This is documentation for an outdated product. See the current documentation

ISPmanager 5 Lite Documentation

Install an SSL certificate

 

The following is required to install the certificate:

  • certificate file and certificate bundle;
  • certificate key. The key is generated before ordering the certificate, and the CSR request is generated based on the key.
  • root access to the server.

Where do I get the data to install the SSL certificate?

The archive with data for SSL certificate installation is sent after the certificate is issued to the contact email, which you specified when registering at ispmanager.com .

You can also download the archive from your client area at ispmanager.com in the SSL certificates section.

Where do I get the private key?

If you did not enable the "Do not save the key in the system" option when ordering a SSL certificate, the key can be found in your client area in the SSL certificates .

If you have not saved the key for some reason, reissue the certificate using a new CSR request.

How do I install the SSL certificate on a VPS or a dedicated server?

Installing the SSL certificate via ISPmanager control panel

  1.   Enable SSL for the user who owns the domain: Users → select the user → Perm . button.
  2.   Sign in with that user’s account.
  3.   Enter WWWSSL certificatesAdd certificate button.

  4.   Specify the SSL certificate type "Existing" and fill in all fields:
    SSL certificate name — the name of the certificate under which it will be displayed in the system. It may contain Latin letters, digits, dots, as well as _ and - characters.Certificate — the content of SSL certificate in PEM format.Certificate key — the content of SSL certificate key in PEM format.Certificate chain  — contents of the SSL certificate bundle file in PEM format. The email from a certification authority usually contains an archive with two files — the certificate itself and the certificate bundle (a file with the .ca-bundle extension). 
    Note
    The GlobalSign CA sends a chain file in PKCS7 format (.p7b extension). You can open this file in a text editor or convert it to PEM format.

    Example command for converting

    openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer


  5. After adding the certificate, you can enable it for the website: WWW domains → select the domain → enable the  Secure connection (SSL) option and select the SSL certificate.
  6. Detailed check of the installed certificate is available at the following links:

Manual installation of the SSL certificate

To find out which web server handles SSL requests — Apache or Nginx, run the command:

netstat -napt | grep 443

Installing the SSL certificate on Apache

The certificate is installed in the Apache configuration file:

  • for Debian — /etc/apache2/apache2.conf;
  • for CentOS — /etc/httpd/conf/httpd.conf .
  1. Add certificate data to the VirtualHost section of your domain:

    Example of configuration

    <VirtualHost 10.0.0.1:443> 
    	DocumentRoot /var/www/user/data/www/domain.com 
    	ServerName domain.com SSLEngine on 
    	SSLCertificateFile /path/to/domain.crt 
    	SSLCertificateKeyFile /path/to/domain.key 
    	SSLCACertificateFile /path/to/ca.crt 
    </VirtualHost>
    Comments
  2. Reboot the Apache server:

    Command for CentOS

    apachectl restart
    

    Command for Debian

    apache2ctl restart

Installing the SSL certificate on Nginx

The certificate is installed in the Nginx configuration file:

  1. Combine the SSL certificate, intermediate certificate and root certificate into one file your_domain.crt . You can find the certificate data in the email sent to your contact address after the certificate is issued. You can also download them together with the main certificate in your client area at ispmanager.com.

    Example of file

    -----BEGIN CERTIFICATE----- 
    #Your certificate#
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    #Intermediate certificate#
    -----END CERTIFICATE----- 
    -----BEGIN CERTIFICATE----- 
    #Root certificates#
    -----END CERTIFICATE-----
    Note
    There should be no blank lines between certificates.
  2. Create your_domain.key file and copy the contents of the private key into it.
  3. Copy your_domain.crt and your_domain.key files into one directory. E.g., /etc/ssl/ .
  4. Configure the server block in the Nginx configuration file as follows:
    server {
           listen 443; 
           ssl on; 
           ssl_certificate /etc/ssl/your_domain.crt; 
           ssl_certificate_key /etc/ssl/your_domain.key; 
           server_name your.domain.com;
           }
    Comments
    Note
    If you want your website to work with both secure https and unprotected http connections, configure a separate server block for each type of connection.
  5. Reboot the Ngnix server:
    /etc/init.d/nginx restart