Purchasing and Installing an SSL Certificate from Another Provider

Winhost customers may purchase an SSL certificate from an external Certificate Authority or SSL provider. However, before the certificate can be installed at Winhost, it must be provided as a password-protected PFX file.
A PFX file contains:
  • The SSL certificate
  • The private key associated with the certificate
  • Any intermediate certificates included by the certificate provider

Option 1: Generate the CSR and Private Key Through Your SSL Provider

When ordering the certificate, check whether your SSL provider offers an option to generate the following:
  • Certificate Signing Request, or CSR
  • Private key
The CSR is submitted to the Certificate Authority when the certificate is ordered. The private key must be saved because it will be required when creating the PFX file.
After the certificate has been issued, ask the SSL provider to export or download the certificate together with its private key as a password-protected .pfx file.
You can then import the PFX file through the Winhost Control Panel by following these instructions:

Option 2: Generate the CSR and Private Key Using the SSL Toolkit

Some certificate providers allow you to submit a CSR but do not provide a tool for generating the CSR and private key. In this situation, you may use the SSL Toolkit attached to this article.
The SSL Toolkit is a Windows PowerShell utility created using Claude Code. It performs the certificate operations locally on your computer and does not require OpenSSL.

Requirements

The toolkit requires:
  • Windows 10, Windows 11, or another supported Windows version
  • Windows PowerShell 5.1 or PowerShell 7 or later
  • .NET Framework 4.7.2 or later
Administrative access and software installation are not normally required.

Step 1: Download and Start the SSL Toolkit

  1. Download the SSL_ToolKit.zip file attached to this article: SSL_ToolKit.zip
  2. Extract all files from the ZIP archive.
  3. Open the extracted folder.
  4. Double-click Run-CsrGui.cmd.
The Certificate Toolkit window will open.
If Windows displays a security warning, verify that you downloaded the file from this Winhost Knowledge Base article before continuing.

Step 2: Generate the CSR and Private Key

  1. Open the Generate CSR & Key tab.
  2. Enter the domain name that the certificate will secure in the Common Name field.
Examples:
  • www.example.com
  • example.com
  • *.example.com for a wildcard certificate
  1. Enter the organization and location information requested by your Certificate Authority, if applicable.
  2. Leave the key size at 2048 bits unless your certificate provider requires a different size.
  3. Select an output folder.
  4. Click Generate CSR & Key.
The toolkit creates two files:
  • <domain>.csr — Submit this file or its contents to your SSL provider.
  • <domain>.key — This is the private key. Keep it secure and do not send it to unauthorized parties.
The private key cannot be recovered from the CSR. If the private key is lost, you will need to generate a new CSR and ask the Certificate Authority to reissue the certificate.

Step 3: Submit the CSR to the Certificate Provider

During the certificate-ordering or validation process, your SSL provider will ask you to supply a CSR.
Open the generated .csr file in a text editor and copy its entire contents, including these lines:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Submit the CSR to the certificate provider and complete the provider's domain-validation process.
After validation is complete, download the issued certificate. Certificate files commonly use one of these extensions:
  • .crt
  • .cer
  • .pem
You may also receive one or more intermediate CA certificates.

Step 4: Combine the Certificate and Private Key into a PFX File

After receiving the certificate:
  1. Start the SSL Toolkit again.
  2. Open the Combine to PFX tab.
  3. Select the certificate file issued by the Certificate Authority.
  4. Select the matching .key file generated with the CSR.
  5. Enter and confirm a strong PFX password.
  6. Select where the resulting .pfx file should be saved.
  7. Click Build PFX.
The toolkit verifies that the certificate and private key match before creating the PFX file. A certificate cannot be combined with a private key generated for a different CSR.
The resulting PFX file will contain the certificate and its private key and will be protected by the password you entered.

Step 5: Import the PFX File at Winhost

Follow the instructions in this article to upload and install the certificate:
You will need:
  • The generated .pfx file
  • The PFX password entered when the file was created

Support Limitations

Winhost can assist with importing a valid, password-protected PFX file through the Winhost Control Panel. Questions concerning certificate purchases, Certificate Authority validation procedures, certificate reissuance, or files supplied by an external SSL provider should be directed to that provider.