Self-signed certificates will produce a pop-up error in browsers which can be annoying to the users but provide the same security level as a purchased SSL certificate. I find the pop-ups annoying, so I usually just buy a cheap SSL certificate from RapidSSL or similar provider.
So, you’ve purchased your first SSL certificate, received an email from Certificate Authority but have no idea where to head next?
- First of all, log in as root to WHM panel at http://yourdomain.com:2086
- Go to SSL/TLS in the Main screen
- Click Generate SSL Certificate and Signing Request icon
- On the Create a New Cert form enter all corresponding and actual information. Make sure to enter the exact domain name that you are going to secure. In most cases, cpanel.yourdomain.com will not be covered by the certificate issued to yourdomain.com
- Click the Create button
- Copy your certificate information to the safe location
- At your SSL certificate provider’s website, find instructions on how to complete the SSL certificate signing process (this process is different for different providers and certificate types)
- Follow your SSL certificate provider’s instructions on how to retrieve your signed SSL certificate information
- In order to assign an SSL certificate to your WHM/CPanel/WebMail, return to your WHM as root and go to:
Main >> Service Configuration >> Manage Service SSL Certificates
section and click the corresponding link “Install new Certificate”. Keep in mind that this is NOT the way to install SSL certificates for your customers but to install on your own WHM/CPanel.
- Remove the text from the first textbox on the form and replace them with the .crt file (SSL certificate) received from your SSL provider. You want to double-check that the certificate you are pasting is the one provided by your Certificate Authority and not your own self-signed certificate.
- Paste the .key file into the second text box. (If your .key file is already on your server, click the Fetch button to find and install the file. Alternatively, you may enter your domain name in the appropriate text box or press the Browse button, which will cause WHM to display your domain name(s). Select the appropriate domain and click Use Cert to use the domain’s existing .crt and .key files.)
- Paste the ca bundle in the third box. (This is an optional field.)
- Click Submit at the top of the page.
- Return to Main >> Service Configuration >> Manage Service SSL Certificates and make sure that “Self Signed: NO” for the section that you were installing SSL certificate. If it reads as “yes” you will still get a crossed lock sign in your browser. Return to your certificate authority, copy the SSL certificate including BEGIN and END lines and paste it to the first text-area again. Repeat step 4.