•   01/12/2011 5:40 PM
•  
  • Website Configuration & Programming (Apache,

---

 

Applicable Plans - All Cloud Hosting Plans

SSL Certificate Options (ISPmanager Control Panel)

Overview

SSL is cryptographic protocol that provides secure communication on the Internet for web pages and other data transfers. If you are visiting a website that has https in the URL, that website is using SSL.

There are several types of SSL certificates available - commercial, open source, and self-signed). All work in the same manner, but there is a difference in the degree of trust given to each type of SSL certificate.

• Commercial SSL Certificate - a commercial SSL certificate is issued by a Certificate Authority (CA), an entity that reviews the information you provide and verifies that you are who you say you are. Note that there are levels of verification, and generally the more expensive the SSL certificate, the more verification is done by the CA. Commercial SSL certificates come with a high degree of trust and are expected by users of e-commerce websites or any commercial website. The cost of a commercial SSL certificate is determined by the CA that issues it, along with the amount of verification that is done on the organization requesting it.

• Open Source by Let's Encrypt - these certificates are issued in much the same way as commercial certificates, except there is no charge because they are issued by a not for profit organization. By far the most successful open source SSL is Let's Encrypt. These certificates are widely used but may not be the best choice for eCommerce or sites wit high security requirements. Let's Encrypt certificates use a simple vetting procedure, carry no warranty, and have no technical support.

• Self-signed SSL Certificate - a self-signed SSL certificate functions in the exact same manner as a commercial SSL certificate, but instead of being issued and verified by a CA, a self-signed SSL certificate is created on the Virtual Server, using the details provided by the organization issuing the self-signed certificate. Self-signed SSL certificates come with no degree of trust outside of the organization that created them, and should never be used for e-commerce or commercial websites. A self-signed SSL certificate is free, but comes with no outside verification.

Commercial SSL certificates are used by websites that are selling goods or services to customers so that the customer knows the connection to the website is secure, and that the owners of the website are a legitimate business entity. Many customers will not do business with or purchase products from a website that does not use a recognized commercial SSL to secure the connection.

Self-signed SSL certificates are generally used within an organization, such as with a corporate Intranet site or a company Webmail server. These are websites that are usually not accessible by the general public, but require a secure connection for employees and staff.

Prerequisites
    Dedicated IP address
    SSL enabled for the website

Purchasing a Commercial SSL Certificate from eApps

Purchasing a Commercial SSL Certificate from a third party
    Creating a Certificate Signing Request (CSR) using the Control Panel
    Creating a Certificate Signing Request (CSR) using the command line
    Installing a third party SSL certificate from the Control Panel
    Installing a third party SSL certificate from the command line

Let's Encrypt (Free open source SSL certificates)

Self-signed SSL Certificates
    Creating a self-signed SSL certificate using a Control Panel

---

Prerequisites

In order to use SSL for your website, you will need to have a dedicated IP address for that website and also enable SSL.

Dedicated IP address

Each website that uses SSL must have a dedicated IP address. If you only have one website on the Virtual Server using SSL, you only need to have one IP address for all the sites. However, if you have multiple websites using SSL on a Virtual Server, each website using SSL must have its own IP address.

There is a Wildcard SSL certificate available that will secure unlimited subdomains using the same SSL certificate and the same IP address. This means you can secure foo.example.com, bar.example.com, and any other subdomain under the example.com main domain without having to purchase additional IPs or SSL certificates. Contact eApps Sales for more information.

If you do need to purchase additional IP addresses, see the Managing IP addresses user guide.

SSL enabled for the website

SSL must be enabled for each website that will use it. This is done from your Control Panel. Once SSL is enabled you will be able to install your SSL certificate for your website.

Enabling SSL using the ISPmanager Control Panel

The way to enable SSL in ISPmanager will differ depending on which version of ISPmanager you are using. How to tell which version of ISPmanager you have can be found here - ISPmanager versions.

• For ISPmanager 4, go to Domains > WWW domains, and click on the name of the website to select it, and then click Edit in the upper right. This opens the Edit properties of the selected WWW domain screen. Make sure that SSL is checked on this screen (near the bottom), and click Ok.

