Installing SSLs and Generating CSRs in cPanel

Title Image Installing SSLs and Generating CSRs in cPanel

Installing SSLs in cPanel is a straightforward process for account owners with Shared, VPS, or Dedicated Server accounts. cPanel releases (versions 11.38 and higher) come with a new SSL/TLS Manager which is available to cPanel users. This interface gives you the ability to generate, view, or upload, private keys, Certificate Signing Requests (CSR), and certificates (CTR), and also allows the ability to activate an SSL certificate on your website.

Only certain businesses require a Dedicated SSL certificate. Exact needs will vary from business to business. If you process customer payment information directly on your site, as opposed to a payment gateway like PayPal, then you will need a Dedicated SSL certificate. For many sites, our free and easily installed AutoSSL is more than enough.

If you need a Dedicated SSL certificate, you can order an SSL certificate from InMotion Hosting in your Account Management Panel (AMP). Our Dedicated SSL certificates are Comodo-issued 256-bit encrypted InstantSSL certificates and are only $99.99 / year.

If you require assistance, please submit a request to our live technical support team. They can quickly help you with getting an SSL certificate installed if necessary.

When you purchase a third-party SSL certificate, you can use the cPanel SSL/TLS Manager to complete the SSL install process on your own.

Enable SSL/TLS Manager in WHM for cPanel Users

The SSL/TLS Manager will be automatically enabled on Shared Hosting accounts, but VPS and Dedicated Hosting accounts may need to manually enable it in WHM’s Tweak Settings option.

  1. Login to WHM.
  2. In the top-left find box, type in tweak, then click on Tweak Settings.
    in whm type tweak and click on tweak settings
  3. Type Allow cPanel in the top-right find box, then fill in On beside Allow cPanel users to install SSL Hosts, then click Save.
    in whm type allow cpanel and enable cpanel users to install SSL hosts
    You should see WHM Updating tweak settings. When it completes it will say Done at the bottom.
    whm tweak settings updated

Access the cPanel SSL/TLS Manager

Once you have the cPanel SSL/TLS Manager enabled in WHM, you can access it when logged into cPanel.

  1. Login to cPanel.
  2. Under the Security section, click on SSL/TLS Manager.
    under security click ssl tls manager

Generate Private Keys

Before generating anything else, we need to generate some Private Keys. These are used to decrypt information transmitted over an SSL connection. You need a separate Private Key for each SSL certificate you wish to use.

  1. Access the cPanel SSL/TLS Manager.
  2. Click on Generate, view, upload, or delete your private keys.
    click generate private keys
  3. Typically a Key Size of 2,048 bits is fine, but if you need another one you can select it from the drop-down. Fill in a Description for the key if you’d like, then click Generate.
    click generate
  4. Now with your Private Key generated, click on Return to Private Keys.
    cpanel generated private key
  5. You should see the key you created listed.cpanel view keys on server
  6. If you already have a Private Key not on the server, then under the Upload a New Private Key section, you can either paste in your key and click Save, or you can click on Choose File to browse your computer for the key, and then click Upload.
    paste or upload private key
  7. After you’ve already generated or uploaded your Private Key so it exists on the server, click on Return to SSL Manager.

Generate the CSR in cPanel

Before getting an SSL certificate for your website, you need to generate a Certificate Signing Request (CSR). This request will include your domain name and company, as well as information specific to the server you’re hosting on.

  1. Access the cPanel SSL/TLS Manager.
  2. Click on Generate, view, or delete SSL certificate signing requests.
    click generate csr
  3. Fill out all of the fields for your CSR, then click Generate.
    fill out csr fields click generate
  4. You should now see the generated CSR, you can click in the text-box and then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.
    copy generated csr text
  5. Now you need to take this CSR text generated from the cPanel server, and when you are purchasing a SSL certificate, the Certificate Authority that you buy it from will need to be supplied with it.
  6. If and when you are asked the server type your CSR was generated on, you’d want to select RedHat Linux.

Generate a CSR in WHM

WebHost Manager (WHM) has a similar feature to the above. Here is how to access it.

  1. Log in WHM.
    Selection 200
  2. Choose SSL/TLS.
    Selection 201
  3. Select Generate an SSL Certificate and Signing Request.
    Selection 202
  4. Fill in the information for the SSL.
    Selection 203
  5. Click the Create button.
    Selection 204
  6. The system will generate the CSR, Certificate, and a Key.
    Selection 205

Generate the CSR in AMP

It’s also easy to generate a Certificate Signing Request in the Account Management Panel.

