Manage Service SSL Certificates

For WHM version 11.40

(Home >> Service Configuration >> Manage Service SSL Certificates)

Overview

The Manage Service SSL Certificates interface in WHM allows you to manage certificates for your server's services, such as Exim (SMTP), POP3 and IMAP, the cPanel Services (cPanel & WHM and Webmail), and your FTP server. SSL certificates allow your web server to identify itself to the computers that access it.

You can choose between a certificate purchased from the certificate authority or a self-signed certificate.

ALERT! Warning: We recommend that you do not use self-generated, self-signed certificates. They are not as secure as certificates purchased from a certificate authority. Any server could claim to be your server because no third-party verification system is used. To remedy this, register with a certificate authority (CA), which will verify that users are securely connected to your server.

To learn how to generate or purchase a certificate, read our SSL Certificate documentation.

Service SSL Certificates

At the top of the interface, you will see a table that contains the services on your server and the certificates for each service:

Column Description
Service The service that the certificate secures.
Certificate Domains The domain of the service that the certificate secures.
Certificate Expiration The date on which the certificate will expire.
note Note: Before the certificate expires, WHM will send a warning to the system administrator's email address. Also, a warning will appear on the WHM Home Screen so you can reset or replace the certificates.
Certificate Key Size The size of the key (in bits) that was used to generate the certificate. Larger numbers result in certificates that are more secure.
Actions (See below)

Reset a Certificate

This option uninstalls the current certificate for the service and replaces it with a new self-signed certificate.

To reset a certificate:

  1. Click the Reset Certificate link to the right of the service for which you wish to reset the certificate.
    • ALERT! Warning: This option will automatically erase an existing certificate. If you replace a purchased certificate with a self-signed one, users may see warnings because their client applications do not trust self-signed certificates.
  2. Click Generate a New Certificate to continue.

note Note: Your certificate will automatically be installed.

Certificate Details

This option displays details about the certificate that is installed for the service:

Column Description
Domains The domain of the service that the certificate secures.
Issuer Information about the CA that issued the certificate.
note Note: If the certificate is self-signed, this column will display a warning message.
Key Size The size of the key (in bits) that was used to generate the certificate. Larger numbers result in certificates that are more secure.
Expiration The date on which the certificate will expire.
note Note: Before the certificate expires, WHM will send a warning to the system administrator's email address. Also, a warning will appear on the WHM Home Screen so you can reset or replace the certificates.

Apply Certificate to Another Service

This option allows you to apply a certificate to multiple services. This is useful when you have a signed certificate for your server's main domain that you wish to apply to all WHM services on your server.

To apply a certificate to another service:

  1. Click the appropriate Apply Certificate to Another Service link.
  2. You will be taken to the Install a New Certificate section of the interface.
    • note Note: WHM fills in the details of the Install a New Certificate form with the certificate's information.
  3. Select the services for which you wish to apply this certificate.
  4. Click Install to install the certificate to the selected services, or click Cancel to cancel the operation.
    • ALERT! Warning: If you replace a purchased certificate with a self-signed one, users may see warnings because their client applications do not trust self-signed certificates.

Install a New Certificate

This form allows you to install a new certificate that you can use to secure the services on your server.

  1. If you wish to use a certificate that is already on your server, click Browse Certificates.
    1. Click Browse Account and select the username from the list, or click Browse Apache
    2. Select the certificate that you wish to use from the list.
    3. Click Use Certificate to use the certificate, or click Cancel to cancel the operation.
      • note Note: WHM fills in the details of the Install a New Certificate form with the certificate's information.
  2. Select the services that you wish for the certificate to secure.
  3. Paste the contents of the Certificate file (.crt) into the Certificate box.
    • note Note: You can click Autofill by certificate to search for the corresponding private key and CA bundle from cPanel's public CA bundle repository.
  4. Paste the contents of the Private Key file (.key) into the Private Key box.
  5. If you have a CA bundle, paste the contents of that bundle (.cab) into the Certificate Authority Bundle box.
  6. Click Install to install the certificate, or click Cancel to cancel the operation.
  7. If you selected the cpsrvd service daemon, and the certificate has installed correctly, you will be prompted to restart cpsrvd. Click Restart cpsrvd to restart the cPanel service daemon.
    PICK Important: This restart is required each time that you install a new SSL certificate for cpsrvd.

Topic revision: r9 - 02 Dec 2013 - 23:38:03 - Main.SarahHaney