• For ISPmanager 5, go to Domains > Web-domains, and click on the name of the website to select it, and then click Edit in the upper left. This opens the Web-domain - domain name screen. Make sure that Secure connection (SSL) is checked, and click Ok.

Please see the ISPmanager documentation on how to work with SSL certificates in the control panel - SSL Certificates.

---

Purchasing a Commercial SSL Certificate from eApps

eApps sells commercial SSL certificates from GlobalSign and AlphaSSL. More information about the commercial SSL certificates sold by eApps can be found here - eApps SSL Certificates. eApps offers a wide range of SSL certificates, from a low-cost SSL certificate all the way up to an Extended Validation certificate that shows the green bar in the latest browsers. Please contact eApps Sales for more information about the SSL certificates available.

When you purchase a commercial SSL certificate from eApps, we will order and install the SSL certificate for free on any of our supported applications. However, depending on the type of SSL certificate you purchase, you may need to reply to e-mails from the CA as they verify your business details. We will also send you reminders when the certificate is up for renewal, and you will be able to manage the payment and renewal process all from your Customer Portal. eApps Technical Support will also be able to assist you with any questions or issues regarding your SSL certificate and how it works with your website.

---

Purchasing a Commercial SSL Certificate from a third party

Commercial SSL certificates are also available from many different third party vendors and at many different price points. If you purchase your SSL certificate through a third party provider, you will be responsible for ordering, installing, renewing, and maintaining your SSL certificate. If you need assistance from eApps to order or install your third party SSL certificate that will be considered a billable service.

To purchase a third party commercial SSL certificate, you will need to create a Certificate Signing Request (CSR) and provide that to your SSL vendor. The CSR can be created from a Control Panel or from the command line of the Virtual Server.

Once the vendor returns your SSL certificate, you will need to install that on your Virtual Server.

Creating a Certificate Signing Request (CSR) using the Control Panel

If you are going to purchase a third party SSL certificate, you will need to generate a CSR to give to the vendor. You can generate the CSR from the Control Panel.

Creating a CSR from the ISPmanager Control Panel

How to generate a CSR from ISPmanager will differ based on which version of ISPmanager you have installed. How to tell which version of ISPmanager you have can be found here - ISPmanager versions.

ISPmanager 4

For ISPmanager 4, you will need to become the User who owns the website. Go to Accounts Management > Users, and click on the correct user. Then click on Enter in the upper right corner. This switches you from the root user to the user who owns the website.

Go to World Wide Web > SSL certificates and click on New in the upper right corner. This opens the New SSL certificate screen.

• Certificate name - this is a name to help you identify the SSL certificate, this is NOT the domain name being used by the SSL certificate. The name has to be one word, with no spaces.

• Certificate type - this has to be changed from self-signed to request. This will change some of the options available in this screen.

• Key length - your SSL vendor should tell you what key length to use

• 2 Letter country code - you can find your two letter country code here - Country Codes. Look in A2 column.

• State/Province - this is your state, province, or administrative unit.

• City - this is your city, town, or locality.

• Organization - the name of your company or organization. Leave this blank if you do not have a company or organization.

• Organization Unit - enter your organizational unit if known, leave blank otherwise.

• WWW domain - this should be pre populated with the domain name for the website.

• Email - this is the e-mail address of the owner of the domain that the SSL certificate is being requested for.

Once you have added this information, click Ok. This takes you back to the SSL certficates screen, with the CSR listed there by name, and the Type is request.

Click on your CSR to highlight it, and then click on Download. This will download the file to your local computer as a .csr file. This is the file you will need to give to your SSL vendor so that they can create your SSL certificate.

ISPmanager 5

In ISPmanager 5, there is no way to generate the CSR from a wizard in the Control Panel. To generate the CSR, you will need use the command line. You can use the command line client built in to ISPmanager, or you can connect to the Virtual Server using an SSH client. The commands to generate the CSR are the same no matter which method you choose. You will need to be able to work as the root user.

To access the command line client in ISPmanager 5, go to Tools > Shell client. Depending on your browser, this will either open a new tab or a new browser window with the Shell In A Box client. Log in as the root user.

