Managing SSL Certificates in WHM

Secure Socket Layer (SSL) Certificates are used to facilitate encrypted connections between the client and the server. The certificate is used to authenticate a public key that is generated by the server. The key is used on both ends of the connection to encrypt and decrypt the packets before and after they are sent between the server and the client, thus providing a secure connection between the two.

There are generally two types of certificates that can be used: signed certificates (which are independently verified by a third-party that issues them) and self-signed certificates (which are created by the server using the certificate.)

Signed certificates are inherently more trustworthy because of the third-party verification. Self-signed certificates are generally used to encrypt connections to admin panels like cPanel or WHM where the visitor expects that the certificate will not be independently verified, and they should not be used for e-commerce websites.

When requesting a page that uses a self-signed certificate, you will likely see a page similar to this:

There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Different browsers have different procedures for accepting self-signed certificates. Check your browser documentation for the procedure for accepting the certificate if necessary.

All SSL certificates (whether they are signed or self-signed) are generated from a Certificate Signing Request (CSR) that the hosting server generates. If we wanted to install a signed certificate, we would have to generate the CSR first and provide it to the issuer to generate the SSL certificate.

All SSL certificates covered here include three components: the certificate itself, the RSA key and the CSR. (Each of these files consists of Base64-encoded text.) For more information on RSA and CSR files, see:

Note: Every SSL certificate created with WHM will also generate a CSR and RSA key in addition to the certificate itself.

 


 

To purchase and install a signed certificate via WHM:

  1. Click the SSL/TLS icon in WHM.

    WHM gives you the option to purchase and install signed certificates for your domains automatically.

  2. Click the Purchase & Install SSL Certificate icon.

    Trustwave is a third-party provider of SSL Certificates that can be purchased and installed automatically through WHM.

  3. Enter your Email Address to be encoded in the certificate.

    If you would rather retrieve the key, CSR, and/or certificate from the server instead of having it emailed to you, uncheck the box labeled "When complete, email me the certificate, key, and CSR."

  4. Select the Key Size.

    The key size determines the level of encryption used in the key. Check with the issuer to determine the key size for the certificate if you are going to be installing a signed certificate.

  5. Enter the Host or Domain that needs the certificate.

    SSL Certificates are generated for specific fully qualified domain names. This will need to be the same name that you will use in the link that takes you to the secure page.

    Note: For SSL purposes "www.domain.com" and "domain.com" are two separate entities and may not be covered by a single SSL certificate.
  6. Enter the City, State, Country Code, Company Name and Company Division.

    The standards for SSL certificates are designed to accommodate small businesses as well as large multi-division corporations.  If you are generating a certificate for a small business or personal use, you may enter an arbitrary value that is related to your site for the Company Division value.

  7. Enter your Email Address to be encoded in the certificate.

  8. Click the Create button.
  9. After clicking create, you will be presented with the results page with three fields:

    • In the Signing Request box is the CSR. (If we are generating the CSR to have a signed certificate generated for the site, this is provided to the third-party issuer.)
    • Under Certificate is the certificate itself.
    • Under Key is the RSA Key.

     

    Note:  You may copy and paste these items into a text file for future reference. However, the RSA.key should NEVER be emailed, shared or used anywhere but on the server hosting the SSL.

To create a self-signed cerificate via WHM:

  1. Click the SSL/TLS link.

  2. Click the Generate a SSL Certificate and Signing Request icon.

  3. Follow steps 3 through 9 as above to create the certificate.


To retrieve SSL information:

  1. Click the SSL/TLS link.

  2. Click on the SSL Storage Manager icon to pull up information on any installed certificates.

SSL certificates are most commonly used for websites, but can also be used for other services on VPS and Dedicated servers.  Self-signed certificates are pre-installed for these other services on VPS and Dedicated servers. These services can be configured to use a signed certificate.

Note: Only one SSL certificate can be installed per IP address.  You may need to move the site to a dedicated IP address if there is already a certificate installed on a domain using the current IP address. For more information on dedicated IP addresses, see:

 

 This tutorial will show you how to manage SSL Certificates in WHM.

Video