X
    Categories: Internet

How to Install SSL Certificates

Installing SSL certificates may become a tedious task. Especially if you are a beginner, the SSL certificate installation will be a headache. It varies on different server types and the software your server is running on. For those who are still struggling to install an SSL certificate on their web server, we have prepared an in-depth article covering almost of the most used methods. These methods will allow you to easily apply SSL on your website without sweating much. Make sure that you chose the method which works on your server.

How to Install SSL Certificates on your Website

cPanel

cPanel is one of the widely used web hosting interfaces which is incredibly easy to use and flexible as well. To install an SSL certificate using cPanel, follow these steps.

Before starting the process, make sure that you have already generated the CSR from your cPanel. Also, make sure that you have received your certificate from your SSL certificate provider.
  1. Login to cPanel.
  2. Click on SSL/TLS Manager option located in Security section (If you can’t find it, just search in the search box.)
  3. Click on Manage SSL Sites option under Install and Manage SSL for your website (HTTPS) section.
  4. Copy the certificate code you received from the Certificate provider through email or other methods and paste it on the next screen under correct sections. Usually, a file with the name *example.com*.crt  include your certificate keys to copy.
  5. Then, click on the Autofill by Certificate button, which appears next to the certificate that you just entered, and the system will attempt to fetch the details such as the domain name and private key. If it fails to fetch the details automatically, choose the domain from the drop-down list and manually enter the certificate and private key into the corresponding boxes (You can find the private key in your SSL/TLS Manager screen on the screen.
  6. Now, copy-paste the chain of intermediate certificates (CA Bundle) into the box under Certificate Authority Bundle (CABUNDLE). Tick the checkbox ‘Enable SNI for Mail Services’ only if you want to use this certificate for Mail Services.
  7. Finally, click on the Install Certificate button.

That’s it, your SSL certificate is now successfully installed on the server for your website. Check it yourself by trying to access your site view https://example.com.

WHM

  1. Log in to your WHM account.
  2. After logging in, search for an option namely, Install an SSL certificate on a domain name. You could either browse manually or use the search box.
  3. A new screen will show up with the options such as Domain, Certificate, Private Key and Certificate Authority Bundle. Fill all those details.
    • Domain: The domain which the SSL issued for.
    • Certificate: The certificate that you received from the registrar (Usually comes like  example.com.crt).
    • Private key: The CSR that you have generated recently. Look at our article on generating CSR using cPanel.
    • Certificate Authority Bundle: It will also be included with the certificate (Usually will be like .ca-bundle).
    • Only check the Enable SNI for Mail Services if you need SSL for mailing services.
  4. Click install button.
  5. That’s it, you’ve successfully installed SSL on WHM.

Plesk

Plesk SSL certificate installation could be completed by following these steps.

    1. Log in to Plesk Panel.
    2. Go to the Websites & Domains tab and select the domain you want to secure.
    3. Click the Secure Your Sites option.
    4. Select the SSL certificate that was created during the CSR code generating. You could easily identify it by the domain name. If your Private Key and the CSR was not generated on the Plesk, click on the Key icon near the domain name and upload the private key.
    5. On the next page, click on the Browse button under Upload Certificate Files section and locate the certificate and the CA bundle files.
    6. After both files are chosen, click on Send Files.You could also copy-paste the certificate and the CA bundle into the Upload the certificate as text section and click on Send Text.
    7. Go back to the Websites & Domains tab.
    8. Click on Hosting settings next to your domain name.
    9. A new page will show up. In the Security section, select the certificate and check the SSL Support checkbox.
    10. Finally, click OK at the bottom.
    11. That’s it, you’ve successfully installed SSL certificate on Plesk

Apache

If you have an Apache server and wanted to install an SSL certificate on it, here are the steps which you should follow.

  1. Upload the certificate to the server: You might have received two files (In most of the cases) as *yourdomain*.crt and*yourdomain*.ca-bundle from your SSL provider. Some of them may also send the CA bundle as separate files like COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt.
  2. If you received the CA certificates as separate files, combine them into a single file: Otherwise, skip this step. In our case, we are using the Comodo PositiveSSL CA certificate. So, we received three files as: COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, and  AddTrustExternalCARoot.crt.Run this command in the terminal for combining them into a single file named bundle.crt:
    $ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
  3. Edit the Apache VirtualHost file: Do not copy-enter these lines, the final code example is shown below. As it varies server to server, it needs a little explanation.
    • The location of the Apache configuration file varies server to server. For the Fedora/CentOS/RHEL it will be on /etc/httpd/conf/httpd.conf. For the Debian and Debian based servers, it will be on /etc/apache2/apache2.conf. The name of the configuration file may also vary as httpd-ssl.conf, ssl.conf, and default-ssl.conf.
    • You should add a record for port 443 in your VirtualHost. If your server running Ubuntu on Apache the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/. Edit or create the file with the VirtualHost for 443 port to set up the secure connection. Simply copying the port 80 file and changing the port to 443 will do the trick. After changing the port, these are the lines to add in the file.
    • SSLEngine on
    • # SSLCertificateFile should be pointed to the certificate file that is issued for your domain name.
      SSLCertificateFile "/ssl/*yourdomain*.crt"
    • # SSLCertificateKeyFile should be pointed to the Private Key, which has been generated with the CSR code that you have used for the activation of the certificate.
      SSLCertificateKeyFile "/ssl/*your_private_key*.key"
    • # SSLCACertificateFile should be pointed to the file with combined CA certificates. In the example, we have combined CA certificates in the file bundle.crt In the older Apache versions (2.4.8 and earlier), the directive might be called SSLCertificateChainFile instead.
      SSLCACertificateFile "/ssl/bundle.crt"

      Complete VirtualHost record for port 443 may look like this (Remember, this is just an example.)