To access the command line using an SSH client, see the SSH User Guide. Once you are logged in, become the root user.

1. Make a directory for the SSL certificate files

You will need to make a directory to keep the files generated for the SSL certificate in one location. This will make things easier to manage.

Change directories to /root, and then create a certs directory. Change directories to the certs directory.

[root@eapps-example ~]# cd /root
[root@eapps-example ~]# mkdir certs
[root@eapps-example ~]# cd certs

2. Create the key file required by the CSR

The first file to create is a key file. This key file will be used to create the CSR, and is also one of the files that has to be available to the SSL certificate when it is installed.

Create the key file with this command: openssl genrsa -out www.example.com.key 2048 (make sure to substitute your domain name for example.com).

[root@eapps-example certs]# openssl genrsa -out www.example.com.key 2048

3. Generate the CSR using the key file

Once the key file is created, you can generate the CSR using that key.

Create the CSR with the following command: openssl req -new -key www.example.com.key -out www.example.com.csr

[root@eapps-example certs]# openssl req -new -key www.example.com.key -out www.example.com.csr

When you run this command, you will be asked several questions about your organization. You'll need to add your two letter Country Code, and you will also be asked for the Common Name. This is the exact same domain name you used to generate the private key. If you don't have an answer to a certain question, just enter a period (.).

For the Challange password question, just press Enter.

This will create a .csr file. This is the file you will need to give to your SSL vendor so that they can create your SSL certificate. To access this file, you can use the cat command to display the file on the screen where you can copy and paste it into a plain text file and give that to your SSL vendor.

[root@eapps-example certs]# cat www.example.com.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICuTCCAaECAQAwdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkdBMREwDwYDVQQH
DAhOb3Jjcm9zczEOMAwGA1UECgwFZUFwcHMxFDASBgNVBAMMC2V4YW1wbGUuY29t
MR8wHQYJKoZIhvcNAQkBFhB1c2VyQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA7EZ18t+WAnk1Y4GgnohP4dR+TdLDXKCNr0vNBSya
PCURchUlgoM2iup1zP/cnw4PpxE1t7f8Ch4qyZ04YTkg3nXgL2V3pzBKTMZPt4aE
rB2Dqd9TvGaPNJUQ813gXI8QgtVRBaEeY/yxBY3sT02lVEjxXm3HOY8gKfk2F8Ht
WXoLN5Wa0kMfETcm/eIePXMQ5nJiHFlZ0MnEefM2i9XQis3rVGPIiTgwLYktCN3Q
JTx5MLawMnDkB5iIh61y6B6JpS/vp8CcKED2IvXHynoiLWtgy4cYYnTOxFQRVFrk
pbV1IF+1U1PyYozbR3AbJSdBPtkVYjsl6/XjkkfVex4vywIDAQABoAAwDQYJKoZI
hvcNAQEFBQADggEBAEyEjqXRbckbZjxacqEx3CrPhT7EoVdaWDqTLjFGc+vbk/d7
Z+Xf21EF6ahGCDbjXbx1bjK0rSHEs7XHvjOmckTMBV3pDQBSkNBacmFrVWQ2ieB+
YbE/LkB27kJ685RiqQJa7oyfe3LsVuMbhH1kMwK32+mtVR6KNDVbgi/6+Gjz3WuV
NI4OBipMj0/KW5RnKX1FrfPJLhUOVJGjUFYT+5JwiQUn4iweCCMta07bjKgKOciZ
O2XHkfcFojvtoxHJr9AlG4ax+3JlldGH02utuwDTwVyn1hHw/DYpXugVumzrVlPo
wTvgsURveWVRwDBKL/mfGo1I1MVgsTpXE74TMjk=
-----END CERTIFICATE REQUEST-----
[root@eapps-example certs]#

Copy everything from -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----. Remember to give this to your SSL vendor in plain text format, such as in Notepad. Do not use an application like Word, because Word will insert invisible control characters into the file and render it useless.

Creating a Certificate Signing Request (CSR) using the command line

The steps to create a CSR from the command line are the same steps used to create one from ISPmanager 5.

