问如何将SSL证书从一个cPanel帐户传输到另一个帐户？我需要转机吗？我有新的帐户

EN

Step1: Login into your VPS or server through ssh

Step2: Step2: Search .crt and .key files of the domain's SSL Certificate

You can use the following commands for finding the files.

# find / -name *.crt (For certificate)
# find / -name *.key (For private key)

Step3: File location

Generally, .crt and .key files will be located under the following path.

/etc/ssl/ 

OR 

/etc/pki/tls/

The full path should be as follows:
# /etc/pki/tls/certs/your_domain_name.crt (Certificate file)
# /etc/ssl/private/your_domain_name.key (Private key)

Step4: Run openssl command to export the SSL Certificate.

Now, you need to execute the following command to export the SSL Certificate.

#openssl pkcs12 -export -out OUTPUT_FILENAME -inkey Key_Filename -in Certificate_Filename

In the place of OUTPUT_FILENAME, enter a filename with full path for generating file. For example /home/demovpstest/demovpstest.pfx

In the place of Key_file name enter the path of the private key. It should be /etc/ssl/private/your_domain_name.key

In the path of Certificate_File name, Enter the path of the Certificate /etc/pki/tls/certs/your_domain_name.crt

Once you execute the command, you will be asked to set a password. Please enter a unique password and press enter. Again enter the same password which you have entered above and press enter. Congratulations! pfx file is created. You can see it by executing the following command in the terminal.

# ls -l

You can download this generated pfx file and import it into Server.

# openssl pkcs12 -in [sslCertName.pfx] -nocerts -out [outputFileName.pem] -nodes

sslCertName.pfx == Input file name
outputFileName.pem == Output file name
While you issue this command, you will be asked for Import Password. Enter the password you had set while exporting the certificate.

On success, you will get the message MAC verified OK.

MAC Verification

Now, we need to extract the private key and certificate file from the .pem file. Open outputFileName.pem file in any text editor and copy each key, make separate text file for each certificate including the ----- BEGIN RSA PRIVATE KEY ----- and ----- END RSA PRIVATE KEY ----- lines.

Move to Apache server configuration file (httpd.conf). The actual directory of this configuration file may be different. Usually, you can locate this file under /etc/httpd/ directory. You can also use following command to find httpd.conf file.

find / -name 'httpd.conf'
Once you locate httpd.conf file open it in editor and find <VirtualHost> tag in the file.

If you want your website to be accessible through both protocols (https and http), copy existing <VirtualHost> tag and change the port from port 80 to 443 as follows. Following is a basic example of a virtual host configuration for SSL. The parts listed in bold are the parts that must be added for SSL configuration.

<VirtualHost 192.168.3.1:443>
DocumentRoot /home/user/mydomain/html
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCACertificateFile /path/to/CA.crt
Save the changes and exit the editor.

It is always a good practice to check your Apache config files for any errors when you modify it. Since we have changed settings of Apache Config file, we will test for the errors. Issue following command to check errors.

apachectl configtest
If apache configuration file has no errors, you will get Syntax OK message. If you get error like -bash: apachectl: command not found, you need to find apachectl file first. To find this file, run the following command.

find / -name 'apachectl' 
As an output of this command, you will get a full path of the apachectl file. Copy this file path, place configtest after the path and run this command as follows. Once you receive Syntax OK message, restart the Apache web server.

Checking Errors in Apache Config File

Restart apache web server using following commands.

# apachectl stop 
# apachectl start