SSL certificates

/
/
Install an SSL certificate

Install an SSL certificate

 

The following is required to install the certificate:

  • certificate file and certificate bundle;
  • certificate key. The key is generated before ordering the certificate, and the CSR request is generated based on the key.
  • root access to the server.

Where do I get the data to install the SSL certificate?

The archive with data for SSL certificate installation is sent after the certificate is issued to the contact email, which you specified when registering at ispmanager.com .

You can also download the archive from your client area at ispmanager.com in the SSL certificates section.

Where do I get the private key?

If you did not enable the "Do not save the key in the system" option when ordering a SSL certificate, the key can be found in your client area in the SSL certificates .

If you have not saved the key for some reason, reissue the certificate using a new CSR request.

How do I install the SSL certificate on a VPS or a dedicated server?

Installing the SSL certificate via ISPmanager control panel

  1.   Enable SSL for the user who owns the domain: Users → select the user → Perm . button.
  2.   Sign in with that user’s account.
  3.   Enter WWWSSL certificatesAdd certificate button.
  4.   Specify the SSL certificate type "Existing" and fill in all fields:SSL certificate name — the name of the certificate under which it will be displayed in the system. It may contain Latin letters, digits, dots, as well as _ and - characters.Certificate — the content of SSL certificate in PEM format.Certificate key — the content of SSL certificate key in PEM format.Certificate chain  — contents of the SSL certificate bundle file in PEM format. The email from a certification authority usually contains an archive with two files — the certificate itself and the certificate bundle (a file with the .ca-bundle extension). The GlobalSign CA sends a chain file in PKCS7 format (.p7b extension). You can open this file in a text editor or convert it to PEM format.
    openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
  5. After adding the certificate, you can enable it for the website: WWW domains → select the domain → enable the  Secure connection (SSL) option and select the SSL certificate.
  6. Detailed check of the installed certificate is available at the following links:

Where do I get the data to install the SSL certificate?

The archive with data for SSL certificate installation is sent after the certificate is issued to the contact email, which you specified when registering at ispmanager.com .

You can also download the archive from your client area at ispmanager.com in the SSL certificates section.

Where do I get the private key?

If you did not enable the "Do not save the key in the system" option when ordering a SSL certificate, the key can be found in your client area in the SSL certificates .

If you have not saved the key for some reason, reissue the certificate using a new CSR request.

How do I install the SSL certificate on a VPS or a dedicated server?

Installing the SSL certificate via ISPmanager control panel

  1.   Enable SSL for the user who owns the domain: Users → select the user → Perm . button.
  2.   Sign in with that user’s account.
  3.   Enter WWWSSL certificatesAdd certificate button.
  4.   Specify the SSL certificate type "Existing" and fill in all fields:SSL certificate name — the name of the certificate under which it will be displayed in the system. It may contain Latin letters, digits, dots, as well as _ and - characters.Certificate — the content of SSL certificate in PEM format.Certificate key — the content of SSL certificate key in PEM format.Certificate chain  — contents of the SSL certificate bundle file in PEM format. The email from a certification authority usually contains an archive with two files — the certificate itself and the certificate bundle (a file with the .ca-bundle extension). The GlobalSign CA sends a chain file in PKCS7 format (.p7b extension). You can open this file in a text editor or convert it to PEM format.
    openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
  5. After adding the certificate, you can enable it for the website: WWW domains → select the domain → enable the  Secure connection (SSL) option and select the SSL certificate.
  6. Detailed check of the installed certificate is available at the following links:

Manual installation of the SSL certificate

To find out which web server handles SSL requests — Apache or Nginx, run the command:

netstat -napt | grep 443

Installing the SSL certificate on Apache

The certificate is installed in the Apache configuration file:

  • for Debian — /etc/apache2/apache2.conf;
  • for CentOS — /etc/httpd/conf/httpd.conf .
  1. Add certificate data to the VirtualHost section of your domain:
    <VirtualHost 10.0.0.1:443> 
    	DocumentRoot /var/www/user/data/www/domain.com 
    	ServerName domain.com SSLEngine on 
    	SSLCertificateFile /path/to/domain.crt 
    	SSLCertificateKeyFile /path/to/domain.key 
    	SSLCACertificateFile /path/to/ca.crt 
    </VirtualHost>
    domain.com — your domain name10.0.0.1 — IP address of the domain location/var/www/user/data/www/domain.com — path to your domain’s home directory/path/to/domain.crt — the certificate file/path/to/domain.key — the certificate key file/path/to/ca.crt — the root certificate file
  2. Reboot the Apache server:
    apachectl restart
    apache2ctl restart
    Installing the SSL certificate on NginxThe certificate is installed in the Nginx configuration file:
    1. Combine the SSL certificate, intermediate certificate and root certificate into one file your_domain.crt . You can find the certificate data in the email sent to your contact address after the certificate is issued. You can also download them together with the main certificate in your client area at ispmanager.com.
      -----BEGIN CERTIFICATE----- 
      #Your certificate#
      -----END CERTIFICATE----- 
      -----BEGIN CERTIFICATE----- 
      #Intermediate certificate#
      -----END CERTIFICATE----- 
      -----BEGIN CERTIFICATE----- 
      #Root certificates#
      -----END CERTIFICATE-----
      There should be no blank lines between certificates.
    2. Create your_domain.key file and copy the contents of the private key into it.
    3. Copy your_domain.crt and your_domain.key files into one directory. E.g., /etc/ssl/ .
    4. Configure the server block in the Nginx configuration file as follows:
      server {
             listen 443; 
             ssl on; 
             ssl_certificate /etc/ssl/your_domain.crt; 
             ssl_certificate_key /etc/ssl/your_domain.key; 
             server_name your.domain.com;
             }
      /etc/ssl/your_domain.crt — path to the certificate file/etc/ssl/your_domain.key — path to the private key fileyour.domain.com — domain nameIf you want your website to work with both secure https and unprotected http connections, configure a separate server block for each type of connection.
    5. Reboot the Ngnix server:
      /etc/init.d/nginx restart