When you're creating a .pfx, you'll need a copy of the private key from your server, as well as the .crt file that you downloaded from GoDaddy.
When you download certificates from Go daddy portal you will get files something like this
Rename files first Main root certificates as Certificate.crt and other gd file which is intermediate file as supporting more file.
You can use OpenSSL commands in command line to create the PFX, I'm including a sample below:
openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt
This will create a certificate.pfx file from your private key, as well as the .crt you downloaded.
You'll just need to make sure that you update the names in the sample code above to match your certificate/private key information.
user@server:~$ cd Certs_Apache /
user@server:~/ Certs_Apache$ openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt
unable to load private key
140238327080608:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY
When you convert the cert by using the openssl you can get the above error sometime
For above error solution is to check the .key file encoding.
Carry out the following steps: open the .key file with Visual Studio Code or Notepad++ and verify that the .key file has UTF-8 encoding. In my case, the file had UTF-8 with BOM encoding, so I saved the file with just UTF-8, and then tried the conversion again:
In addition, make sure that .key file has a valid scheme:
-----BEGIN PRIVATE KEY----- Cipher here -----END PRIVATE KEY----- |
user@server:~/Certs_Apache$ openssl pkcs12 -export -out certificate.pfx -inkey generated-private-key.txt -in certificate.crt -certfile more.crt
Enter Export Password:
Verifying - Enter Export Password:
user@server:~/ Certs_Apache $