Generating a CSR and Installing an SSL Certificate in WHM
Installing an SSL certificate on your server can be a little bit confusing, but we are going to help you with the process. In this article, we will walk you through generating the CSR, CRT, and KEY files. The CSR, CRT, KEY, and most times, the CA bundle are the necessary elements needed in order to fully install an SSL certificate on a domain. The CA bundle is dependent on the SSL issuer. Before proceeding, please note that the domain will need a dedicated IP assigned to it in order to install an SSL.
First, login into the WHM panel and type SSL in the search field in the upper left hand corner of the panel. Then click the Generate an SSL Certificate and Signing Request link in the SSL/TLS subsection of the panel:
Select the option When complete, email me the certificate, key, and CSR and add your email address in the field. This will email you the CSR and the KEY. You should always have a copy of this information in case there is an issue with the installation or if the certificate needs regenerated or reinstalled at a later date. Leave the Key Size at 2048.
Next, you need to fill out the needed information to generate the CSR. You will need to provide the Domain, City, State, Country, the Company Name, the Company Division, and Contact Email.
Finally, set the passphrase for the Shared Secrets and click Create (This only required by some certificate issuers). Also, as the warning in the screenshot indicates, do not use any actual passwords that you use for ours or other services. This is an un-encrypted password and should be unique to this SSL installation only.
The next screen will display your CSR, self-signed CRT, and KEY data.
Self signed CRT:
You will need to submit the CSR to the certificate issuer to have a validated CRT generated. Once they have sent the validated CRT you can install the certificate by doing the following in the WHM panel.
First, type SSL into the search field in the upper left hand corner as you did when generating the CSR and KEY files, only this time you will be selecting the option Install an SSL Certificate on a Domain.
Type the domain you wish to install the SSL on in the Domain field and click Autofill by Domain. This will auto-fill the fields with the CSR, self signed CRT, and KEY that you have just previously generated. Then, select the dedicated IP address you assigned to your domain.
Replace the self signed CRT with the one provided by your certificate issuer and add the CA bundle, if applicable, in the last field. Once you replace the self signed certificate with the validated certificate the error that you see in the following screen shot should no longer appear.
Once all the fields are filled click Install, to install the certificate. If you receive Key Mismatch errors when trying to submit the form with the completed fields you can manually paste the KEY text data from the previous email you received upon generating the CSR to correct this. If no errors are received you have successfully installed the SSL certificate.
After the installation and you are still unsure the installation was successful, you can also check the validity of your SSL by going to the following site and entering your domain for verification: https://www.sslshopper.com/ssl-checker.html