Valid for versions 92 through the latest version
Version:
82
92
Overview
This feature allows you to simultaneously generate both a self-signed SSL certificate and a certificate signing request (CSR) for a domain. You can also use this interface to generate private keys, which are essential for self-signed certificates and purchased certificates. To purchase a certificate, submit the CSR to your chosen certificate authority (CA). They will provide you with a certificate, typically in a .zip
file via email.
For more information, read our Purchase and Install an SSL Certificate documentation.
Contact Information
To receive the SSL certificate, private key, and CSR in an email, enter an email address in the Email Address text box.
Select the When complete, email me the certificate, key, and CSR. checkbox to receive a copy of the request that this interface generates.
Private Key Options
Select the desired key from the Key Type menu. You can select from the following keys:
-
RSA, 2,048-bit – (default)
-
ECDSA, P-384 (secp384r1)
-
ECDSA, P-256 (prime256v1)
-
RSA, 4,096-Deliverability
For information about each of these keys, read our SSL/TLS Key Types documentation.
Certificate information
To generate an SSL certificate and CSR, perform the following steps:
- In the Domains text box, enter the domain name of the website that the certificate will secure.
- You can enter a wildcard-formatted domain name to install the same certificate on any number of subdomains if they share an IP address. For example, you can use a wildcard certificate for
*.example.com
to securely connect to themail.example.com
andwww.example.com
domains. - You can also enter multiple domains, with one domain per line.
- For more information about how to share SSL certificates, read our Manage SSL Hosts documentation.
- You can enter a wildcard-formatted domain name to install the same certificate on any number of subdomains if they share an IP address. For example, you can use a wildcard certificate for
- In the City text box, enter the complete name of the city in which your servers are located.
- In the State text box, enter the complete name of the state in which your servers are located.
- In the Country text box, select the country of origin for the certificate.
- In the Company Name text box, enter your business’s complete name.
Note:Some certificate authorities may not accept special characters in the Company Name and Company Division text boxes. If your company name includes symbols other than a period or a comma, ask your CA to confirm whether you can use these characters.
- In the Company Division section, enter the name of the department or group within the company. This information is optional.
- In the Email text box, enter a secure contact email address that your CA can use to verify domain ownership.
Shared Secrets
Enter a passphrase in the Passphrase text box if your certificate authority requires one for verification purposes.
Create
After you enter the correct information, click Create. WHM will display the CSR with its SSL certificate and private key.
- Copy and paste these items into the correct directories.
- If you provided an email address, the system also sends the information to that email address.
- You can view the keys, certificates, and CSRs that you create in WHM’s SSL Storage Manager interface (WHM >> Home >> SSL/TLS >> SSL Storage Manager).
The system saves this information in the following directories on your servers:
- CSR —
/var/cpanel/ssl/system/csrs
- SSL certificates —
/var/cpanel/ssl/system/certs
- Private keys —
/var/cpanel/ssl/system/keys
If you purchased an SSL certificate, provide the CSR to the company from which you purchased the SSL certificate.
If you used a self-signed certificate, navigate to WHM’s Install an SSL Certificate on a Domain interface (WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain) to install the certificate.