Setting Up An SSL Certificate
Need Help?
If you would like us to install your SSL certificate, please submit a ticket to Technical Support and include the following items:
- Certificate Key
- Private RSA Key
- Intermediate Certificate (CA Bundle) (if applicable)
Please note, there is a $50 installation fee if you'd like us to install your SSL certificate.
If you plan on purchasing an SSL certificate from a third-party, here is a summarized version of the steps you need to take (detailed instructions can be found after this):
- Generate a CSR and RSA from cPanel
- Order the SSL certificate using the previously generated CSR
- Follow the SSL provider's instructions to authorize the SSL certificate
- Once you receive the certificate key, install the certificate from cPanel
Generate CSR and Private RSA Key
Please Note
If you purchased an SSL certificate from us, you do not need to generate a CSR or RSA. These are generated automatically for you, and a copy of both are sent to you via email. If you can't find your CSR or RSA, go to the Support Center, click on the Create Ticket link, and select SSL Certificate Issue from the list of options. Enter the domain name you purchased the SSL certificate for and click the Continue button. On the next page you can view the CSR and RSA associated with the domain.
- Log in to your domain's cPanel, and click on the Generate CSR link.
- Select the domain you want to generate a CSR for from the Domain dropdown.. It is important to note that your SSL certificate is bound to a single hostname, e.g.
www.yourdomain.com,yourdomain.com,sub.domain.com. - Fill in the rest of the fields with the appropriate information. Here is an example of how this might look:
Company Crucial Web Hosting, Ltd.
Division None
City Phoenix
State AZ
Country US
Email Address webmaster@crucialwebhost.comPleaese note, the country must be the ISO-2 country code. Your state should also be abbreviated, but some SSL providers require that you spell it out.
After you hit the Generate button, your CSR and RSA will be listed at the bottom of the page, and it will look something like this:
-----BEGIN CERTIFICATE REQUEST-----
MIIDCDCCAfACAQAwgagxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJBWjEQMA4GA1UE
BxMHUGhvZW5peDEiMCAGA1UEChMZQ3J1Y2lhbCBXZWIgSG9zdGluZywgTHRkLjEU
MBIGA1UECxMLU1NMIE1hbmFnZXIxEzARBgNVBAMTCmRvbWFpbi5jb20xKzApBgkq
hkiG9w0BCQEWHHdlYm1hc3RlckBjcnVjaWFsd2ViaG9zdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGTPg63cJXNV0cN8eMPyMzhN2hayFza8FG
pGoRczh7+VAu5cSQbiTXdLvjAv2sJyvDppdS2a+3FJYfwUDvNGWLMG2rEhHF2W3T
rL9AQkA1sYpucDuahTQlSsLDyWPVLMpzDDD73kpR8LECwNSenpw5UxZEvYHRz1SU
xs5od4svDgwLyN3nRZ6XVAIVpcW0LRYS4J8eFoJcvDaUPXeq74wVL0iCXpGiKtpb
yWscXkuIFdyH+jzuHuCNNA0mJ+Dj8UIXOQIKFtEqclAynuE2aYxfiyEeZq7ogeik
qkm0g3dc55twrc0vOaClLbtjopJND0WAlFtuyQHmjliXMYS8lY2HAgMBAAGgGjAY
BgkqhkiG9w0BCQcxCxMJYWJjZDEyMzQ1MA0GCSqGSIb3DQEBBQUAA4IBAQCr1OO8
YKQeh5fyHKygO5o8XmI7EJFgm7UpYVpf+cd2c1oagcTvQOijJ3UMKwsurkeRvQ6n
8tqCEl/ZvGblcvvlmtQOiXbdGkJSIrWg1wG0EMxBsWe15FMEeZeXnFxapDaVOAKZ
6Age31U8Dtj/oCZsg0fvmql0aeCb8gYbvHCTMYl2PrFEgE4ij/gf72kjipvJerfm
uSm68eQizbTz4iTHnOK34Yjp/+2PkRpc9HiFNxGwP4900fXaTvUk6A8sMAu9JJFl
xibRn+YfxIi7oGRFlUcjgoep/HgK5S/Tyjj7NeTEj1qw8gbdD+dVr004jLDmD6of
gK31DnbmBmTLwSR+
-----END CERTIFICATE REQUEST----------BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxkz4Ot3CVzVdHDfHjD8jM4TdoWshc2vBRqRqEXM4e/lQLuXE
kG4k13S74wL9rCcrw6aXUtmvtxSWH8FA7zRlizBtqxIRxdlt06y/QEJANbGKbnA7
moU0JUrCw8lj1SzKcwww+95KUfCxAsDUnp6cOVMWRL2B0c9UlMbOaHeLLw4MC8jd
50Wel1QCFaXFtC0WEuCfHhaCXLw2lD13qu+MFS9Igl6RoiraW8lrHF5LiBXch/o8
7h7gjTQNJifg4/FCFzkCChbRKnJQMp7hNmmMX4shHmau6IHopKpJtIN3XOebcK3N
LzmgpS27Y6KSTQ9FgJRbbskB5o5YlzGEvJWNhwIDAQABAoIBAA/h4EvOsR8M/h0h
dpEMCYS50op4KyC0c7F1v60QHmkHid2Ht5udxsOe7OF8vtaH+KBd+ma/Wqx+MJvw
fYPrHWrtgQsfkl7XUE2Q22yJId1rD9xSjuOMYaXO/BR0T9OmF7zpMA8sOaWgcnz2
9tCRgY+x0OnGh9xHD84ush9526L0B+xTWulgBRIIwXh1Gv6MrUpFTAHpDwsF2z0u
