The first, and very important, step in installing a SSL certificate is to make sure the web site is on its own IP address. The IP address should not be shared with any other accounts.
Log in to your Web Host Manager (WHM) and find the navigation section on the left side called IP Functions. In that section click on the Show IP Address Usage link as indicated below:
Find the domain in question in the list that appears, and make sure it is the only account listed for that IP address. Example below:
Please note: The actual count of accounts may vary, but as long as there is only one primary domain name listed here you should be fine.
If the domain is NOT on its own IP address you will need to change the site’s IP. It is very important to note that you cannot just change a domain’s IP address without temporarily taking down the web site while the new DNS settings propagate across the entire internet. If you find yourself in this situation the best bet is to lower the domain’s “Time To Live” (TTL) settings to a low value like 600 seconds (you can use the WHM’s DNS zone file editor if your server is also running the domain’s DNS), and then wait until the following day to make the actual IP address change.
If your site is on its own IP address proceed to Step 2, otherwise wait until your domain has been moved to a new IP and then proceed.
A CSR is a digitally signed file that is used to apply for a SSL certificate from a certificate vendor.
Still in your server’s WHM, find the navigation section labelled SSL/TLS and click on the link marked Generate a SSL Certificate and Signing Request as indicated below:
The link will take you to a form that will ask for several pieces of information:
Address the cert will be sent to
An e-mail address that the server will deliver the finished CSR to.
An e-mail address that is also listed in the WHOIS information for the domain you are working with. Please make sure this is a valid e-mail address.
A password used as part of the encryption mechanism for the CSR. Please be sure to write down this password and/or store it somewhere safe.
Host to make cert for:
The domain name that will be using the new certificate. Please note: you will need to specify the domain name as www.domain.com (unless you are ordering a certificate for a subdomain like store.domain.com or something similar).
The city where the business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The state where the business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The country where the business/organization is located. Please make sure this matches the address information found in the domain’s WHOIS information.
The name of the business/organization. Please make sure this matches the address information found in the domain’s WHOIS information.
The department/division of a the organization that is responsible for the web site. “Online” is a suitable value if you have nothing to specify here.
The default value of 2048 is fine.
When you have finished filling out the form (and double checking what you entered for accuracy!) click on the Create button.
As long as there are no errors in your input, you will be presented with a summary page showing the three parts you just created:
1. Signing Request – The CSR
2. Certificate – A self-signed certificate generated by the server
3. Key – The Private Security Key
The server will e-mail a copy of these three parts to the e-mail address you entered above. Be sure to hang on to the e-mail or copy and paste the three parts into a backup text file as you will need them later.
The CSR is the part you will need to order the actual certificate, regardless of whether you would like Fast2host to order it or if you order it yourself through a certificate vendor of your choosing.
Having Fast2host order the Certificate
If you would like us to order the certificate and install it for you please log in to your client account at Fast2host and open a new help desk ticket. Be sure to include the name of the domain in question and we should be able to pull the CSR directly off the server. If not we may ask you to forward your copy to us or we can create a new CSR.
Ordering the Certificate Yourself
You can take the CSR and order your SSL certificate using a number of different SSL providers.
While you are at the web site of the provider be sure to grab their “Certificate Authority Bundle” (CA Bundle). While this is considered optional, it is highly suggested that the CA bundle be installed along with the rest of the certificate.
Log in to your server’s WHM, find the SSL/TLS navigation section again, and this time click on the link called Install a SSL Certificate and Setup the Domain as pictured below:
This will take you to a page that will ask for the parts of the certificate and the related domain information.
Copy and paste the CRT/Certificate into the first large text box (the certificate that you purchased, not the self-signed file we made earlier in Step 2) and then do the same thing with the RSA key we created earlier. Finally, copy and paste the certificate vendor’s CA bundle into the third large text box and click the Submit button near the top of the installation screen.
Be sure you have entered the correct certificate into the first large text box. The correct certificate that you want to use and the self-signed certificate will look very similar even though they behave very differently.
If you run into any errors after clicking submit be sure to check all of the input boxes for any unnecessary spaces or blank lines both before and after the text in the box.Congratulations, your new SSL certificate is installed and running! To test, visit your site using https:// instead of the regular http:// in front of the domain name