SSL (Secure Sockets Layer) is a technology that helps secure your website. SSL encrypts data exchanged between your website and website visitors, as well as between your website and other online websites and services, such as a merchant account for credit card transactions.
To use SSL on your website, you need to purchase a SSL Certificate and install it onto your website from within Cpanel. The following guide breaks down these steps as succinctly as possible. If you get lost or it becomes too complicated, don’t worry – we’re here to help! Just open a ticket with our Support team and we can help you through the process.
Note: In the following guide, we reference the made-up domain, “yourdomain.com”, for demonstration purposes only, in place of your actual domain name.
1. Standard Hosting or PCI Compliant Hosting?
Before installing SSL, it’s important to determine if you have the right hosting plan for your needs. If you are using SSL to secure your website’s information or if you use PayPal to receive payments, you may be able to host your application in our standard hosting environment. However, if your website accepts credit card payments (Visa, Mastercard, AMEX and Discover), your merchant processing service will require your website to meet PCI Compliance standards. We offer PCI-compliant hosting plans, and can assist you in migrating over to our PCI environment.
2. To use SSL, your hosting account must be configured with a Static IP address.
If you are hosted on one of our PCI hosting plans, your website already has a Static IP address.
Static IP addresses are available on our standard shared hosting plans at $5/month. To convert your website to a static IP account, please contact our Support team to request its installation. Once the IP is installed, you can continue on to the next steps.
3. Log into your website’s Cpanel interface (at www.yourdomain.com/cpanel) and go to SSL/TLS Manager.
4. Generate a Certificate Signing Request (CSR).
4a. Click on “Generate, view, or delete SSL Certificate signing requests” and fill out the subsequent form with the following information:
- Choose a 2,048-bit Key, the standard required by all SSL Certificates.
- List all FQDN’s (domain.com and www.domain.com) you will want to use with the SSL Certificate. Unless you are using a “wildcard SSL”, you can only list domain.com and www.domain.com. Other FQDN’s, such as “myspecialdomain.domain.com” are stand-alone and if you wish to use those as well, you would need to purchase a wildcard SSL Certificate.
- The complete City and State of your business (do not use abbreviations)
- Your Company name and Division (such as Sales or Support).
- An email address and passphrase (not currently required by the certificate authorities we utilize)
4b. Once generated, you will want to copy the CSR file, including the “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–” portions of the code, to a plain text file for use in Step 5.
5. Purchase the SSL Certificate.
5a. If you purchase a SSL Certificate from Canvas Dreams, we take it from here and handle the rest of this process for you!
5b. If you instead wish to purchase your own SSL Certificate from a third party, keep going in this guide. Please note, we cannot guarantee that third-party SSL Certificates will work in our hosting environment, nor do we offer any support for installing, troubleshooting, or renewing those certificates.
5c. In a separate browser window, log onto the SSL vendor of your choice and
purchase a certificate.
- As part of the SSL purchase process, you’ll need to
configure the certificate:
- Select an administrative email address where order confirmation emails
can be sent to you. Typically, the order form offers several pre-set options
to choose from. These include “email@example.com”, “firstname.lastname@example.org”,
and “email@example.com”, as well as email addresses listed on the domain’s
public WHOIS record (which may be “firstname.lastname@example.org”).
It is absolutely important that for the email address you choose, you have
access to that account. By choosing one of these email addresses, you are
signifying that is where confirmation emails for the SSL order are to be
sent. If you cannot get the emails, the order will not be completed.
- Choose Server type. Typically, you should be able to choose “Cpanel” or if not, “RedHat/Centos” as
an option. This is important, as every server platform functions differently
and the way the SSL Certificate is issued may be different, as a result.
You need to make sure that the certificate is issued in a way that is compatible
with our hosting environment.
6. Check your email inbox for the issued SSL Certificate.
The certificate, once issued, will include the CRT data (which looks like a block of code), and may also include the CA Bundle (another block of code).
6a. Copy and paste the CRT and CA Bundle into a plain text file for use when installing onto your website.
7. In your Cpanel interface, go to the SSL/TLS Manager screen.
7a. Click on “Generate, view, upload, or delete your private keys”.
7b. Click on the “View and Edit” link next to the KEY for yourdomain.com. Copy the entire contents of the “Encoded Private Key” field into a plain text file. The Private KEY was generated at the same time you created the CSR file.
8. In your Cpanel interface, go to the SSL/TLS Manager screen.
8a. Click on “Activate SSL on Your Web Site (HTTPS)”.
8b. Scroll down this screen and from the “Domain” pulldown menu.
8c. Choose the domain you want the SSL installed on. As hosting accounts support add-on and parked domains, more than one domain may be shown in the list. So, it’s important to choose the correct domain.
8d. Paste the CRT into the Certificate: (CRT) field.
Paste the entire CRT, including the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” portion of the code, into the “Certificate: (CRT)” field.
8e. Paste the Private KEY into the Private Key: (KEY) field.
Paste the entire Private KEY, including the “—–BEGIN RSA PRIVATE KEY—–” and “—–END RSA PRIVATE KEY—–” portion of the code, into the “Private Key: (KEY)” field.
8f. You may need to paste the contents of the CA Bundle to this screen.
- This can be obtained from the SSL vendor where the certificate was purchased.
Every vendor provides it a bit differently. The CA Bundle looks a lot like
the CRT file and includes the same “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” strings
at the start and end of the file.
- If you have obtained the CA Bundle, paste everything, including the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” portion of the code, into the “Certificate Authority Bundle: (CABUNDLE)” field.
note, you may be able to leave that field blank, as the server will attempt
to retrieve that information from public repositories for the certificate
9. Click on “Install Certificate”.
If everything was done correctly, the screen will update to show the certificate under the “Manage Installed SSL Hosts” section of the screen, as well as options for managing the certificate from there (removing, updating, etc.).