Installing a third party SSL certificate from the Control Panel

After you deliver the CSR to your SSL vendor, they will create your SSL certificate and deliver that to you, usually in the form of several text files. You can install the files for your SSL certificate from the Control Panel.

Installing an SSL certificate from the ISPmanager Control Panel

How to install an SSL certificate from ISPmanager will differ based on which version of ISPmanager you have installed. How to tell which version of ISPmanager you have can be found here - ISPmanager versions.

ISPmanager 4

For ISPmanager 4, you will need to become the User who owns the website. Go to Accounts Management > Users, and click on the correct user. Then click on Enter in the upper right corner. This switches you from the root user to the user who owns the website.

Go to World Wide Web > SSL certificates and click on New in the upper right corner. This opens the New SSL certificate screen.

• Certificate name - this is a name to help you identify the SSL certificate, this is NOT the domain name being used by the SSL certificate. The name has to be one word, with no spaces.

• Certificate type - this has to be changed from self-signed to existing. This will change some of the options available in this screen.

• Use key - select the key that corresponds to the CSR that was generated for this SSL certificate from the drop down menu. This will remove the Private key section.

• Certificate - copy and paste the actual SSL certificate file text into this box, starting with -----BEGIN CERTIFICATE----- all the way to -----END CERTIFICATE-----. If you are not sure which of the files given to you is the actual SSL certificate, check with your vendor.

• Password - if you created a Challange password when creating the CSR, enter it here. Otherwise leave this blank.

• Certificate chain - some SSL vendors have a chain file that has to be installed. This is sometimes called an intermediate cert. If you have one, copy and paste it into this box. If not, leave this blank.

Once you have entered your information, click Ok. This takes you back to the SSL certificates screen, where you should see the new SSL certificate listed, with a Type of signed by chain.

The next step is to enable the SSL certificate for the domain. Go to World Wide Web > WWW domains, and click on the Name of the domain where you want to enable the SSL certificate, and then click Edit in the upper right.

This opens the Edit properties of the selected WWW domain screen. At the bottom of the screen will the SSL certificate. Pick the name of the SSL certificate you just installed from the drop down list, and then click Ok. This will set the website to use the new SSL certificate.

ISPmanager 5

For ISPmanager 5, go to System > SSL certificates. Click on the name of the SSL certificate shown, which should be the same as the domain name. Then click on Add in the upper left corner. This takes you to the Certificate type screen. Select Existing, and then click Next.

This takes you to the Create a certificate screen.

• Username - if you have more than one user in ISPmanager, make sure to select the correct user here. By default ISPmanager displays the users in alphabetical order, and the user you are installing the SSL certificate for may not be the user listed.

• Certificate name - this is a name that will help you identify the SSL certificate. This is NOT the domain name being used by the SSL certificate. The name has to be one word, with no spaces.

• Certificate - copy and paste the actual SSL certificate file text into this box, starting with -----BEGIN CERTIFICATE----- all the way to -----END CERTIFICATE-----. If you are not sure which of the files given to you is the actual SSL certificate, check with your vendor.

• Certificate key - you can get the certificate key two ways - either from the Shell client in Tools (see section above about creating the CSR for ISPmanager 5 - you will need to use the cat example.com.key command and copy and paste the key here) or from System > File manager. Browse to the location of the key file, select it, and then click on Edit. Then copy and paste the key file into this section.

• Certificate chain - some SSL vendors have a chain file that has to be installed. This is sometimes called an intermediate cert. If you have one, copy and paste it into this box. If not, leave this blank.

Once you have entered your information, click Finish. This takes you back to the SSL certificates screen, where you should see the new SSL certificate listed, with a Type of Existing.

The next step is to enable the SSL certificate for the domain. Go to Domains > Web-domains, and click on the Name of the domain where you want to enable the SSL certificate, and then click on Edit in the upper left.

This opens the Web-domain - domain name screen. There will be a button that says Show hidden fields - click on that button. Find SSL certificate in that screen, and select the name of the SSL certificate you just installed from the drop down list, and then click Ok. This will set the website to use the new SSL certificate.

