Installing a third-party SSL certificate on your website is a critical step for ensuring the security and integrity of the data between your website and its visitors. cPanel, one of the most popular web hosting control panels, makes it relatively straightforward to install an SSL certificate from an external Certificate Authority (CA). In this blog, we will tell you the process step-by-step.
This blog is a part of our cPanel server management services where we make sure your cPanel server works efficiently with any issues.
Table of Contents
Understanding SSL Certificates
SSL (Secure Sockets Layer) certificates are digital certificates that authenticate the identity of a website and enable an encrypted connection. This is important for protecting sensitive data, such as personal information and credit card numbers, from being intercepted by malicious parties.
Steps to install a third-party SSL certificate with cPanel
Step 1: Generate a private key and CSR
If you haven’t bought an SSL certificate, you need to create a private key and a Certificate Signing Request (CSR) first.
Here’s how you can create a private key and CSR:
1. Log into your cPanel account.
2. Navigate to the SSL/TLS Tool:
- If your cPanel uses the Jupiter theme, find the SSL/TLS option under the Security section on the Tools page.
- For the Paper Lantern theme, look for SSL/TLS in the SECURITY section on the cPanel home page.
3. Generate a Private Key:
- Go to “Private Keys (KEY)” and click on “Generate, view, upload, or delete your private keys.”
- On the Private Keys page, make sure “RSA” is selected as the Key Type, ideally with a 2,048-bit size.
- Enter a name for your key in the Description box, like “SSL cert private key,” for easy identification.
- Hit “Generate” to create the private key, which cPanel will then display.
4. Proceed to Generate a CSR:
- Click “Return to SSL/TLS.”
- Under “Certificate Signing Requests (CSR),” select “Generate, view, or delete SSL certificate signing requests.”
- For “Generate a New Certificate Signing Request (CSR),” choose the private key you created earlier from the Key list.
- Enter the domain you wish to secure in the “Domains” textbox.
5. Fill Out the CSR Details:
- Complete the necessary fields for your CSR.
6. Finalize the CSR:
- Click “Generate” to create the CSR, which cPanel will display.
- Copy this CSR text to submit to your SSL provider.
Once you receive your SSL certificate from the provider, you’re all set to install it and activate SSL on your site. Follow the next steps for the installation and activation process.
Step 2: Install a private key
If you’ve already got an SSL certificate from a different provider, along with the private key and certificate file, the first step is to install the private key through cPanel. Here’s how you can do it:
1. Log Into cPanel: Start by signing into your cPanel account.
2. Access the SSL/TLS Tool:
- If your cPanel theme is Jupiter, navigate to the Security section on the Tools page and click on SSL/TLS.
- For the Paper Lantern theme, find SSL/TLS under the SECURITY section on the cPanel home page.
3. Go to Private Keys (KEY): Click on “Generate, view, upload, or delete your private keys” to open the Private Keys page.
4. Uploading Your Private Key:
- To upload a new private key, you have two options:
- Paste Method: Paste your private key directly into the textbox labeled “Paste the key into the following text box”. Enter a description for your key in the “Description” textbox, then click “Save”.
- File Upload Method: Click “Browse”, select the .key file from your computer, enter a description in the “Description” textbox, and click “Upload”.
5. Go Back and Return to SSL/TLS: After uploading, click “Go Back” and then return to the SSL/TLS main menu.
With your private key installed in cPanel, you’re set to move on to the next step: installing your SSL certificate and activating SSL on your website. Follow the installation instructions to complete the process.
Step 3: Install the certificate and activate SSL
Now that you have your private key set up and have received your SSL certificate from the third-party provider (and possibly a CA bundle as well), you’re ready to install the certificate and enable SSL on your website. Here’s how to proceed:
1. Navigate to the SSL/TLS Page:
- Go to the SSL/TLS section in cPanel.
2. Access Certificates (CRT):
- Click on “Generate, view, upload, or delete SSL certificates” to get to the Certificates page.
3. Uploading Your SSL Certificate:
- You have two options to upload your new certificate:
- Paste Method: Directly paste the certificate text into the box labeled “Paste the certificate into the following text box”, enter a description for easy identification, and click “Save Certificate”.
- File Upload Method: Click “Browse”, choose the .crt file from your computer, type a description in the corresponding text box, and hit “Upload Certificate”.
4. Return to the Main SSL/TLS Menu:
- Click “Go Back”, then return to SSL/TLS.
5. Install the SSL on Your Website:
- Under “Install and Manage SSL for your site (HTTPS)”, select “Manage SSL sites”.
- Click “Browse Certificates”, choose the certificate you wish to install, and then click “Use Certificate”. cPanel will automatically fill in the Certificate (CRT) and Private Key (KEY) fields.
- From the Domain list box, select the domain that you want to secure.
- If your certificate came with a CA (Certificate Authority) bundle, paste it into the “Certificate Authority Bundle (CABUNDLE)” field. If not, you can leave this blank.
6. Finalize the Installation:
- Click “Install Certificate”. cPanel will install the certificate on your server and activate SSL for you. A confirmation message, “SSL Host Successfully Installed”, will appear once the process is complete.
- Click “OK”. Your domain is now secured, and you can access it using the “https://” prefix in any web browser.
This process ensures your website’s communications are encrypted, enhancing security for you and your visitors.
Troubleshooting Common Issues
- Mismatched Domain Name: Ensure the domain name on your certificate matches exactly with the domain for which you’re installing the certificate.
- Incomplete Chain of Trust: This occurs if the CA bundle is not correctly installed. Double-check that you’ve included the CA bundle in the installation process.
- Expired Certificate: SSL certificates have an expiration date. If your website’s SSL certificate has expired, you’ll need to renew it with your CA.
Conclusion
Installing a third-party SSL certificate on your website using cPanel is an essential step toward securing your site and building trust with your visitors. By following the steps outlined in this guide, you can ensure a smooth installation process and protect sensitive data from potential threats. Remember to regularly check your SSL certificate for expiration and stay updated with any changes in SSL/TLS standards.