The Planet Forums > Howto: Install a SSL cert from TP for cPanel / WHM

Full Version: Howto: Install a SSL cert from TP for cPanel / WHM

The Planet Forums > Control Panels > cPanel/WHM

challii

Sep 14 2005, 11:43 AM

Well at first you might think, whoah thats easy, but how wrong you would be. TP seems to be about the only provided who doesn't allow you to use challenge passwords. (If you don't know what these are you don't need to worry about it). However if you try and generate a Certificate Signing Request from WHM which you would assume to be the correct way to do things you are forced into using a challenge password and then TP will reject your CSR.

So, heres a howto (and some of my own personal pointers based on mistakes I made)

1.) Generate the Key

Log in shell

CODE

cd /usr/share/ssl/private

openssl genrsa -out hostname.server.com.key 1024

This has generated a key which you will use in a minute to generate you CSR. You must keep this in a safe place because you will need it is you need to be re-issued a new cert (if you change ips or whatever)

2.) Generate the CSR

CODE

openssl req -new -key hostname.server.com.key -out hostname.server.com.csr

Make sure here that you fill in the information 100% correctly or you'll end up in major trouble! Don't forget the country code for UK is actually GB (check the rest of the country code's here http://www.iso.ch/iso/en/prods-services/is...list-en1.html#g )
You can then check the contents of your CSR and make sure they are ok by using the

CODE

openssl req -noout -text -in hostname.servername.com.csr

command

3.) Get your CSR approved

Now you have generated your CSR you need to copy and paste it into Orbit's panel. You can use your favourite text editor to get the contents of hostname.server.com.csr, anything will do.

Your CSR should then be approved by TP, if not go back through step 2 and make sure that you entered all your information in correctly. If the CSR is accepeted, the order is passed to Freessl / Rapidssl who will do further checks. Firstly you get an email which you must open, read and goto the webpage specified on it. Once at this webpage you will be required to complete a telephone authentication. A PIN number is generated on the webpage which you use your phone's keypad to enter in and then they will take a voice recording of your name.

Once you have completed these steps, your CSR is approved and you will be sent a Certificate. This will come both to the email you listed in you CSR and will appear in Orbit.

4.) Installing the Certificate
Now I had a few troubles with this, but got there in the end. Goto "Change Server Certificates" in root WHM, click cPanel/WHM Server. Put your hostname into the box where it says "Domain this CRT is for" and the CSR should be automatically pasted in for you. If you just copy and paste like you did for the Orbit section.
Next I found that the Cert from orbit didn't work, I'm guessing its formatting issues, so grab the Cert from you mailbox, includiing all the ---Cert begins here--- etc. Paste it into the box for the cert and click "Do it".

Job done. Voila, it should hopefully now have installed a certificate for your WHM / cPanel installation. If you then goto "Tweak Settings" and select "When visiting /cpanel or /whm or /webmail with ssl redirect to the servers hostname." then customers will no longer be told there is a certificate mis-match or the certificate isn't trusted.

Enjoy

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.