Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This Knowledgebase article was created to help you with installing a Secure Socket Layer Certificate for an added layer of security to the web traffic on your server.


Also known as an SSL, these certificates are generally required when operating or hosting any sensitive data such as credit cards, social security numbers, bank accounts and private or personal information.


The SSL will add a layer of security by encrypting the internet traffic between a server and a end user. All SSLs have the following attributes:

  • Private Key:  Stored on the server, should never be divulged, copied, sent in an email, text or any other form of communication. This is the unique key that makes the SSL secure, and must remain unique to the server.

  • Public Key: Used when verifying the server's Identity.

  • CSR: Used to issue an SSL, will contain information such as address, domain and country.

  • Certificate: Issued from an authorized certificate authority.

All of this information is stored on the server that the domain/content is hosted on. This will appear in your web browser as a green padlock, which indicates that the server has a properly authenticated and working SSL Certificate. For example:

The most important part of any SSL is the issuer. Although the private key is important, there are several ways to generate self-signed SSLs for use, especially for smaller types of hosting setups or private domains. In order for the green padlock to appear in your URL, your SSL needs to be signed by a trusted CA (Certificate Authority). We have partnered with Comodo® as our SSL issuer to provide trusted certificates from a valid Certificate Authority. We highly recommend working through our partnership to make sure that any SSLs you purchase will properly protect your websites.  

The most important part of any SSL is the issuer. Although the private key is important, there are several ways to generate self-signed SSLs for use, especially for smaller types of hosting setups or private domains. In order for the green padlock to appear in your URL, your SSL needs to be signed by a trusted CA (Certificate Authority). We have partnered with Comodo® as our SSL issuer to provide trusted certificates from a valid Certificate Authority. We highly recommend working through our partnership to make sure that any SSLs you purchase will properly protect your websites.  


The first step to adding or renewing your SSL will involve what’s called a CSR, or Certificate Signing Request. This can be done from the Commandline, WHM/CPanel and on Windows Servers.







Generate a Private Key and CSR in WHM

First, log into your WHM manager as ‘root’ at https://yourserversip:2087. If you don’t have an SSL for your server’s hostname, you’ll see a warning that the connection is not private. In this Chrome example, you can continue with the advanced option, and proceed anyway:

For WHM, you will use the root user and the root password provided by us. If you choose to copy and paste these, make sure there is no whitespace before and after the password characters, otherwise the system will not accept your entries.

Once logged in, you can search SSL in the search bar. Then, click “Generate an SSL Certificate and Signing Request”:

 

Next, complete any of the empty fields with the required information.


****DO NOT PUT IN A PASSPHRASE****. Passphrases stored in CSRs are not encrypted, which means third-party attackers can easily read these passphrases and these are generally not needed.


Enter the empty fields on the form with the following information:


Email Address - If you would like the CSR emailed to you

 

Domains - You can put one domain/subdomain only

 

City

 

State

 

Country

 

Company Name

 

Company Division

 

Email - Enter an email address at which the Certificate Authority can contact you to obtain verification of domain ownership.


100TB example:

Click “Create” once you have entered all of the important information. This process will generate a CSR and matching private key.
You will need to copy the Signing Request (CSR) ONLY:

Generate a Private Key And CSR Via Command Line

If you’re not using WHM/CPanel software, you can use command line to generate the private key and CSR necessary to get an SSL on your server.


First, make sure you have openssl installed.

Note - Openssl is installed in conjunction with an Apache Web Server (HTTPD) installation.


Ubuntu /Debian

#> sudo apt-get install openssl

CentOS /RedHat

#> yum install openssl
  • Note: This is typically installed on CentOS by default.


  1. Create a Private Key to store on the Server

 

#> openssl genrsa -des3 -out (private key name goes here).key 2048

2. Enter a passphrase for the .key:

Enter anything you’d like, but note that it needs to be at least 4 characters long.

3. Generate a CSR (Certificate Signing Request)

 

#> openssl req -new -key test_private.key -out  test.csr

 

You will be asked to fill out the following fields:

  • Country Name (2 Letter code):

  • State or Province (eg, city) []

  • Organization Name (eg, company) []:

  • Organizational Unit Name (eg, section) []:

  • Common Name (e.g. server FQDN or YOUR name) []:(your domain name for the SSL here)

  • Email Address []:

Note, a challenge Password or optional company name is not necessary to complete and can be left blank.






  • No labels