The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

purchasing/installing an SSL certificate(questions)

Discussion in 'General Discussion' started by schwim, Jan 5, 2007.

  1. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Hi there everyone,

    I've got a customer that wants an SSL certificate, and I've never purchased or installed one before. I've read through the forum, and I've viewed the WHM support docs, but I'm still confused. A lot of the options in WHM seem redundant:

    Generate a SSL Certificate and Signing Request
    Install a SSL Certificate and Setup the Domain
    Purchase & Install SSL Certificate

    1) Which one of these options do I want?
    2) Do I need a separate IP for any domain that has it's own SSL cert?(I read this in the forum)
    3) Is there any other requirement for the domain to have it's own certificate besides a dedicated IP?
    4) When the orderform speaks of "division", what does that mean?

    Any help would be greatly appreciated.

    thanks,
    json
     
  2. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Anyone?

    thanks,
    json
     
  3. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Account must have a dedicated IP, then:

    1 - generate SSL certificate and signing request
    2 - order SSL certificate from wherever you choose (they will need the csr generated in 1)
    3 - install certificate and set up domain (exact install process varies a bit between certificate providers)

    Division is just a business term. Put whatever you want there.
     
  4. S-Combs

    S-Combs Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    PWSowner is correct

    Once you provide the CSR to your certificate provider they will then give you the info you need to finalize your cert creation.

    Be sure that your (or clients) information submitted to the cert provider exactly matches your/(their) whois info for that domain.

    In some cases your host may need to help you also by updating your rwhois data to list you as the authoritative contact for the IP that is being used (I have had to deal with this for Comodo certs).


    Good luck
     
  5. schwim

    schwim Well-Known Member

    Joined:
    Aug 2, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Thanks very much for your help guys. I have a couple of more questions:

    1) Does "wildcard certificate" mean that I can use any subdomain ( subdomain1.domain.com & subdomain2.domain.com ), and the cert will cover it?

    2) "Certificate Hostname (i.e. secure.domain.com ): I need the cert for a shopping cart script. The script is installed in public root (www.domain.com), and I don't think I'll be using a subdomain, just https://www.domain.com. Do I simply request the cert for www.? Is there a better way to do this?

    Thanks very much for all of your help,
    json
     
  6. S-Combs

    S-Combs Well-Known Member

    Joined:
    Jun 10, 2004
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    A wildcard cert will allow you to use both domain and subdomains from the single cert

    *.domain.com/*

    https://store.domain.com and https://domain.com/store would both be valid

    A standard cert will work for either one but not both.

    Additionally, www is treated as a subdomain so don't add that prefix unless of course that is what you want. Meaning; If you certify www.domain.com then someone visiting https://domain.com would get an invalid cert warning.
     
  7. Paonza

    Paonza Member

    Joined:
    Apr 19, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Are you sure is needed a Dedicated IP for the account using the cert?

    I asked the installation to my hoster company and they install the cert for my requested domain on the port :440 ....

    How is this possible?

    thank you
    Fabio
     
  8. Gareth

    Gareth Well-Known Member

    Joined:
    Feb 11, 2004
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Isle of Anglesey, UK
    Yes it has to be a dedicated IP

    Port 80 is the standard port (non secure) port 440 is the secure port. Non-Secure and Secure are always on seperate ports (ie 80 or 440)

    When you use http://domain.com/ your browser will send you to port 80, https://yourdomain.com/ the browser sends you to port 440
     
  9. Paonza

    Paonza Member

    Joined:
    Apr 19, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for the answer...


    On the same IP I share other domains without SSL cert!

    Is it correct the follow:
    If I need anoter domain with a private SSL cert I need to move it on another dedicated ip because current is already used?

    thx
    Fabio
     
  10. Gareth

    Gareth Well-Known Member

    Joined:
    Feb 11, 2004
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Isle of Anglesey, UK
    Yes that is correct
     
  11. duganji

    duganji Registered

    Joined:
    Jan 23, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Please Help

    Hi I have the same problem,

    The domain i have set up has its own IP.

    When i paste the crt and submit it says it installed ok but has this at the end of the line

    error 18 at 0 depth lookup:self signed certificate OK

    When i view https in browser it says the issuer is myself and not direct nic where i bought it.

