If you have a .PFX file for your certificate, you'll need to convert it for it to be installed on a Linux server/VPS.

  1. Copy your PFX file to /root.
  2. SSH into your VPS/server
  3. Next, we're going to export the certificate key
    Run:
    Code:
    openssl pkcs12 -in cert_name.pfx -nocerts -out cert_name.key
    (replace cert_name.pfx with the name of your .PFX file, cert_name.key with the name you wish to use for the exported key)
    You will be prompted for the password for this file.
  4. Now to decrypt the private key using the file we just exported:
    Code:
    openssl rsa -in cert_name.key -out cert_name.decrypted.key
  5. To extract the certificate from the .PFX file
    Code:
     openssl pkcs12 -in cert_name.pfx -clcerts -nokeys -out certificate.crt


You should have have 3 files:
  • Key file: cert_name.key
  • Decrypted key file: cert_name.decrypted.key
  • Certificate file: certificate.crt



If you are running cPanel on your VPS:
  1. Login as root
  2. Under the " SSL/TLS" section, select "Install a SSL Certificate and Setup the Domain"
  3. Copy and Paste the contents of the certificate file starting from
    Code:
    -----BEGIN CERTIFICATE-----
    and ending with
    Code:
    -----END CERTIFICATE-----
    into the first box. cPanel should detect the, user and IP address. Note: the domain MUST be on a dedicated IP to install a SSL certificate.
  4. Copy and Paste the contents decrypted key file into the second box
  5. If you have a ca bundle certificate file, paste the contents into the third box
  6. Click on "Submit" at the top of this page and cPanel will install the certificate. If there are any errors, it'll let you know.


If you are NOT running cPanel on your VPS (for advanced users):
  1. Create the following directories:
    /etc/ssl/certs -- used to store the certificate files
    /etc/ssl/private -- used to store the private keys
    To create these directories run:
    Code:
    mkdir /etc/ssl
    mkdir /etc/ssl/certs
    mkdir /etc/ssl/private
    chmod 700 /etc/ssl/private
  2. copy the certificate file to /etc/ssl/certs
  3. copy the key file to /etc/ssl/private
  4. edit the apache configuration file, normally it's in this location:
    Code:
    /etc/httpd/conf/httpd.conf
  5. create a virtual host for your site by adding the following section to your apache configuration file:
    Code:
    <VirtualHost 123.123.123.123:443>
            ServerName domain.com
            ServerAlias www.domain.com
            SSLEngine on
            SSLCertificateFile /etc/ssl/certs/cert_file.crt
            SSLCertificateKeyFile /etc/ssl/private/key_file.key
            <Directory /var/www/html/>
                    AllowOverride All
            </Directory>
            DocumentRoot /var/www/html/
            SSLProtocol +SSLv3 +TLSv1
            SSLCipherSuite RSA:!EXP:!NULL:+HIGH:-MEDIUM:-LOW
    </VirtualHost>
    Replace 123.123.123.123 with your static IP for this site. Change domain.com and www.domain.com to your domain name. Adjust the cert and key file names to what you have named them. Set your document root to the location of your site.
  6. Save the file and restart apache
  7. If you have any errors in your httpd.conf apache will let you know when you attempt to restart.