There are many reasons to have Secure Socket Layer (SSL) certificates configured for your domains. An SSL certificate will help safe guard login credentials for sites that require users to login by encrypting the information as it is transmitted. Aside from authentication, SSL certificates are essential for any site where private information is being submitted (financial, medical, etc). Failure to use an SSL certificate will result in all traffic to and from a given site being transmitted across the Internet in plain text which can possibly be intercepted without knowledge by third parties.
There are three steps to issue and install a certificate:
- Generate a Certificate Signing Request (CSR) from WHM
- Provide the CSR to your SSL provider and retrieve the certificate they create from it
- Access the Web Host Manager and install your new certificate
If you already have a certificate issued from an SSL provider you can skip to the third step. If you are just getting started with the process of configuring an SSL certificate for a domain you will need to use the Generate an SSL certificate tool first with the steps below.
Generate a Certificate Signing Request
To begin you will visit your IP address followed by /whm which should redirect you to your IP address on port 2087.
Example WHM URL: https://18.104.22.168:2087/ Replace the 22.214.171.124 IP with the IP from your welcome email for your server. You will need to login as the root user to access WHM. The login password for the root user will also be found in your welcome email unless it has been changed.
After logging in you will see a menu on the left with a SSL/TLS section. Beneath that section you will see Generate an SSL certificate and Signing Request and Install an SSL Certificate on a Domain.
Complete the form to generate a certificate signing request (CSR). This CSR is what you will provide to the SSL provider and they will use it to issue a certificate for your server / domain configuration.
CSR Form Items:
When complete, email me the certificate, key, and CSR. Check if you want a copy via email
Email Address: If the box above is checked a valid email will be needed for delivery
Key Size: Default of 2048 is sufficient unless the SSL provider requires 4096
Domains: Provide the domains to be covered. This will typically be the domain and the domain with a www. prefix.
City: Enter your city
State: Enter your state but do not abbreviate as it can cause errors
Country: Select from the drop down list
Company Name: Your Company Name, Domain name if not a company
Company Division: Optional, often set to the same as the Company Name
Email: Needs to be valid although use is contingent upon SSL provider
Passphrase: Blank unless specifically directed to use by SSL provider
Provide the CSR to your SSL provider and retrieve the certificate they create from it.
After completing the form hit Create. The next page will display the CSR, Certificate, and a Key.
“The system has successfully generated the CSR and private key for “yourssldomain.com www.yourssldomain.com”. The system also generated a self-signed certificate that you can temporarily use until you receive a signed certificate from your SSL certificate vendor.”
Do not disclose the key to anyone as it will compromise the security of the certificate. You will want to copy the entire block of text in the Signing Request box and provide this to your SSL provider. They will use the CSR to issue your certificate. You must provide the entire CSR which includes everything between and including the following lines:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
After submitting your CSR you should receive the official certificate in the form of an email or as a downloaded zip file. If the contents are compressed you will need to extract them to your desktop or another working area so the certificate can be installed.
Access the Web Host Manager and install your new certificate.
When you have your certificate you will need to return back to the Web Host Manager. Instead of using the Generate an SSL Certificate and Signing Request you will use the Install an SSL Certificate on a Domain link.
You will want to copy the certificate from your provider with everything including the BEGIN and END CERTIFICATE lines:
Paste this certificate in the Certificate box and hit “Autofill by certificate”. This should populate the domain name, IP address, and the private key. If your certificate provider included a Certificate Authority (CA) Bundle you can copy that in the third field. If they did not provide this do not worry as the server will attempt to populate it automatically.
When the Domain, IP Address, Certificate, Private Key, and CA Bundle (if applicable) are filled in you can use the Install button at the bottom of the page. If the certificate and other values are valid you should see a success message:
When the success message is shown you should be able to then visit your site that the certificate is valid for using https:// and the browser will then encrypt and validate the domain with the new certificate to securely transmit data.Posted in
- I have a dedicated server. How can I install my commercial SSL certificate on my server using Plesk?
- I have a dedicated server. How can I install my commercial SSL certificate on my server using plesk?
- How to install/configure ClamAV on your server:
- How do I install LAMP on my new basic server?
- How to install Varnish on Plesk 11