  1. Log into your Account Management Panel (AMP).
  2. Select the Simple CSR Request for 3rd party SSL icon.Selecting the Simple CSR Request
  3. Read the page to determine if you really need a CSR. If so, continue by clicking on the Request a CSR button.
  4. Next you will begin the steps to get your CSR. First, you must enter the specific name you will use for the CSR. Typically this is just the domain name (ex: example.com) but you may wish to be more specific and use a subdomain name for your store (ex: store.example.com, cart.example.com, secure.example.com). Click on the Continue button to go to the next step.
    form to fill out for CSR
  5. Now you will fill out this form with your information. Be sure it is all correct. Click on the Continue button when you are finished. 
    filled in CSR request form

    Email AddressYour contact email address.
    Certificate NameThe domain name you want the CSR for.
    CityYour city location for your business.
    StateState in which your business is located.
    CountryUse the two character abbreviation for your country.
    Company NameThe official name of your company.
    DivisionName of your company division. Leave blank if not applicable.
  6. You are now presented with the CSR based on the information you entered in the previous step. Copy and paste this information into an email to send to your SSL Provider. Once you have received the files from them, click Continue to move to the final step.
    sample CSR
  7. Upload the files from your SSL provider and fill out the billing information so our team can install the new SSL onto your site.
    uploading files from SSL provider

If you have closed out your browser before receiving the SSL files from the SSL provider, you can return to that point at any time. Simply click on the Simple CSR Request for 3rd party SSL icon in the AMP (Step 1 and Step 2 above) and you will see your existing CSR information on the right hand sidebar. Click on Submit Your SSL Zip Files Now. This will take you immediately to Step 7 above.

Purchasing Notes

Once you have generated your CSR on the server, you must provide the Certificate Authority with the CSR to generate the SSL. The vendor you buy your SSL from depends on wherever you get the best deal. InMotion Hosting can install SSLs from a variety of third parties.

You can also purchase SSLs through InMotion Hosting, and we will make sure your SSL is renewed yearly and configured properly for our server types.

If you are purchasing your dedicated SSL from a third-party vendor, make sure to use Redhat/Linux and SHA 2 for the encryption settings.

Install Third-Party SSL Certificate in cPanel

If you sent off your CSR to a certificate authority, you should have gotten back a matching SSL certificate that you can now go back and install on the server to use for your website.

  1. Access the cPanel SSL/TLS Manager.
  2. Click on Generate, view, upload, or delete SSL certificates.
    click generate certificate
  3. Now either paste your certificate info into the Paste your certificate below box and click Save Certificate, or click Choose File to browse your local computer for the certificate file and click on Upload Certificate.
    paste or upload your ssl certificate

Installing SSLs in WHM

After you have a copy of your SSL Certificate, you can now install it within your WHM by following the steps below:

  1. Login to WHM
  2. Click SSL/TLS in the left navigation menu, then click the Install an SSL Certificate and Setup the Domain button.

    ***Important – In the Domain section, Browse and select the domain you are installing the certificate for, leaving the IP field on Auto-discover.

    choosing domain
  3. There are 3 fields available, fill them in as needed and click the Submit button when you are done. Below is a brief description on the fields:
    FieldDescription
    crtCopy and paste the contents of the .crt file, or the Certificate info from the previous section (if you are installing a self-signed certificate).
    key (Private Key)Copy and paste the contents of the .key file, or the Key info from the previous section (if you are installing a self-signed certificate).
    ca bundleCopy and paste the contents of the ca bundle, this would be provided when you purchase an SSL. You will not have one if it is self-signed.
  4. Note, only check Enable SNI for Mail Services” if you are using the certificate for email. If you are not, then you are using the existing server’s certificate for mail. Per cPanel’s documentation, “Mail SNI configures the mail services to use the SSL certificate for your domain instead of the server’s default certificate.”

If You Are Purchasing a CA SSL

Once you have generated your CSR on the server, you must provide the Certificate Authority with the CSR to generate the SSL. The vendor you buy your SSL from depends on wherever you get the best deal. InMotion Hosting can install SSLs from a variety of third parties.

