How to install SSL-certificates
The following is required to install the certificate:
- certificate file and certificate bundle;
- certificate key. The key is generated before ordering the certificate, and the CSR request is generated based on the key.
- root access to the server.
Where do I get the data to install the SSL certificate?
The archive with data for SSL certificate installation is sent after the certificate is issued to the contact email, which you specified when registering at ispmanager.com .
You can also download the archive from your client area at ispmanager.com in the SSL certificates section.
Where do I get the private key?
If you did not enable the "Do not save the key in the system" option when ordering a SSL certificate, the key can be found in your client area in the SSL certificates .
If you have not saved the key for some reason, reissue the certificate using a new CSR request.
How do I install the SSL certificate on a VPS or a dedicated server?
Installing the SSL certificate via ISPmanager control panel
- Enable SSL for the user who owns the domain: Users → select the user → Perm . button.
- Sign in with that user’s account.
- Enter WWW → SSL certificates → Add certificate button.
- Specify the SSL certificate type "Existing" and fill in all fields:
SSL certificate name — the name of the certificate under which it will be displayed in the system. It may contain Latin letters, digits, dots, as well as _ and - characters.Certificate — the content of SSL certificate in PEM format.Certificate key — the content of SSL certificate key in PEM format.Certificate chain — contents of the SSL certificate bundle file in PEM format. The email from a certification authority usually contains an archive with two files — the certificate itself and the certificate bundle (a file with the .ca-bundle extension).NoteThe GlobalSign CA sends a chain file in PKCS7 format (.p7b extension). You can open this file in a text editor or convert it to PEM format.Example command for converting
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
- After adding the certificate, you can enable it for the website: WWW domains → select the domain → enable the Secure connection (SSL) option and select the SSL certificate.
- Detailed check of the installed certificate is available at the following links:
Manual installation of the SSL certificate
To find out which web server handles SSL requests — Apache or Nginx, run the command:
netstat -napt | grep 443
Installing the SSL certificate on Apache
The certificate is installed in the Apache configuration file:
- for Debian — /etc/apache2/apache2.conf;
- for CentOS — /etc/httpd/conf/httpd.conf .
- Add certificate data to the VirtualHost section of your domain:
Example of configuration
<VirtualHost 10.0.0.1:443> DocumentRoot /var/www/user/data/www/domain.com ServerName domain.com SSLEngine on SSLCertificateFile /path/to/domain.crt SSLCertificateKeyFile /path/to/domain.key SSLCACertificateFile /path/to/ca.crt </VirtualHost>
Comments - Reboot the Apache server:
Command for CentOS
apachectl restart
Command for Debian
apache2ctl restart
Installing the SSL certificate on Nginx
The certificate is installed in the Nginx configuration file:
- Combine the SSL certificate, intermediate certificate and root certificate into one file your_domain.crt . You can find the certificate data in the email sent to your contact address after the certificate is issued. You can also download them together with the main certificate in your client area at ispmanager.com.
Example of file
-----BEGIN CERTIFICATE----- #Your certificate# -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- #Intermediate certificate# -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- #Root certificates# -----END CERTIFICATE-----
NoteThere should be no blank lines between certificates. - Create your_domain.key file and copy the contents of the private key into it.
- Copy your_domain.crt and your_domain.key files into one directory. E.g., /etc/ssl/ .
- Configure the server block in the Nginx configuration file as follows:
server { listen 443; ssl on; ssl_certificate /etc/ssl/your_domain.crt; ssl_certificate_key /etc/ssl/your_domain.key; server_name your.domain.com; }
CommentsNoteIf you want your website to work with both secure https and unprotected http connections, configure a separate server block for each type of connection. - Reboot the Ngnix server:
/etc/init.d/nginx restart