Use this interface to install an SSL certificate on a domain. Before you can use this feature, you must create or purchase a certificate, and you must have the certificate's key.
Important:
- You cannot install more than one SSL certificate per IP address on CentOS 5 servers.
- When you install a certificate, this interface indicates whether your certificate is self-signed. Self-signed certificates are easy targets for attackers and generate security warnings in your users’ web browsers. Only install a self-signed certificate temporarily, until you can replace the certificate with a certificate from a valid certificate authority (CA).
SNI and multiple certificates
Server Name Indication (SNI) allows a server to install multiple certificates to the same IP address. If your operating system does not support SNI, you can also use a multi-domain certificate or a wildcard certificate.
- Multi-domain (UCC/SAN) certificates secure multiple domains that share the same IP address and match the certificate's domains list.
- Wildcard certificates secure a domain and an unlimited number of subdomains. For example, to secure
store.example.comandblog.example.com, use a single wildcard certificate.
For more information, read our SSL FAQ and Troubleshooting documentation.
Install an SSL certificate
Use either of the following methods to install certificates on your server.
- If the installation succeeds, WHM displays a confirmation message.
- If the installation fails, WHM displays an error message to indicate the problem.
Browse Certificates
To find and select a certificate on your server, and install it, perform the following steps:
- Click Browse Certificates. The SSL Certificate List window will appear.
-
Select an account from the Browse Account menu, or select Browse Apache.
Note:
The menu's certificates correspond to the account that you select. This menu does not indicate that the system will install the selected certificate to the selected account.
- Select the desired certificate.
-
Click Use Certificate. The system automatically populates the text boxes.
-
If the domain does not use a specific dedicated IP address, select an IP address from the IP Address menu.
Note:
You may only select IP addresses that the menu labels as shared or available.
- If you selected a purchased SSL certificate, you may need to complete the Certificate Authority Bundle (optional) text box. If the system does not populate this text box with information, contact the organization from which you purchased the certificate.
-
-
Select the Enable SNI for Mail Services checkbox. Mail SNI configures mail services to use the domain's SSL certificate instead of the server's default certificate.
Warning:
Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.
- Click Install.
Install by the certificate's domain
To use the domain name to find and install the certificate, perform the following steps:
-
Enter your domain in the Domain text box. The Autofill by Domain button will appear.
-
Enter the certificate's information in the appropriate text boxes, or click Autofill by Domain to automatically populate the certificate information text boxes.
Note:
If multiple certificates exist for the same domain, the server attempts to choose the best certificate. In this scenario, to avoid potential issues, use the Browse Certificates method.
- Select the Enable SNI for Mail Services checkbox. Mail SNI configures mail services to use the domain's SSL certificate instead of the server's default certificate.
Warning:
Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.
- Click Install.