You can also purchase SSLs through InMotion Hosting, and we will make sure your SSL is renewed yearly and configured properly for our server types.

If you are purchasing your dedicated SSL from a third-party vendor, make sure to use Redhat/Linux and SHA 2 for the encryption settings.

Once your CSR request is submitted, our Support Team will respond via email with your CSR. The email should be the one referenced by the SSL and not necessarily with the primary email address on the hosting account. You will then provide the CSR to your SSL vendor so they can properly key your SSL. When you receive the SSL from your vendor, please respond to our email and attach your SSL. Our Support Team will then install your third party SSL.

We do require a charge of $25 for our support team to carry out an SSL installation for SSLs purchased elsewhere.

Wildcard SSL Installations

You can have Wildcard SSL certificates installed on VPS or Dedicated servers. We do not sell Wildcard SSL certificates, so you will need to contact a 3rd party SSL provider to obtain one. Also, Wildcard SSL certificates cannot be installed on shared hosting plans.

Important! In order to install Wildcard certificates on VPS and Dedicated servers, each site needs to be on a separate cPanel account.

To have a Wildcard SSL installed, you will need a CSR generated for each domain on your server that will use the Wildcard SSL. You then take the CSR and key the Wildcard certificate for each domain. You then email the CRT to support for installation. We install the same certificate to each cPanel account you created for each domain that will use the SSL.

How to Install the SSL

  1. Log in WHM.
  2. Choose SSL/TLS.
    Selection 201
  3. Select Install an SSL Certificate on a Domain.
    Selection 206
  4. Fill in the Domain you are securing.
    Selection 207
  5. If you are installing a self-signed SSL paste the Certificate you received before in the Certificate field, autofill, and click Install.
    Selection 208
  6. If you are installing a third-party CA SSL you can use the Certificate Authority Bundle you were provided when you purchased the SSL, autofill, and click Install.
    Selection 210

Activate SSL Certificate on Website

Now that you’ve generated a private key, generated a CSR, and installed a SSL on your account, you should be ready to activate that SSL certificate for your website.

  1. Access the cPanel SSL/TLS Manager.
  2. Click on Install and Manage SSL for your site(HTTPS).
    click setup an ssl certificate to work with your site
  3. From the Domain drop-down, select the domain you’re installing your SSL certificate on, and then click Autofill by Domain.
    select ssl domain click autofill by domain
  4. In this case you can see it’s warning us that the Issuer is self-signed which is fine. If you actually installed a third-party verified certificate you shouldn’t see this warning.
    click install certificate
  5. Click on Install Certificate.

You will then see confirmation that the SSL certificate was installed. You should hopefully now understand how to use the cPanel SSL/TLS Manager to either generate a CSR or get a SSL certificate installed on your website.

Generate a Self-Signed SSL Certificate

If you just need your website data encrypted, and are not worried about web-browser warnings you can generate a self-signed SSL certificate for free. It’s almost always a better idea to just use the free AutoSSL, but certain prototypes or unusual circumstances may require you to generate a self-signed SSL yourself.

When you access a self-signed SSL website from your web-browser, you will get an self signed SSL warning such as this one in Google Chrome. You can simply safely click on Proceed anyway to still get to the website.

When you’re on your website if you click on the SSL padlock icon, you can see the reason we got a warning is because the website’s identity has not been verified. This is because we used a self-signed SSL certificate and it wasn’t verified by a third-party certificate authority.

Self Signed SSL Info Example
  1. Access the cPanel SSL/TLS Manager.
  2. Click on Generate, view, upload, or delete SSL certificates.
    click generate certificate
  3. Scroll down to the Generate a New Certificate section and fill out all of the details for your self-signed SSL certificate, click Generate.
    fill out details for self signed ssl certificate click generate
  4. On the next page, click in the Encoded Certificate text-box, then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.
    copy self signed certificate text

For unusual situations, cPanel’s official documentation has a wide variety of situations covered in-depth. If you have any other questions about purchases or changes to your account, see our Account Management Panels (AMP) page for more helpful walkthroughs.

Get better performance and security with our Managed VPS Hosting.

RH
Ronnie H Technical Writer

Ronnie is a technical writer and content specialist at InMotion Hosting.

More Articles by Ronnie

Was this article helpful? Let us know!