site (HTTPS)" area.

3. Then you can select the concerned domain and click the "Autofill by Domain" button.

4. You will see that the "ca.crt", "certificate.crt", and "private.pem" data will be displayed on your screen.

5. You can now copy the various SSL data individually. The very first part of the certificate (CRT) is referred as "certificate.crt" , the next one, the "KEY" is referred as "private.pem" and finally the (CABUNDLE) is referred as "ca.crt" respectively.

Obtaining the combined file from the cPanel/WHM Backend area.

In cPanel, the certificate, private key and certificate authority bundle is merged in one single file called "combined". This file is located in the "/var/cpanel/ssl/apache_tls/DOMAINNAME/combined" directory.

This file contains all the certificate components in a single file but distinguished in a comment individually.

It is then important to separate into 3 different files accordingly.

Final Conversion to PFX format

Since you have separated the file into different files, they can be exported as PFX format. To do this conversion, use the OpenSSL command below;

$ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile ca.crt

For instance,

$ openssl pkcs12 -export -out domain.com.pfx -inkey private.pem -in certificate.crt -certfile ca.crt

As soon as the command is run, a password prompt will pop up and you have to enter a password and keep it safe as this will be required while performing the certificate import action.

An error message might be displayed during the conversion process.

Error Message during the Conversion Process

It is common to see an error message "No certificate matches private key". This occurs when there is an error in the certificates. It could be possible that the contents of the certificates was not copied properly as white space might have been included. Therefore to resolve this, you have to remove any unnecessary white spacing in the files.

[Need support to fix  SSL Certificate errors? We are here to help you.

You can see that a conversion from PEM to PFX format is very vital while doing importing and exporting of SSL Certificate.

This task might require Technical Support.

If you are not familiar with Server administering and would like our professionals to handle this task on your behalf, contact Professional Services team Now.


pem is a de-facto file format called Privacy-Enhanced Mail. These are interchangeable file extensions for the PKCS#12 format. 

Technically, PKCS#12 is the successor to Microsoft's PFX format, but they have become interchangeable. PKCS#12 files are archives for cryptographic material.

PKCS#12 (also known as PKCS12 or PFX) is a binary format for storing a certificate chain and private key in a single, encryptable file.

All SSL Certificates require a private key to work. The private key is a separate file that's used in the encryption/decryption of data sent between your server and the connecting clients.

A private key is created by you—the certificate owner—when you request your certificate with a Certificate Signing Request (CSR).

Basically, the default SSL file format used by apache web server is the PEM format. Whereas PFX files are used on MacOS and Windows systems to do export and import activities of private keys and certificates.