Installing a third party SSL certificate from the command line

Each website that uses SSL will need to have a VirtualHost block setup for port 443, and that points to the location of the SSL files. You will also need to copy the key file generated for the CSR from its current location to the location required by the web server.

The location of this VirtualHost block may differ. For some Virtual Servers, the location will be in the /etc/htttpd/conf/httpd.conf file. The VirtualHost blocks for each website will be at the end of the httpd.conf file.

For other Virtual Servers, there will be a vhosts directory in the /etc/httpd/conf directory, and in that directory will be a subdirectory for each user created on the Virtual Server, and in that user directory will be a file for each website owned by that user.

NOTE - if you enabled SSL from a Control Panel, some of these steps may have already been done.

VirtualHost in httpd.conf

If the VirtualHost blocks for your website are at the end of the /etc/httpd/conf/httpd.conf file, you will need to do the following:

1. Set up NameVirtualHost on port 443

Just above the first VirtualHost block for the websites (at the end of the httpd.conf file) is this line. There will be one of them for every IP address that has a website associated with it.

NameVirtualHost IP_ADDRESS:80

You will need to add a new line just below it, using the IP address for the SSL enabled website, and using port 443.

NameVirtualHost IP_ADDRESS:443

2. Add the SSL block for the VirtualHost

Each website that uses SSL will have a separate VirtualHost block specifically for the SSL enabled website. This VirtualHost block will point to the location of the SSL certificate and key files.

Note that this example uses a user of user_name, a domain of eapps-example.com, and SSL certificate file names of ssl-cert. Make sure to substitute your user, domain, and SSL certificate file names in your production VirtualHost block.

<VirtualHost IP_ADDRESS:443 >      SSLCertificateFile /var/www/httpd-cert/user_name/ssl-cert.crt      SSLCertificateKeyFile /var/www/httpd-cert/user_name/ssl-cert.key      SSLEngine on      ServerName eapps-example.com      CustomLog /var/www/httpd-logs/eapps-example.com.access.log combined      DocumentRoot /var/www/user_name/data/www/eapps-example.com      ErrorLog /var/www/httpd-logs/eapps-example.com.error.log      ServerAdmin admin_user@eapps-exampl.com      ServerAlias www.eapps-example.com      SuexecUserGroup user_name user_name </VirtualHost>

3. Copy your SSL certificate files to the correct locations

The SSL certificate files will need to be in the /var/www/httpd-cert/user_name directory.

Copy the key file you created for the CSR to this directory, so that it is located at /var/www/httpd-cert/user_name/ssl-cert.key.

The actual SSL certificate will be a .crt file, which will be in plain text format from your SSL vendor. You will need to create a file in this directory with the name of the SSL certificate, and copy the contents of the SSL certificate from your vendor into this file, so that it is located at /var/www/httpd-cert/user_name/ssl-cert.crt.

4. Restart the Apache web server

Once you have added the NameVirtalHost line, the VirtualHost:443 block to the httpd.conf file, and created the files and directories for the actual SSL certificate and key files, you will need to restart the Apache web server.

• For CentOS 6, use the service httpd restart command:

  [root@eapps-example ~]# service httpd restart

• For CentOS 7, use the systemctl restart httpd command:

  [root@eapps-example ~]# systemctl restart httpd

If everything was set up correctly, the web server will restart and your website will now be using SSL and accessible using https. If there are any errors, the error message usually gives a good indication as to what the problem was so that you can fix it.

VirtualHosts in vhosts

If you have a directory called vhosts in /etc/httpd/conf, then follow these steps. You will need to edit two files - the httpd.conf file in /etc/httpd/conf, and the website file in /etc/httpd/conf/vhosts/user_name/domain.name.

1. Set up Listen directive and NameVirtualHost on port 443 in httpd.conf

At the end of the httpd.conf file will be these lines. There will be one Listen directive for port 80, and a NameVirtualHost IP_ADDRESS:80 for every IP address that has a website associated with it.

You will need to add a Listen directive for port 443, and a NameVirtualHost IP_ADDRESS:443 for every IP address that has a website associated with it that is using SSL.

