Introduction
This guide will take you through all the steps needed to configure and then install an SSL certificate for your domain. This is a lengthy article containing screenshots and text. It is absolutely important that you read and follow this article carefully, patiently and in full. Attempting to skim through this article and not read it fully could result in your SSL certificate being misconfigured and thus unusable. Please take the time to follow it slowly and in the order presented to you.
The SSL certificate process is broken down into several steps, so for your convenience in navigation we will create an index here allowing you to select each section easily:
Step 1. Private Key
Step 2. Certificate Signing Request (CSR).
Step 3. Request the certificate.
Step 4. Approve the certificate.
Step 5. Install the certificate.
Step 1. Private Key
If this is a brand new SSL certificate, we will first need to generate a private key. If this is an SSL renewal, you may skip this step, but please ensure you are logged in to cPanel. To continue generating a private key:
1. Login to cPanel.
2. Click "SSL/TLS Manager" under the "Security" section:
3. Under the "Private Keys (KEY)" section, click "Generate, view, upload, or delete your private keys.":
4. Choose a "Key Size" of at least 2,048 bits. You may enter a "Description" if you wish, but this step is optional. When you are ready to finally generate the Private Key, click the "Generate" button:
5. Your Private Key will now be generated. For your convenience we have included a screenshot of the final screen in this process. You should simply click the "Return to SSL Manager" button at the bottom:
Step 2. Certificate Signing Request (CSR)
Now we need to generate the CSR, which is where we specify the necessary information and domain name for the certificate.
1. Login to cPanel (you may already be logged in if you followed step 1 above).
2. Click "SSL/TLS Manager" under the "Security" section (you may already be at this page if you followed step 1 above):
3. Under the "Certificate Signing Requests (CSR)" section, click "Generate, view, or delete SSL certificate signing requests.":
4. Towards the top of the page, under "Key", select the Key we created in Step 1:
5. Underneath "Key", in the "Domains" box, enter the domain name you wish to secure with an SSL certificate. Please be sure to include the www. prefix so that the certificate will secure both the www. and non-www variant of your domain name:
6. The remaining boxes on this page are asking you for information about you or the company you are issuing the certificate for. If the SSL certificate is going to be installed on a company website, you should enter the details of the company on this page. If you are an individual or sole trader, you should enter your personal details here. If you are a web designer or developer setting this certificate up on behalf of a customer, you should enter their details and not your own. Customers within the UK should take note that under "Country", they should select "GB" as there is no option for "UK". Once you've filled in the required fields, click "Generate" at the bottom of the page.
7. Your Certificate Signing Request (CSR) has now been generated. You will need to copy the CSR into your clipboard to be used in the next step. Please be sure to copy the entire contents of the box, including the ---BEGIN CERTIFICATE REQUEST--- and ---END CERTIFICATE REQUEST--- lines:
Step 3. Request the certificate.
Now that you have generated the CSR, we can use this information to request the completed certificate from the issuer. This step assumes that you have purchased your certificate from us directly. If you have not, you will need to contact your certificate provider for details on how to use the CSR to complete the process.
1. Locate the e-mail we have sent you with the subject "SSL Configuration Required" and click the link within. If you cannot find this e-mail or otherwise do not have the link, you may configure the certificate by selecting 'My Services' in the client area, locating the SSL certificate service, clicking 'Manage' and then clicking the 'Configure' link.
2. Select "cPanel/WHM" in the box and paste the complete CSR from Step 2 above into the "CSR" box. Again, be sure to include the ---BEGIN CERTIFICATE REQUEST--- and ---END CERTIFICATE REQUEST--- lines:
3. Under the "Administrative Contact Information" section, please fill in all required fields accurately. Once complete, click the blue "Click to Continue >>" button at the bottom of the page.
4. This page will now display your contact details and ask you to confirm your e-mail address. To ensure that you are the domain owner, you may be asked to choose an e-mail address that exists under the domain name you are trying to secure, such as admin@. This is a security implementation and cannot be circumvented. It is important that the address you choose here exists and can receive e-mail. If the mailbox does not exist, we recommend you create it before continuing this step. If you choose an address here that cannot receive e-mail, you will not be able to complete the setup of your SSL certificate.
5. Once you have chosen your e-mail address, you will be informed that you need to await an e-mail from the certificate authority to confirm and approve the certificate.
Step 4. Approve the certificate.
You now need to appprove the certificate from the certificate issuer. This is a final security/confirmation step to ensure that the certificate is required.
1. Locate the e-mail from the certificate issuer. This usually has a subject containing "Certificate Request Confirmation". Once received, you need to click the approval link contained within the e-mail;
2. Confirm the details are correct and click the "I Approve" button at the bottom of the e-mail:
3. Now that you have approved the certificate, you will need to wait for the certificate issuer to complete the process and finally send you the completed certificate. Though this is typically a fast process, it may take longer outside of business hours. Please allow up to 48 hours before reporting any problems.
4. Once the order has been approved, the issuer will e-mail you a copy of the completed certificate. The certificate will usually be at the very bottom of the e-mail and will look like a giant block of code. It will always begin with the line-----BEGIN CERTIFICATE----. You should copy this entire block into your clipboard, including the "---BEGIN CERTIFICATE---" and "---END CERTIFICATE---" lines.
Step 5. Install the certificate.
This is the final step in the process and involves you installing the completed certificate to the server. You will need the completed certificate code in your clipboard from Step 4 above.
1. Login to cPanel.
2. Click "SSL/TLS Manager" under the "Security" section:
3. Under the "Install and Manage SSL for your site (HTTPS)" section, click "Manage SSL Sites.".
4. Paste the completed certificate code into the Certificate (CRT) box on this page and then click the "Autofill by Certificate" button. You may ignore the error after pasting the certificate into the box, as clicking the "Autofill" button will resolve this.
5. After clicking the "Autofill" button, it may take a few seconds for this page to update. You should note that all the text areas become pre-populated and that green ticks should appear at the sides. This means that your certificate is configured correctly and is ready to install. You may click the "Install certificate" button at the bottom of the page.
6. You should receive confirmation that the certificate has been installed.
Conclusion
Now that your certificate has been successfully installed, please allow up to 5 minutes for the server to reload and accept this certificate. After this time, accessing your website with the https:// prefix should show the green padlock symbol and confirm that the certificate is up and running.
