Security
SSL/TLS
Updated: 22 February 2024This tool lets you create and handle SSL certificates, requests for signing, and keys to make your website safer. It's great for websites that deal with private info like login details and credit card numbers often. Well, actually, it's great for any website. This way, it keeps the information shared by visitors safe from hackers.
Accessing the SSL/TLS Manager
Once you've logged into cPanel, follow these steps to access the SSL/TLS Manager:
- Log into your cPanel account
- From the cPanel dashboard, scroll down to the Security section.
- Click on the SSL/TLS icon.
Available Features
This interface contains the following features:
- Default SSL/TLS Key Type — Select the type of key the system uses by default for SSL/TLS certificates and certificate signing requests.
- Private Keys (KEY) — Generate, view, upload, or delete private keys.
- Certificate Signing Requests (CSR) — Generate, view, or delete SSL certificate signing requests.
- Certificates (CRT) — Set up an SSL certificate for the site.
- Install and Manage SSL for your site (HTTPS) — Generate, view, upload, or delete SSL certificates.
Default SSL/TLS Key Type
In this section, you can choose the main type of SSL/TLS key you want to use. The system will use your chosen key for setting up all new SSL/TLS certificates and requests. If you choose a new main key, it will replace the one the server was using before. To learn more about the types of keys you can choose, check the SSL/TLS Key Types guide from cPanel documentation.
- After choosing the key type you like, click Save to update your choices.
IMPORTANT!
When you change your main key type, the system will automatically update all the SSL certificates it issued before to use the new key type. This process is called an AutoSSL run.
Private Keys (KEY)
To set up an SSL certificate for your site, you need a private key first. You can generate, view, upload, or delete your private keys here.
You can create a new key or add one you already have with a *.key file.
Important Notes
- Always save a copy of your private key in a safe place. Lost keys can't be recovered.
- Use SSL certificates if your site collects sensitive information from visitors.
Keys on Server
The Keys on Server table shows details about your private keys:
- Description: What the key is for.
- ID: The key's unique ID.
- Key Type: The kind of private key.
- Actions: You can edit or delete the key.
Generate a New Private Key
- Choose a key type and, if you want, add a description.
- Click Generate. You'll see the key. You can copy it.
- Go back to Private Keys to see your new key listed.
- Upload it to the server.
Upload a New Private Key
You can upload a key by pasting it or by finding a file on your computer.
Paste a Private Key
- Paste your key into the box.
- Add a description (optional).
- Click Save. You'll see a message telling you if it worked.
Browse for a Private Key
- Click to choose a *.key file.
- Add a description (optional).
- Click Upload. A message will tell you if it was successful.
Delete a Private Key
- Find the key you want to delete in the list.
- Click Delete next to it.
- Confirm by clicking Delete Key. You'll get a message about it.
Edit and View Details About a Private Key
- Find the key you want to edit or view.
- Click View & Edit.
- You can change the description and see the key.
- Click Update to save changes. A message will show up.
Certificate Signing Requests (CSR)
This area lets you make, see, or remove a certificate signing request (CSR). You can also look at and change the details of your CSRs, including both the encoded and decoded private keys.
Certificate Signing Requests on Server
The table here shows you information about each CSR:
- Domains: The website domain for the CSR.
- Created: When you made the CSR, shown in Universal Time (UTC).
- Description: What the CSR is for.
- Actions: You can edit or delete the CSR.
Generate a New CSR
Warning:
You need to have a private key, or make one, before creating a CSR.
- Go to the section for creating a new CSR and pick a key from the menu.
- If you want to use a different key, select the type you want to create from the menu. You can also add a new key in the Private Key section.
- Fill in all the needed information below the key selection.
- Click Generate.
Delete a CSR
- Find the CSR you want to remove in the list.
- Press Delete next to it. You'll see a new page.
- Confirm by clicking Delete CSR. You'll see a message telling you if it worked.
- If you changed your mind, click Cancel.
Edit and View Details About a CSR
- Find the CSR you want to change or see more about.
- Click Edit. You'll see a page with the CSR details.
- Change the description if you want.
- Press Update Name to save. You'll see a message about the change.
Certificates (CRT)
This section lets you create, see, add, or remove SSL certificates.
Certificates on Server
The table here shows details about each certificate:
- Domains: What the certificate is used for.
- Issuer: The organization that gave out the certificate.
- Expiration: When the certificate will stop working, shown in Universal Time (UTC).
- Key Type: The kind of private key used.
- Description: Information about the certificate.
- Actions: You can change, remove, or install the certificate.
Upload a New Certificate
To add a new certificate:
- Paste the certificate text or choose a certificate file.
- Add a description (optional).
- Click to save or upload the certificate. You'll see a message telling you if it worked.
Generate a New Certificate
To make a new self-signed certificate:
- Pick a private key. If you need a new one, go to the Private Keys section.
- Fill in all the required fields, like Domains and Company details.
- Click Generate.
Important
Self-signed certificates are best for internal use. For a public site, it's better to get a certificate from a trusted issuer.
Delete a Certificate
- Find the certificate you want to delete.
- Click Delete, then confirm by clicking Delete Certificates. You'll get a message about it.
Edit and View Details About a Certificate
- Find the certificate you want to change or view more about.
- Click Edit to see the certificate details.
- Make any changes to the description, then click Update Description. You'll see a message about the change.
Install a Certificate
To install a certificate, just click Install next to the one you want to use.
Install and Manage SSL for Your Site (HTTPS)
If you're a system administrator in WHM, you can add SSL certificates to cPanel accounts for your users. cPanel users can then handle these certificates for their websites.
The Manage Installed SSL Websites Table
This table shows up if a domain with a dedicated IP address already has an SSL certificate. It tells you about:
- FQDN: The domain name of the website.
- Certificate Expiration: When the certificate will expire.
- Document Root: Where the website's files are located.
- Actions: What you can do, like make a website the main one on a shared IP, uninstall or update a certificate, look at certificate details, or use the certificate for a new site.
Install an SSL Website
To add an SSL certificate to a website, you can:
- Browse certificates already available.
- Search by domain.
- Manually type in the certificate details.
Browse Certificates
- Click to see available certificates.
- Choose the one you want and click Use Certificate to fill in the details automatically.
- Click Install Certificate when you're done. You'll get a message about whether it worked or not.
Search by Domain
- Choose the domain from the menu.
- Click Autofill by Domain to fill in details automatically. If it works, the text boxes will fill in. If not, they'll stay empty.
- Click Install Certificate. You'll see a message telling you if it was successful.
Manually Enter Information
- Choose the domain.
- Type in the certificate, private key, and CA bundle details.
- Click Install Certificate. You'll get a message about the installation's success or failure.