openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. I recently ran into an interesting problem using openssl to convert a private key obtained from GoDaddy. Someone else used GoDaddy’s “wizard” interface to generate a certificate signing request (CSR) and private key, and saved the files on their Windows workstation. They purchased an SSL cert from GoDaddy, and shared all the files with me for installation on servers. GoDaddy saved the private key in the newer PKCS #8 format (pkcs8), and one system required the key in the older PKCS #1 (pkcs1) format. It’s easy to tell the difference.
Open the Microsoft Management Console (MMC). In the Console Root, expand Certificates (Local Computer). Your certificate will be located in the Personal or Web Server folder. Locate and right click the certificate, click Export and follow the guided wizard.
Any SSL certificate bought after this date will have the new term length applied and those bought before will be grandfathered in. For more information check out this blog article that goes into more detail around the term change and GoDaddy’s response. Openssl is the standard open-source, command-line tool for manipulating SSL/TLS certificates on Linux, MacOS, and other UNIX-like systems. I recently ran into an interesting problem using openssl to convert a private key obtained from GoDaddy. Before or after uploading your new SSL certificate, you can delete the old SSL certificate to avoid confusion. Go to your GoDaddy product page. Under Web Hosting, next to the Linux Hosting account you want to use, click Manage. In the account Dashboard, click cPanel Admin. In the cPanel Home page, under Security, click SSL/TLS.
PKCS #1 files start with:
PKCS #8 files start and end with ONE OF these lines:
I found that openssl couldn’t even read the private key:
Godaddy Openssl Generate Csr
The error was surprising, because the key file looked perfect. I wasted quite a bit of time trying to find a mistake in my openssl command. Fortunately, I found the solution in a comment on a StackOverflow article. I don’t know if the culprit is GoDaddy’s key generation, or the way that the key was saved on a Windows system (perhaps with Notepad), but the key ended up being encoded in UTF-8, with a Byte Order Mark (BOM) included. openssl couldn’t read the key because it was unable to parse the BOM. The solution was to use iconv to convert the key file from UTF-8 to ASCII, and then covert from pkcs8 to pkcs1: