How to install a SSL certificate (in cPanel)

• 01 March 2017
• in: C-panel,Domain,Security,Tutorials
• Tags: c-panel, instalation, security, SSL certificate
• note: one comment

Parkingtim-hosting sell only the best SSL certificates from the globally Trusted SSL Brands. Website security builds customer trust. SSL installation via cPanel is a pretty simple process, even if you have no special technical skills. Prior to certificate installation do not forget to generate a CSR code. If it was not created yet, please refer to ‘How to generate a CSR code in cPanel’.

Important Things You Should Know while Installing an SSL Certificate

1. SSL Requires a Dedicated IP Address – A private SSL certificate requires its own dedicated IP address. When ordering an SSL certificate, a dedicated IP address will be added to your account automatically for free. A dedicated IP address is exclusively yours. You might choose to serve different sites from that IP address, but you’re ultimately in control of who’s using it.
2. Changing to a Dedicated IP Address Requires Time to Propagate – When switching to a dedicated IP, the IP address of your website will change, and the DNS will subsequently need to propagate (update) worldwide, which requires approximately 4 to 8 hours. Planning ahead – we don’t recommend switching when you are in the middle of a promotion or advertising campaign.
3. SSL Certificates are Issued on an Annual Basis – SSL Certificates are purchased with a 1-4 year expiration date. Before a certificate expires, you will need to purchase a new SSL certificate with a new expiration date. Despite sometimes being referred to as renewing an SSL certificate, technically you are purchasing a new certificate with a new expiration date.

 

Once SSL certificate files are received from a Certificate Authority, you can start certificate installation using your cPanel. For installing ssl certificate on your website you should buy ssl certificate first.

 

How to generate a CSR code in cPanel

There are a few steps required to generate a CSR in cPanel. Following them you will successfully arrive at  the SSL activation step.

• First, log in to your cPanel account.
• In the Security section click on ‘SSL/TLS Manager
  

• You will see the following options:
  

Step 1. Generate a Private Key

• Go to the Generate, view, upload, or delete your private keys link in the Private Keys (KEY) menu.
  

• Click on the Generate button under the Generate a New Private Key option.

*Important* The Key Size should not go below 2048 bits – we recommend using this length.

• The server will generate a Private Key for you. It will be provided in encoded and decoded formats.
  *Note* For installing the certificate on multiple servers, the encoded Private Key is required.
  
• Great! The Key is now saved to the Private Keys storage in SSL/TLS Manager. You can click the Go back button now
  

Step 2. Generate Certificate Signing Request (CSR)

• Now you need to go to Generate, view, or delete SSL certificate signing requests in the ‘Certificate Signing Requests (CSR)’ menu
  
• Make sure you select the Key that was just generated from the drop-down list. If you leave it as ‘Generate a New 2048 bit key’ – there will be a completely new Key generated.
  
• Enter the domain name you wish to secure. Please make sure you use a Fully Qualified Domain Name (FQDN).
  
  *Important* If you have a Wildcard certificate, the domain should be specified with an asterisk to secure the subdomains as shown on the image below:
  
  
• Fill in all the remaining required fields:
  City (type the full name)
  State (type the full name)
  Country (select 2-character code from the drop-down list)
  Company (if there is no such one, just state your domain name)
  Company Unit (if you do not have such one, just use NA)
  E-mail (enter any of your e-mail addresses – it will not be used for domain control validation or reception of the issued certificate).
  Passphrase – we advise to leave it blank, because the pass is stored unencrypted in the CSR
  Description – just leave it blank as well.
  *Important* Make sure you use alphanumeric characters only.
• Once you have all the fields filled in, you are to click the Generate button.
• Congratulations! Your CSR is generated now. You will need to use the Encoded version.
  
• Copy and paste it into the corresponding box during the SSL activation.

 

Step 3. – Install a SSL certificate

• Click on Manage SSL sites under Install and Manage SSL for your site (HTTPS)
  
• The next step is to open the certificate file received from Certificate Authority using a text editor, copy the full text including the header and footer —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–, and paste your certificate file into the ‘Certificate: (CRT)’ box including the header and footer.
• Click on Autofill by Certificate to fetch the corresponding Private key which should be stored on the same server where CSR code was generated.
  If CSR code and Private key were generated not on the server you are using for SSL certificate installation, you can export Private key from the server it was created on and paste it manually during SSL certificate installation into the ‘Private Key: (KEY)’ box.
  
• CA bundle installation
  CA bundle file contains root and intermediate certificates which are needed to complete end-entity certificate chain and sign it by the Certificate Authority. Even though it is stated that CA bundle installation is optional, we highly recommend that CA bundle is installed on the server along with the certificate itself. The absence of CA bundle might cause security warnings on mobile devices and some older browsers. CA bundle files are sent by a Certificate Authority along with end-entity SSL certificate issued for your domain name.
  However, you can find CA bundle for Parkingtim-hosting certificates here:
  – Rapid SSL – Intermediate CA Certificate: RSA SHA-2 (under SHA-1 Root) + Enrolled before 29.2.2016: SHA-2 (under SHA-1 Root)
  – Comodo Instant – SHA-2
  – GeoTrust QuickSSL® Premium – SHA-2 under SHA-1 root + SHA-2 under SHA-2 root
  – Comodo Premium Wildcard – SHA-2 
  – GeoTrust True Business ID with EV – SHA-2 under SHA-1 root + SHA-2 under SHA-2 root
  – Symantec Secure Site EV – SHA-2 under SHA-1 root + SHA-2 under SHA-2 root
  Even if the CA bundle for your certificate contains several certificates (root and intermediates), all of them have to be pasted into the ‘Certificate Authority Bundle: (CABUNDLE)’ box during SSL certificate installation via cPanel.
• Press the ‘Install Certificate’ button.
  
  Now your site is protected by a SSL certificate and connection to your domain name is secured.