The end of the file will look similar to this when you are done:

Listen 80 Listen 443 NameVirtualHost IP_ADDRESS:80 NameVirtualHost IP_ADDRESS:443

Once you have added the Listen and NameVirtualHost directives, save and exit the file.

2. Add the SSL block for the VirtualHost

Each website that uses SSL will have a separate VirtualHost block specifically for the SSL enabled website. This VirtualHost block will point to the location of the SSL certificate and key files. If you have a vhosts directory in /etc/httpd/conf, you will need to add the VirtualHost block to the website VirtualHost file located at /etc/httpd/conf/vhosts/user_name/domain.name.

Note that this example uses a user of user_name, a domain of eapps-example.com, and SSL certificate file names of ssl-cert. Make sure to substitute your user, domain, and SSL certificate file names in your production VirtualHost block.

<VirtualHost IP_ADDRESS:443>         ServerName eapps-example.com         AddDefaultCharset off         DirectoryIndex index.html index.php         DocumentRoot /var/www/user_name/data/www/eapps-example.com         ServerAdmin admin@eapps-example.com         SuexecUserGroup user_name user_name         ServerAlias www.eapps-example.com         ScriptAlias /cgi-bin/ /var/www/user_name/data/www/eapps-example.com/cgi-bin/         CustomLog /var/www/httpd-logs/eapps-example.com.access.log combined         ErrorLog /var/www/httpd-logs/eapps-example.com.error.log         SSLCertificateFile /var/www/httpd-cert/user_name/ssl-cert.crt         SSLCertificateKeyFile /var/www/httpd-cert/user_name/ssl-cert.key         SSLEngine on </VirtualHost>

3. Copy your SSL certificate files to the correct locations

The SSL certificate files will need to be in the /var/www/httpd-cert/user_name directory.

Copy the key file you created for the CSR to this directory, so that it is located at /var/www/httpd-cert/user_name/ssl-cert.key.

The actual SSL certificate will be a .crt file, which will be in plain text format from your SSL vendor. You will need to create a file in this directory with the name of the SSL certificate, and copy the contents of the SSL certificate from your vendor into this file, so that it is located at /var/www/httpd-cert/user_name/ssl-cert.crt.

4. Restart the Apache web server

Once you have added the NameVirtalHost line, the VirtualHost:443 block to the httpd.conf file, and created the files and directories for the actual SSL certificate and key files, you will need to restart the Apache web server.

• For CentOS 6, use the service httpd restart command:

  [root@eapps-example ~]# service httpd restart

• For CentOS 7, use the systemctl restart httpd command:

  [root@eapps-example ~]# systemctl restart httpd

If everything was set up correctly, the web server will restart and your website will now be using SSL and accessible using https. If there are any errors, the error message usually gives a good indication as to what the problem was so that you can fix it.

---

Let's Encrypt (free open source SSL certificates)

See https://support.eapps.com/other/letsencrypt

---

Self-signed SSL Certificates

A Self-signed SSL certificate works in an identical manner to a commercial SSL certificate, but the certificate is NOT issued by a Certificate Authority, and therefore has no degree of trust associated with it. Most browsers will display an error saying that the communication to the website is encrypted, but that the identity of the website has not been verified. A self-signed SSL certificate should never be used for any type of customer-facing website that engages in e-commerce.

Self-signed SSL certificates are generally used within an organization to secure the connection to a corporate Intranet web portal or to a Webmail server or some other website that is used by the employees or members of an organization who have a reason to trust the validity of the self-signed SSL certificate.

Creating a self-signed SSL certificate using a Control Panel

Creating and installing a self-signed SSL certificate can be done from your Control Panel. Be aware that not all Control Panels offer the same functionality for managing SSL certificates.

To create a self-signed SSL certificate, you will need to generate a Certificate Signing Request (CSR) using the details about the organization that will be using the SSL certificate. The CSR will then be used to create the self-signed SSL certificate.

Creating a self-signed SSL certificate using the ISPmanager Control Panel

When you enable SSL for a website in ISPmanager (either when you create the website or after the website is configured) this creates a basic self-signed SSL certificate that will encrypt the connection to the website if the browser is using https.

