There are various factors that have to be taken care of while installing a SSL certificate on a domain by using the cPanel platform. The SSL certificates serve a crucial purpose of securing a web site for various things like banks, stores, eCommerce applications etc. It is very important to pay close attention while setting up the SSL certificate. This post will guide you in terms of setting up a new SSL certificate in a VPS or a dedicated server with the use of cPanel.
STEP 1: The Website’s IP Address
The most crucial step in installing a SSL certificate is to make sure that the website is crawling on its own IP address. The IP address should not be shared with any other user accounts. Log in to your Web Host Manager (WHM) and go to the navigation section on the left side called IP Functions.
In that section click on the Show IP Address Usage link as indicated below:
Find the domain in question in the list that is displayed, and make sure it is the only account listed for that IP address. Example below:
Note: The number of accounts may vary, but as long as there is only one primary domain name listed here you should be fine.
If in case the domain is not on its own IP address you will have to change the website’s IP. It is not possible to change a domain’s IP address without temporarily taking down the website while the new DNS settings are propagated across the entire internet. If you find yourself in this situation the best way out is to lower the domain’s “Time To Live” (TTL) settings to a low value like 600 seconds. You can use the WHM’s DNS zone file editor for this purpose if your server is also running the domain’s DNS, and then wait until the following day to make the actual IP address change.
If your website is on its own IP address proceed to Step 2, otherwise wait until your domain has been moved to a new IP and then proceed.
STEP 2: Creating The Certificate Signing Request [CSR]
A CSR is a digitally signed file that is used for the purpose of applying a SSL certificate from a certificate vendor. In your server’s WHM, find the navigation section labeled SSL/TLS.
Click on the link marked Generate a SSL Certificate and Signing Request as indicated below:
The link will take you to a form that will ask for several pieces of information as mentioned below:
Address the cert will be sent to
An e-mail address where the finished CSR will be delivered by the server.
An e-mail address that is also listed in the WHOIS information for the domain you are working with. Please make sure that this e-mail address is valid.
A password used as part of the encryption mechanism for the CSR. Please be sure to write down this password and/or store it somewhere safe.
Host to make cert for:
The domain name that will be using the new certificate. Please note: If you are having a Liquid Web order and you will need to specify the domain name as www.domain.com for installing the certificate unless you are ordering a certificate for a sub domain like store.domain.com or anything similar to that.
The city where your business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The state where the business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The country where the business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The name of the business/organization. Please make sure this matches the address information found in the domain’s WHOIS information.
The department/division of a the organization that is managing the website. “Online” is a suitable value if you have nothing to specify here.
The default value of 1024 is fine. You can also use 2048 only needs when ordering specialized (non-standard) certificates.
Once you have filled the complete form; click on the Create button.
If there are no errors in your input, you will be presented with a summary page showing the three parts you just created:
1. Signing Request – The CSR
2. Certificate – A self-signed certificate generated by the server
3. Key – The Private Security Key
The server will e-mail a copy of these three parts to the e-mail address you have mentioned above. Be sure to hang on to the e-mail or copy and paste the three parts into a backup text file right away. The CSR is that part which you will need to order for the actual certificate, regardless of whether you would like Liquid Web to order it or if you order it yourself through a certificate vendor of your choice.
STEP 3: Using The CSR To Order The SSL Certificate
Ordering the Certificate Yourself
You can take the CSR and order your SSL certificate by using a number of different SSL providers. If you are ordering the SSL certificate for the first time; you can find a useful chart comparing vendors and certificate types on the internet. Once you get the website of the provider be sure to grab their “Certificate Authority Bundle” (CA Bundle). This is an optional step, however it is highly recommended that the CA bundle be installed along with the rest of the certificate. Each company/vendor will have a different layout for their web site therefore specific instructions for everyone of them cannot be provided. You can contact with the technical assistance of the respective vendor if you face any problems in terms of ordering the certificate.
STEP 4: Installing The SSL Certificate
For installing the SSL certificate, log in to your server’s WHM, find the SSL/TLS navigation section again, and click on the link called Install a SSL Certificate and Setup the Domain as pictured below:
This will take you to a page that will ask for the parts of the certificate and the related domain information.
Fetching the information automatically
On the installation page, find the text box where you enter the domain name and click on the Browse button, as pictured below:
Select the domain name from the list that will be using the new SSL certificate and then click the Use Cert button that appears on the pop-up. The installation screen will now display the domain name, the IP address, the user name of the domain on the server, and two parts of the SSL certificate: The CRT and the .key file that were created earlier.
IMPORTANT: If you use this method the server will use the self-signed certificate that was generated in STEP 2. You will have to manually delete all of the auto-fetched CRT information on this screen and paste it in the certificate/CRT sent to you by the certificate vendor.
Paste the vendor’s CA Bundle into the final text box, and then click the Install button near the top of the installation screen.
Entering the SSL Cert Pieces Manually
Enter in the domain name in the exact way as the certificate will be using it. If you have purchased a new certificate then that is exactly what you will need to enter in the domain field. The IP address may appear automatically, but if it does not appear, enter in that as well. Also make sure to enter the domain’s user name on the server in the corresponding text field. Copy and paste the CRT/Certificate into the first large text box; this will be the certificate that you purchased, not the self-signed file that was created in STEP 2. now do the same thing with the RSA key that was created earlier. Finally, copy and paste the certificate vendor’s CA bundle into the third large text box and click on the Install button near the top of the installation screen.
Make sure to enter the correct certificate into the first large text box. You will have to enter the correct certificate that you want to use and the self-signed certificate. These certificates will look very similar even though they have different functions. If you run into any errors after clicking on the submit button, make sure to check all of the input boxes for any unnecessary spaces or blank lines both before and after putting the text in the box.
Now your new SSL certificate is installed and running! For testing it, visit your site using https:// instead of the regular http:// in front of the domain name.