      Listen 443
      <VirtualHost _default_:443>
      DocumentRoot "/var/www"
      ServerName *your_domain*
      SSLEngine on
      SSLCertificateFile "/ssl/*your_domain*.crt"
      SSLCertificateKeyFile "/ssl/*your_private_key*.key"
      SSLCACertificateFile "/ssl/bundle.crt"
      </VirtualHost>
  4. Finally, save the file and restart the Apache server with the following command
    sudo service apache2 reload
In the case of using a multi-domain or wildcard certificates, you have to modify the configuration files for each domain/subdomain. Also, you have to specify the domain/subdomain you need to secure and refer to the same certificate files in the VirtualHost record using the same steps described above.

Nginx

This guide will assist you in the installation of your SSL certificate on Nginx. We have used a Comodo PositiveSSL as an example below. However, the steps remain the same for all SSLs.

  1. Upload the certificate to the server: You might have received two files (In most of the cases) as *yourdomain*.crt and*yourdomain*.ca-bundle from your SSL provider. Some of them may also send the CA bundle as separate files like COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt, AddTrustExternalCARoot.crt.
  2. Combine all the certificates into a single file: Unlike Apache, the Nginx required to have all the certificates (one for your domain name and 3 CA certificates) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates. Here is an example of the code (We used the positive SSL from Comodo).
    $ cat *yourdomain*.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> cert_chain.crt

    If you have a complete CA Bundle file, replace the last three separate file names with the name of your CA Bundle file. It will look something like this.

    $ cat *yourdomainname*.crt *yourdomain*.ca-bundle >> cert_chain.crt
  3. Edit your Nginx VirtualHost file: By default, the configuration file is named nginx.conf and placed in any of the /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx directories.
    • Add a port for 443 in your VirtualHost (If you do not have already). Just duplicate the record for port 80 (It will be in VirtualHost file by default) and change port 80 to port 443. Then, simply add it below the non-secure module. After changing the port, here are the lines which you should add next.
    • ssl on
    • # ssl_certificate should be pointed to the file with combined certificates in step 2.
      ssl_certificate /etc/ssl/cert_chain.crt;
    • # ssl_certificate_key should be pointed to the Private Key generated with the CSR code from your hosting panel. Read about generating CSR in cPanel.
      ssl_certificate_key /etc/ssl/*your_private_key*.key;
    • Completed VirtualHost record for port 443 may look like the one below:
      server {
      listen 443;
      ssl on;
      ssl_certificate /etc/ssl/cert_chain.crt;
      ssl_certificate_key /etc/ssl/yourdomainkey.key;
      server_name  yourdomain_com;
      access_log /var/log/nginx/nginx.vhost.access.log;
      error_log /var/log/nginx/nginx.vhost.error.log;
      location / {
      
      root /var/www/;
      index index.html;
      }
      
      }
  4. Restart Nginx in order to apply the changes. Use this command.
    nginx -s reload
In the case of using a multi-domain or wildcard certificates, you have to modify the configuration files for each domain/subdomain. Also, you have to specify the domain/subdomain you need to secure and refer to the same certificate files in the VirtualHost record using the same steps described above.

IIS 7

To install an SSL certificate on IIS 7 server, we are going to use the Internet Information Services Manager or simply the IIS Manager. Here are the steps.

  1. Open the IIS Manager by going to Start > Administrative Tools > Internet Information Services (IIS) Manager.
  2. Click on the Server Name on the left panel.
  3. Then, double-click on the Server Certificates option displayed on the right side.
  4. Click on the Complete Certificate Request option at the right Actions section.
  5. Now, the Complete Certificate Request wizard window will open up. There browse the validated certificate file location. Also, choose a Friendly name for your certificate which helps you to quickly identify the certificate (You could type anything. If, you face any problems during the certificate importing, read this guide to fix it.
  6. After successfully adding the SSL certificate, you have to bind it with the website. To do this,
    • Open the IIS Manager screen and select the website you want to apply the certificate to.
    • Click on the Bindings option from the Edit Site submenu placed under the Actions section on the right sidebar.
    • Now, the Site Bindings window will open up. Click the Add button.
    • Now, the Add Site Binding window will show up.
    • Enter the details as follows,
        • Type: https
        • IP address: IP address of your site or All Unassigned
        • Port: 443
        • SSL Certificate: The certificate that you just uploaded

    • Click OK button to save changes.
    • If the “https” entry is already enabled, and visible in the site bindings area, click and highlight the “https” option. Then, click on the Edit button and, in the SSL certificate area which shows up next, select the Friendly Name that was generated earlier in the previous steps. Then, click OK.
    • Click OK on the Site Bindings screen.
  7. That’s it. You’ve successfully installed the SSL certificate on IIS 7.
  8. You should restart your website and the IIS to finish the process.

This website uses cookies.