However, this basic self-signed certificate has no organization details, and website visitors have no way of knowing if they are actually connecting to the real website. For some websites this is adequate, but eApps recommends that even for a self-signed SSL certificate that you make sure your organizational details are correct so that your users have more trust in the website.

To create a new self-signed SSL certificate that uses the organizational details, do the following:

ISPmanager 4

For ISPmanager 4, you will need to become the User who owns the website. Go to Accounts Management > Users, and click on the correct user. Then click on Enter in the upper right corner. This switches you from the root user to the user who owns the website.

Go to World Wide Web > SSL certificates and click on the name of the SSL certificate shown, which should be the same as the domain name. Then click on New in the upper right corner. This opens the New SSL certificate screen.

• Name - this is a name to help you identify the SSL certificate, this is NOT the domain name being used by the SSL certificate. The name has to be one word, with no spaces.

• Certificate type - this should be set to self-signed.

• Key length - change this to 2048 from the drop down menu

• Valid until - this is set to 365 (days)

• 2 Letter country code - you can find your two letter country code here - Country Codes. Look in A2 column.

• State/Province - this is your state, province, or administrative unit.

• City - this is your city, town, or locality.

• Organization - the name of your company or organization. Leave this blank if you do not have a company or organization.

• Organization Unit - enter your organizational unit if known, leave blank otherwise.

• WWW domain - this should be pre populated with the domain name for the website.

• Email - for a self-signed SSL certificate, use either the website administrators e-mail, or your e-mail address.

Once you have added this information, click Ok.

You will notice that there are now two SSL certificates listed - the one created when you enabled SSL for the website, and the one you just created. Note that the self-signed SSL certificate you just created is not enabled - the light bulb under Status is blue.

To enable this SSL certificate, go to World Wide Web > WWW domains and click on the website name. Then click on Edit in the upper right. This opens the Edit properties of the selected WWW domain screen.

The very last item in this screen should be SSL certificate. Choose the new self-signed SSL certificate from the drop down menu, and click Ok. This will enable the SSL certificate with your organizational details for the website.

ISPmanager 5

For ISPmanager 5, go to System > SSL certificates. Click on the name of the SSL certificate shown, which should be the same as the domain name. Then click on Add in the upper left corner. This takes you to the Certificate type screen.

• Step 1 - Certificate type - for Certificate type, make sure Self-signed certificate is selected, and then click Next.

• Step 2 - Create a certificate - the Create a certificate step is where you enter the organizational details for the self-signed SSL certificate.

• Username - if you have more than one user in ISPmanager, make sure to select the correct user here. By default ISPmanager displays the users in alphabetical order, and the user you are creating the self-signed SSL certificate for may not be the user listed.

• Domain name - enter the domain name that the self-signed certificate will be used for.

• Certificate name - this is a name that will help you identify the SSL certificate. This is NOT the domain name being used by the SSL certificate. The name has to be one word, with no spaces.

• Country code - you can find your two letter country code here - Country Codes. Look in A2 column.

• Region - this is your state, province, or administrative unit.

• City - this is your city, town, or locality.

• Organization - the name of your company or organization. If you do not have a company, use your domain name.

• Organization unit - this is your department or section within your organization. If you do not have a department or section, use a variant of your domain name.

• Email - for a self-signed SSL certificate, use either the website administrators e-mail, or your e-mail address.

• Key length - you can leave at 2048 or change to 4096 if desired.

• Start date - will default to today's date.

• Expiration date - will default to 365 days after the start date.

Once you have added this information, click Finish.

This takes you back to the SSL certificates screen, which now lists both the original self-signed certificate and the one you just created. Make sure the original self-signed certificate is highlighted, and click Change in the upper left. This takes you to the Change the SSL certificate - domainname screen.

• Domains - this should have the domain name that you just generated the new self-signed SSL certificate for selected.

• Certificate - the new self-signed certificate you just created should be listed here.

Click Ok. This will enable the self-signed SSL certificate with your organizational details for the website. This takes you back to the SSL certificates screen which lists all the available SSL certificates.

Please login to comment