SSL Installation on customer domain cPanel Server

[Chris Kenward]

Hi Folks

I think this may well be my first post here so please be gentle!

One of my customers has agreed to move his website from one of our legacy non-cPanel servers running an old version of CentOS to one of new CentOS 6.5 cPanel servers. There are currently around 15 customer websites on the server already, although none of them have an SSL certificate (yet).

Before I go ahead and make any mistakes, I thought I would ask the question:

What is the process I need to go through to add this SSL certificate, on its own IP address which differs from the server IP, to the server so that their website comes up fine using SSL? I know I can re-issue the SSL certificate (Comodo) through my reseller panel so can paste the result into the .crt and .ca boxes but I really don't want to make any mistakes when I add the new IP to the server, hopefully using cPanel to do all the work for me.

Any help gratefully accepted.

Cheers
Chris

 

[HH-Abdullah]

It's quite simple actually - Add the IP address to cPanel and assign it to the customer's domain and make sure it's working. Create the CSR from cPanel for the customer's domain, this will also generate the private key to be used. Then issue the SSL certificate from Comodo and copy/attach the certificate you receive from Comodo while using the private key and CSR that you generated before.

 

[cPanelMichael]

Hello

Yes, you can install the certificate the same way you normally would for a new certificate. Generate the CSR/Key via:

"WHM Home » SSL/TLS » Generate an SSL Certificate and Signing Request"

Then, install the updated CRT via:

"WHM Home » SSL/TLS » Install an SSL Certificate on a Domain"

Thank you.

 

[Chris Kenward]

It's quite simple actually - Add the IP address to cPanel and assign it to the customer's domain

Thanks for your response. The question I asked revolves around exactly that I guess. HOW do I make sure that the new IP for this certificate is added to cPanel first, before I generate for the CSR etc.?

Yes, you can install the certificate the same way you normally would for a new certificate. Generate the CSR/Key via:
"WHM Home » SSL/TLS » Generate an SSL Certificate and Signing Request"
Then, install the updated CRT via:
"WHM Home » SSL/TLS » Install an SSL Certificate on a Domain"

Thanks for this response, cPanelMichael
As soon as the new certificate arrives, I'll wait for your responses to the new question above before I install it - just to be sure I don't mess it up.

Cheers
Chris

 

[cPanelMichael]

Thanks for your response. The question I asked revolves around exactly that I guess. HOW do I make sure that the new IP for this certificate is added to cPanel first, before I generate for the CSR etc.?

Dedicated IP addresses are no longer required. You can install a SSL certificate on a shared IP address if you are using CentOS 6.x now that cPanel supports SNI. If you choose to add the IP address to your server and assign it to the account at a later time, then the SSL certificate will remain in place.

Thank you.

 

[Chris Kenward]

Dedicated IP addresses are no longer required. You can install a SSL certificate on a shared IP address if you are using CentOS 6.x now that cPanel supports SNI. If you choose to add the IP address to your server and assign it to the account at a later time, then the SSL certificate will remain in place.

Are you saying that cPanel will take care of any amount of certificates, all on the server's IP address? For someone like me who is used to each SSL certificate having to have its own IP address, this is new ground.

So, I install the certificate on the server without adding another IP address but just choosing that domain to install it on?

Do I then have to tell cPanel it's a shared certificate or not?

Don't want to mess this one up so look forward to your reply.

Cheers
Chris

 

[cPanelMichael]

So, I install the certificate on the server without adding another IP address but just choosing that domain to install it on?

Do I then have to tell cPanel it's a shared certificate or not?

Yes, you can install SSL certificates for any number of domain names on the same IP address. This is documented here:

SSL FAQ and Troubleshooting

You don't have to tell cPanel that it's a shared certificate unless you want to share it.

Thank you.