7+p/yEi+vuQUDw9d734fWz+gUMeuxDdMK468OPD2o4ys9tBYitZqxSVoEqhGlbCH
tUqtCXaEkhNnJDqQdSGuiz/7AbJdGX5+K6NAxix4jR09VD7JXrQAV3avvNHoQGvJ
5SQ9k4kCgYEA7aWgTdI4yBsAxlLdMXCzEAJOnvZH9i3sajGfVVALopffqiGd8ZWd
FWJWCUL4zIiPMYju3JsgpJ/qZVWJHROS2nkybRVgGX0T33/d4ujw1ZwSGw1W0TIJ
AvMX2ajN5GyX+9ZpQKEkrNwI1hKs9peQpbTN36Dn62sIiomdMoD8Y/UCgYEA1Z1z
j7SJCU126MppmX+5oQ/oXF8ordS8eOMSi9NrKkfbODX7iLc0VHTZZLpAwGaBEG/u
UNHPFo8himP7TwpjnUSAPQ/FZP44QQsPIi3zBno3frpWENbfIvGG4dolLZ91VJzF
fmQFX5tcg+Gw0TSP9n46GPGR6FBCVpxEuuOg+gsCgYEAr+lqQDDc10Mlz6iHE5HY
+oC6sfCcVB6qYfFZgE1AT5scdVNtFuco4CtqhHCOuthbJs+2AJbUEwhM+bXXSS60
BgSwzw6DlFqB229LUCweGgDtZhj5quDeytAnV3cc8XlxB3ovbyfZfhtibxRj9CU9
bWvo+SCijCEusV4sfrX8HgECgYEAnmIv3M0vDgaxs8jgoz9gk1sIHfUwZDLny3oR
tjr7qk287OCZr7SmyDgbN+QhPobCCz3ypVnrAf7+D24yV1iMo3621o9q/IbBjvh0
MBOBrbvQidX/Gl029OG/8JWeG0Wv6RyUEjJ3CXxYDDC6uWMPmuPcj8INPQLFLRKQ
o0FDiiECgYAROhJILko716z3/DixpxxV6GrC0wHkVc7LgeUR2aFzsCOi+y4d02T8
mf5d/WJdJXGzGup4lP8SKgFOxu0zAclXqI1MI7ISUVGjwz2rR+cbgH8owoW1/qmk
UKpN3Q5MOf0bx0HhUKLGw3tSIugSOyZQU7Q1QRrv5YWTJ2fWcZ6ETA==
-----END RSA PRIVATE KEY-----Please copy and paste these to a text file and save it on your local computer for future reference (you can also view these from the SSL Manager link in cPanel).
Ordering Your SSL Certificate
Now that you have your CSR and RSA, you can order an SSL certificate from a third-party provider. You will only need the CSR at this time, as the RSA is used later when installing the certificate on the server.
Typically when you order an SSL certificate, an authorization email is sent out to the address listed in the Whois contact information for the domain (you can view this by doing a Whois lookup on your domain). Instructions are listed in the email on how to validate the order, which is usually done by clicking on a link.
Once you've verified the order, another email is sent out that contains the actual SSL certificate. This is what you use, along with the RSA and Intermediate Certificate to setup the SSL on the server.
Installing Your SSL Certificate
Please Note
Some providers do not show you the data that you need to paste, instead, they just give you files that contain the necessary information. You will need to open the files with a text editor to view the data. The CSR ends in .csr, the certificate ends in .crt, the RSA ends in .key, and the Intermediate Certificate usually ends in .cabundle. The Intermediate Certificate can contain one or more certificate strings, so make sure you copy and paste the entire thing!
- Once you've received your SSL certificate from your SSL provider, go back to main page in cPanel and click on the Install SSL Certificate link.
- Select the domain that you ordered the SSL certificate for from the Domain dropdown.
- Paste the certificate key, which was sent from your SSL provider, in the Certificate box.
- Paste the RSA in the Private RSA Key box.
- Paste the Intermediate Certificate (or CA Bundle) in the Intermediate Certificate (CA Bundle) box. This is optional, but most providers have one. This is usually included in the email that contains the certificate key. If not, you will need to ask your third-party SSL provider what it is. If there is no mention of a CA bundle, then you most likely do not need one.
- Click on the Install Certificate button.
Verify SSL Certificate
You can verify that your SSL has been installed correctly by going here. For Server Hostname, enter the domain you entered when you generated the Private RSA Key, e.g. www.yourdomain.com, yourdomain.com, sub.domain.com, and click the Check SSL button. The main reason this fails is because no Intermediate Certificate was entered when you installed the certificate. You will need to reinstall the certificate with the appropriate information.
Related Articles
Installing A Wildcard SSL Certificate In cPanel
How to install a wildcard SSL certificate in cPanel and setup subdomains on the certificate using a single dedicated IP address.