Enable SSL/TLS Manager in WHM for cPanel users
Before using the SSL/TLS Manager as a cPanel user, it first needs to be enabled in WHM's Tweak Settings option.
- Login to WHM
-
In the top-left find box, type in tweak, then click on Tweak Settings
-
Type Allow cPanel in the top-right find box, then fill in On beside Allow cPanel users to install SSL Hosts if they have a dedicated IP, then click Save
You should see WHM Updating tweak settings... and then when it completes it will say Done at the bottom.
Using the cPanel SSL/TLS Manager
Once you have the cPanel SLL/TLS Manager enabled in WHM, you can access it when logged into cPanel.
Generate Private Keys
Before generating anything else, we need to generate some Private Keys, these are used to decrypt information transmitted over an SSL connection. You need a separate Private Key for each SSL certificate you wish to use.
-
Access the cPanel SSL/TLS Manager
Click on Generate, view, upload, or delete your private keys
-
Typically a Key Size of 2,048 bits is fine, but if you need another one you can select it from the drop-down.
Fill in a Description for the key if you'd like, then click Generate
-
Now with your Private Key generated, click on Return to Private Keys
You should see the key you created listed
-
If you already have a Private Key not on the server, then under the Upload a New Private Key section, you can either paste in your key and click on Save, or you can click on Choose File to browse your computer for the key, and then click Upload
After you've already generated or uploaded your Private Key so it exists on the server, click on Return to SSL Manager
Generate CSR
Before getting an SSL certificate for your website, you need to generate a Certificate Signing Request (CSR). This request will include your domain name and company, as well as information specific to the server you're hosting on.
-
Access the cPanel SSL/TLS Manager
Click on Generate, view, or delete SSL certificate signing requests
-
Fill out all of the fields for your CSR, then click Generate
-
You should now see the generated CSR, you can click in the text-box and then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.
-
Now you need to take this CSR text generated from the cPanel server, and when you are purchasing a SSL certificate, the Certificate Authority that you buy it from will need to be supplied with it.
When asked the server type your CSR was generated on, you'd want to select RedHat Linux.
Generate a self-signed SSL certificate
If you just need your website data encrypted, and are not worried about web-browser warnings you can generate a self-signed SSL certificate for free.
When you access a self-signed SSL website from your web-browser, you will get an self signed SSL warning such as this one in Google Chrome. You can simply safely click on Proceed anyway to still get to the website.
When you're on your website if you click on the SSL padlock icon, you can see the reason we got a warning is because the website's identity has not been verified. This is because we used a self-signed SSL certificate and it wasn't verified by a 3rd party certificate authority
-
Access the cPanel SSL/TLS Manager
Click on Generate, view, upload, or delete SSL certificates
-
Scroll down to the Generate a New Certificate section and fill out all of the details for your self-signed SSL certificate, click Generate
-
On the next page, click in the Encoded Certificate text-box, then hit Ctrl-A to select all the text, and then Ctrl-C to copy it.
Install 3rd party SSL certificate
If you sent off your CSR to a certificate authority, you should have gotten back a matching SSL certifcate that you can now go back and install on the server to use for your website.
-
Access the cPanel SSL/TLS Manager
Click on Generate, view, upload, or delete SSL certificates
-
Now either paste your certificate info into the Paste your certificate below box and click Save Certificate
Or click Choose File to browse your local computer for the certificate file and click on Upload Certificate
Activate SSL certificate on web site
Now that you've generated a private key, generated a CSR, and installed a SSL on your account, you should be ready to activate that SSL certificate for your website.
-
Access the cPanel SSL/TLS Manager
Click on Install and Manage SSL for your site(HTTPS)
-
From the Domain drop-down, select the domain you're installing your SSL certificate on, and then click Autofill by Domain
-
In this case you can see it's warning us that the Issuer is self-signed which is fine. If you actually installed a 3rd party verified certificate you shouldn't see this warning.
Click on Install Certificate
You will then see confirmation that the SSL certificate was installed. You should hopefully now understand how to use the cPanel SSL/TLS Manager to either generate a CSR or get a SSL certificate installed on your website.