Page tree
Skip to end of metadata
Go to start of metadata

This Knowledgebase article was created to help you with installing a Secure Socket Layer Certificate for an added layer of security to the web traffic on your server.


Also known as an SSL, these certificates are generally required when operating or hosting any sensitive data such as credit cards, social security numbers, bank accounts and private or personal information.


The SSL will add a layer of security by encrypting the internet traffic between a server and a end user. All SSLs have the following attributes:

  • Private Key:  Stored on the server, should never be divulged, copied, sent in an email, text or any other form of communication. This is the unique key that makes the SSL secure, and must remain unique to the server.

  • Public Key: Used when verifying the server's Identity.

  • CSR: Used to issue an SSL, will contain information such as address, domain and country.

  • Certificate: Issued from an authorized certificate authority.

All of this information is stored on the server that the domain/content is hosted on. This will appear in your web browser as a green padlock, which indicates that the server has a properly authenticated and working SSL Certificate. For example:

The most important part of any SSL is the issuer. Although the private key is important, there are several ways to generate self-signed SSLs for use, especially for smaller types of hosting setups or private domains. In order for the green padlock to appear in your URL, your SSL needs to be signed by a trusted CA (Certificate Authority). We have partnered with Comodo® as our SSL issuer to provide trusted certificates from a valid Certificate Authority. We highly recommend working through our partnership to make sure that any SSLs you purchase will properly protect your websites.  

The most important part of any SSL is the issuer. Although the private key is important, there are several ways to generate self-signed SSLs for use, especially for smaller types of hosting setups or private domains. In order for the green padlock to appear in your URL, your SSL needs to be signed by a trusted CA (Certificate Authority). We have partnered with Comodo® as our SSL issuer to provide trusted certificates from a valid Certificate Authority. We highly recommend working through our partnership to make sure that any SSLs you purchase will properly protect your websites.  


The first step to adding or renewing your SSL will involve what’s called a CSR, or Certificate Signing Request. This can be done from the Commandline, WHM/CPanel and on Windows Servers.







Generate a Private Key and CSR in WHM

First, log into your WHM manager as ‘root’ at https://yourserversip:2087. If you don’t have an SSL for your server’s hostname, you’ll see a warning that the connection is not private. In this Chrome example, you can continue with the advanced option, and proceed anyway:

For WHM, you will use the root user and the root password provided by us. If you choose to copy and paste these, make sure there is no whitespace before and after the password characters, otherwise the system will not accept your entries.

Once logged in, you can search SSL in the search bar. Then, click “Generate an SSL Certificate and Signing Request”:

 

Next, complete any of the empty fields with the required information.


****DO NOT PUT IN A PASSPHRASE****. Passphrases stored in CSRs are not encrypted, which means third-party attackers can easily read these passphrases and these are generally not needed.


Enter the empty fields on the form with the following information:

Email Address - If you would like the CSR emailed to you

Domains - You can put one domain/subdomain only

City

State

Country

Company Name

Company Division

Email - Enter an email address at which the Certificate Authority can contact you to obtain verification of domain ownership.

100TB example:

Click “Create” once you have entered all of the important information. This process will generate a CSR and matching private key.
You will need to copy the Signing Request (CSR) ONLY:

Generate a Private Key And CSR Via Command Line

If you’re not using WHM/CPanel software, you can use command line to generate the private key and CSR necessary to get an SSL on your server.

First, make sure you have openssl installed.

Note - Openssl is installed in conjunction with an Apache Web Server (HTTPD) installation.

Ubuntu /Debian

#> sudo apt-get install openssl

CentOS /RedHat

#> yum install openssl
  • Note: This is typically installed on CentOS by default.

  1. Create a Private Key to store on the Server
#> openssl genrsa -des3 -out (private key name goes here).key 2048

2. Enter a passphrase for the .key:

Enter anything you’d like, but note that it needs to be at least 4 characters long.

3. Generate a CSR (Certificate Signing Request)

#> openssl req -new -key test_private.key -out  test.csr

You will be asked to fill out the following fields:

    • Country Name (2 Letter code):

    • State or Province (eg, city) []

    • Organization Name (eg, company) []:

    • Organizational Unit Name (eg, section) []:

    • Common Name (e.g. server FQDN or YOUR name) []:(your domain name for the SSL here)

    • Email Address []:

Note, a challenge Password or optional company name is not necessary to complete and can be left blank.

Once you have completed the required fields, a .csr file will be created. You can use the commands cat or less to view the contents of the file and copy the CSR.

First type “ls” to list out the files in the current directory.

Then you can view what’s inside by using the command:

#> cat example.com.csr

 

With your mouse, highlight the certificate from ---------BEGIN all the way till REQUEST------

In PuTTY, this will copy to your clipboard.

 Request Your SSL in Console

  1. Log into https://console.100tb.com


  2. Click on the apps dropdown tab, click SSL and then the [+]Add button:

  3. Next, enter the hostname (Domain name) you'd like to create an SSL Certificate for. This is often referred to as the Common Name or CN of the certificate. For example, if you want your secure URL to be https://secure.example.com/, enter secure.example.com. Or if you prefer https://www.example.com/, enter www.example .com. Make sure to replace example.com with your own hostname/domain name.
  4. Paste the CSR into the space provided:

Once you have Entered in the Domain/Hostname and pasted the Signing Request from WHM, click “Step 2”.  You will be prompted to select an email address that the SSL can be verified with.

IMPORTANT! Make sure that the email you select is in the dropdown list provided and is able to receive email. Our SSL issuer Comodo requires that you have a working admin email.

Once you click “Create SSL Cert” it may take some time for the SSL issuer to provide it for you in your account. You will need to check your email for a verification email from Comodo.

You will be able to download this once Comodo has issued, it and you’ll be able to view it within your https://console.100tb.com/#/apps/ssl list.

Contact Support

If you have any questions about this process, please contact our technical support team by opening a chat or creating a ticket