    Direct nic say something about installing a bundle of 3 .crt.. but how?
     
  12. Rubas

    Rubas Well-Known Member

    Joined:
    Sep 15, 2003
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    16
    Make sure you replaced the certificate field with your new certificate (don't past your cert in the last field!)
     
  13. clbrack1

    clbrack1 Active Member

    Joined:
    Nov 3, 2006
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    We purchase and install the 19.95 certs from Godaddy all day long and this is what you will need to do for Godaddy:

    1. sign up for a godaddy account
    2. Generate a SSL Certificate and Signing Request
    3. SAVE all copies of the CRT and CSR that are displayed on the screen in txt format
    4. order the cert from godaddy (this done via the web)
    5. download the cabundle from the cert company (use the same cabundle for all certs from this company, reguardless of domain)
    6. give the site in question a static ip addres, this address must be different from any other ip address that already has an ssl cert. one ip address per ssl cert
    7. install cert from WHM
    8. cut-n-paste the appropriate txt files in the appropriate boxes. Godaddy has specific instructions on cpanel/whm and you need to read them carefully. putting the wrong txt in the wrong box will only generate an error and you can hit the back button to correct
    9. FYI, I always put the division as: Web or WWW
    10. you are done

    note that if you order the cert (from godaddy) as www.yourdomain.com then you can only do https as https://www.yourdomain.com. https will NOT work with https://yourdomain.com. You will get an unknown cert error from your browser. Wildcard certs will get around this but they are $199 from godaddy.


    Hope this helps,

    Chris
     
  14. clearstr

    clearstr Registered

    Joined:
    Apr 1, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    so is it better to specify https://yourdomain.com will this work with both https://yourdomain.com and https://www.yourdomain.com or just the first?
    d
     
  15. deadlock

    deadlock Well-Known Member

    Joined:
    May 12, 2002
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    yourdomain.com and www.yourdomain.com are two different domains as far as SSL certs are concerned, so if you purchase a SINGLE (not wildcard) cert for one, it will not work with the other.

    I would add another important point about ordering certs from Godaddy. Make sure that the details you provide (name, company etc) *EXACTLY* match what is listed on your proof documents. For example, if your company is registered as "Mycompany Limited", when you go to fill out the Godaddy request forms, they will not accept "Mycompany Ltd.". In my experience Thawte are more flexible about this type of thing, but then again they are more expensive ;)

    Hopefully this post can save somebody else from the hoops I've had to jump through...
     
  16. krusty

    krusty Member

    Joined:
    Apr 1, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Ok i've tried your mini howto

    and also checked godaddy site

    "Once your SSL certificate has been signed and issued, Go Daddy®will send you an e-mail message that allows you to download the signed certificate and our root certificate bundle (gd_bundle.crt), both of which must be installed on your Web site.

    Note: You must use the provided certificate-download link within three days of receiving the certificate-issuance e-mail message. If the download link is allowed to expire, you must request a certificate re-key in order to retrieve your signed SSL certificate.

    Follow the instructions below to install your SSL certificate and the certificate bundle on your Web server.

    Installing SSL Certificate and Certificate Bundle
    Before you install your issued SSL certificate you must install our certificate bundle (gd_bundle.crt) on your Web server. (You may also download the certificate bundle from the repository. The bundle is located in the Root Bundle section.)

    1. Open the WebHost Manager and click Install an SSL Certificate in the SSL/TLS menu.
    You will see a screen with three boxes on it. Your issued certificate, RSA private key and certificate bundle must be pasted into boxes 1, 2, and 3, respectively.
    2. In the first box, paste in the contents of your issued SSL certificate. If the certificate file is on your server, you may use the Fetch button to copy it from the file.
    3. In the second box, paste in your private key which was generated when you created the CSR.
    4. In the third box, paste in the Go Daddycertificate bundle (gd_bundle.crt).
    5. At the top of the page click Do it.
    "

    And im getting its not trusted - as in no ca issuer.

    help!!
     
  17. krusty

    krusty Member

    Joined:
    Apr 1, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    never mind I didn't put the cert from godaddy into box 1
     
Loading...

Share This Page