SSL/TLS Manager Tutorial

Learn how to generate, manage and install SSL certificates from cPanel

The SSL/TLS Manager will allow you to generate and install SSL certificates, certificate signing requests, and private keys. These are all parts of using SSL to secure your website. SSL allows you to secure pages on your site so that information such as logins, credit card numbers, etc are sent encrypted instead of plain text. It is important to secure your site’s login areas, shopping areas, and other pages where sensitive information could be sent over the web. To access the tool, click its icon in cPanel's main page.

Manage private keys

A private key is used to decrypt information transmitted over SSL. When you create an SSL certificate, the first step is to generate a private key file associated with that SSL certificate. You should generate a private key for each SSL certificate you create. This private key is very important and should be kept confidential. A copy of each private key should be kept in a safe place as there is no way to recover a lost private key.

The first functionality of this tool is to generate new, upload and view existing ones or delete private keys. Click on the Generate, view, upload, or delete your private keys. to access that section of the tool.

To generate a new private key you can use the first section of the page that opens. Choose the appropriate key size via the Key Size drop-down menu (4096 bits is recommended), add an optional description using the Description text box and click the Generate button to generate your new private key.

A pop-up will appear indicating the generation of the private key and after a few moments you will see a confirmation page. From it, you can copy the key's contents and save it somewhere locally on your machine if you want.

If you want to upload a new private key to the server, you can use the Upload a New Private Key section. Paste the key's contents in the text box named Paste the key below, add an optional description using the Description text box and click the Save button.

A pop-up will appear indicating the uploading process and after that you will be shown a confirmation page showing that the key has been uploaded successfully.

You can also upload a .key file by using the Browse button.

To delete a private key from your account, click the Delete link next to the key entry for the desired key.

You will be asked to confirm the removal of the key on the next page. Press the Delete key button to proceed.

Manage Certificate Signing Requests (CSR)

If you want to obtain a certificate from a trusted SSL provider, you must complete the Certificate Signing Request form to provide the information needed to generate your SSL certificate.

To generate new, view or upload existing ones or delete CSRs, click the Generate, view, or delete SSL certificate signing requests link.

To generate a new Certificate Signing Request, on the page that opens fill in all the required fields.

  • Key - choose whether to generate a new private key for the CSR or to use an existing one you have already generated or uploaded to your account;
  • Domains - provide the domain names that you want to have the SSL for. If you will be using the CSR for a WildCard certificate, you should use *.yourdomain.com, where yourdomain.com is your actual domain name. Also, if you would like to have the www subdomain secured as well, make sure to include it in the list of domain names as well, i.e. yourdomain.com and www.yourdomain.com;
  • City - provide the complete name for the city or locality for the certificate’s Company. Do not use abbreviations;
  • State - Provide the complete name for the state or province for the certificate’s Company. Do not use abbreviations;
  • Country - Choose the country of origin for the certificate’s Company;
  • Company - Provide the legally-registered name for your business. If your company name includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable;
  • Company Division - Provide the name of the division or group within the above company. If the division includes symbols other than a period or comma, check with your certificate authority to confirm that they are acceptable. This field is not required;
  • Email - Provide a valid email address where you can be contacted for verification of domain ownership. This field is not required to generate the CSR, but most SSL providers require the CSR to have it, so it is recommended to provide a valid email address here;
  • Passphrase - Some certificate authorities may require CSRs to have a passphrase. The certificate authority can use a CSR passphrase to confirm the identity of the person or organization with whom you wish to communicate. CSR passphrases are stored unencrypted in the CSR. Because of this, and also because you will share this passphrase with a third party, do not use an important password here;
  • Description - provide a short description for the newly generated CSR. The description will not be placed in the CSR, it is just so that you can differentiate the CSRs if you have more than one on your hosting account. This field is not required;

Once ready, click the Generate button at the bottom of the page.

A pop-up will appear indicating the creation of the CSR and after that you will see a confirmation page. From it you can copy and save locally both the CSR and the Private Key that corresponds to it.

To delete an already existing CSR from your account, click the Delete link next to the entry for it.

Manage Certificates (CRT)

You can use a self-signed certificate or a trusted certificate from an SSL Certificate Authority. If you plan to use a self-signed certificate for one of your sites, you can generate it using this tool. To use a trusted certificate, you can upload or provide the certificate in the tool, after you have received the SSL certificate from your trusted provider. To manage your certificates, click on the Generate, view, upload, or delete SSL certificates link.

If you already have an existing certificate, you can upload it by either pasting it in the Paste your certificate below text field or if you have .crt file you can upload it by clicking the Browse button. When ready, click the Save Certificate or Upload Certificate button depending on the method you used to upload the certificate.

If you do not have a certificate, you can generate one from the Generate a New Certificate section. The process is the same as when generating a CSR, so you can refer to that section of this tutorial for more information. When you click the Generate button a pop-up will appear, indicating the generation of the certificate and after that you will be redirected to a confirmation page. From it, you can copy and save the certificate and private key contents if you need them.

Install and Manage SSL for your site (HTTPS)

If you already have an SSL certificate from an SSL vendor, you can install it on your account using this tool. To do that, click on the Manage SSL sites link.

On the new page that opens, you must first select for which domain name on your account should the SSL be installed via the Domain drop-down. You may only install SSL certificates for domains that are currently attached to your account. Before you install an SSL certificate for a domain that is not listed in the drop-down, you must attach the domain to your account as an addon, parked or subdomain.

Then provide the Certificate, the Private Key for it and the Certificate Authority Bundle, if there is one, in the respective text fields. If you want to use the SSL for the mail service for the domain names, enable the Enable SNI for Mail Services option. Then, click the Install Certificate button to perform the installation.

A pop-up will appear indicating the installation is in progress and then it will change to a different one, confirming the installation has successfully completed.

That's it. Now you can proceed with configuring your website to work via https://.