When you use an https:// URL you are doing two things. You are encrypting the data between the server and the browser and the identity of the server is authenticated. The former is carried out using the a .key file and the latter is carried out using a .crt (certificate) file.
The eay that the certificate authenticates the site is that it has to be signed by a signing authority recognised by the browser. The way that this works is that every browser has a small list of trusted signing authorities, when it gets to an https site it checks that the certificate was signed by one of these authorities. You mention two of these trusted signing authorities Thwate and Verisign. When a certificate is signed by one of them it will trust the certificate and the site. This hapens because these signing authorities will only sign a certificate once they have seen documentry evidence that demonstrates that the holder of the certificate is who they say they are, if they say they are a buisness check that it exists etc.
So, to install a certificate and start using https you need to first generate you .key file and a .csr (certificate signing request) using the SSL section in WHM. Once you have the .csr file you take it the authority and provide with with the requested documents. They then send you back a signed certificate. You then go back to WHM, and in the SSL section install the certificate by pasteing in the .key .crt files (and a .ca file if you are sent one).
Certificates are issued per hostname *not* IP addres so they are portable between servers. Also, there are two types of certificates. The cheap option will only work for a single hostname e.g:
www.domain.com (
https://www.domain.com )
secure.domain.com (
https://secure.domain.com )
shop.domain.com (
https://shop.domain.com )
etc. It will only work for one of these and no other, you have to be sure that it is the one you want before you generate the .key and .csr file. As an asside, the often confusing name for the hostname that you want to use is the 'common name'.
The second more expensive (usually 10X) is a wildcard certificate. With this you will be able to use:
*.domain.com
where '*' is any set of characters you want. If your reseller gets a wildcard certificate then they can offer a shared certificate to their users, e.g.
user1.reseller-domain.com
user2.reseller-domain.com
user3.reseller-domain.com
But most people don't want this as they want to use their own domain with the https:// URL.
You can allow your resellers to generate the .key and .crt files and install the certificates in they reseller WHM accounts if you want to.
Sorry for the length of this but there's a bit to it. If you need any more information on the specifics of this update this thread and I'll be happy to elobrate further.
Anyway, I would like to know, how do I setup an https:// for a single reseller on my web server? Also, how would I setup https:// for a single client? Or allow my reseller to give https? What is this process and where do companies like Verisign (http://verisign.com) and Thawte (http://thawte.com) come in?