Crucial Hosting

Installing An SSL Certificate in cPanel

How to generate a Certificate Signing Request (CSR), Private RSA Key, and install an SSL certificate in cPanel.

  • Applies To: All Services
  • Difficulty: Easy
  • Software Required: None
AWS
This article was last updated on November 4th, 2015

Need Help?

If you'd like us to install your SSL certificate, please submit a ticket to the SSL Certificates department and include your Certificate Key, Private RSA Key, and CA Bundle. There is a $50 installation fee.

If you plan on purchasing an SSL certificate from a third-party, here is a summarized version of the steps you need to take (detailed instructions can be found after this):

  1. Generate a CSR and Private RSA Key from cPanel
  2. Order the SSL certificate using the previously generated CSR
  3. Follow the SSL provider's instructions to authorize the SSL certificate order
  4. Once you receive the certificate key, install the certificate from cPanel

Generate CSR and Private RSA Key

Please Note

If you purchased an SSL certificate from us, you do not need to generate a CSR or Private RSA Key. These are generated automatically for you, and a copy of both are sent to you via email. If you can't find your CSR or Private RSA Key, please submit a ticket to the SSL Certificates department.

  1. Log in to your domain's cPanel, and click on the Generate CSR link.
  2. Select the domain you want to generate a CSR for from the Domain dropdown.. It is important to note that your SSL certificate is bound to a single hostname, e.g. www.yourdomain.com, yourdomain.com, sub.domain.com.
  3. Fill in the rest of the fields with the appropriate information. Here is an example of how this might look:
Company         Crucial Web Hosting, Ltd.
Division        None
City            Phoenix
State           AZ
Country         US
Email Address   webmaster@crucialwebhost.com

Please note, the country must be the ISO-2 country code, e.g. US, CA, or UK.

Your state should also be abbreviated, but some SSL providers require that you spell it out, so please check with them first.

After you hit the Generate button, your CSR and Private RSA Key will be listed at the bottom of the page, and it will look something like this:

-----BEGIN CERTIFICATE REQUEST-----
MIIDCDCCAfACAQAwgagxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJBWjEQMA4GA1UE
BxMHUGhvZW5peDEiMCAGA1UEChMZQ3J1Y2lhbCBXZWIgSG9zdGluZywgTHRkLjEU
MBIGA1UECxMLU1NMIE1hbmFnZXIxEzARBgNVBAMTCmRvbWFpbi5jb20xKzApBgkq
hkiG9w0BCQEWHHdlYm1hc3RlckBjcnVjaWFsd2ViaG9zdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGTPg63cJXNV0cN8eMPyMzhN2hayFza8FG
pGoRczh7+VAu5cSQbiTXdLvjAv2sJyvDppdS2a+3FJYfwUDvNGWLMG2rEhHF2W3T
rL9AQkA1sYpucDuahTQlSsLDyWPVLMpzDDD73kpR8LECwNSenpw5UxZEvYHRz1SU
xs5od4svDgwLyN3nRZ6XVAIVpcW0LRYS4J8eFoJcvDaUPXeq74wVL0iCXpGiKtpb
yWscXkuIFdyH+jzuHuCNNA0mJ+Dj8UIXOQIKFtEqclAynuE2aYxfiyEeZq7ogeik
qkm0g3dc55twrc0vOaClLbtjopJND0WAlFtuyQHmjliXMYS8lY2HAgMBAAGgGjAY
BgkqhkiG9w0BCQcxCxMJYWJjZDEyMzQ1MA0GCSqGSIb3DQEBBQUAA4IBAQCr1OO8
YKQeh5fyHKygO5o8XmI7EJFgm7UpYVpf+cd2c1oagcTvQOijJ3UMKwsurkeRvQ6n
8tqCEl/ZvGblcvvlmtQOiXbdGkJSIrWg1wG0EMxBsWe15FMEeZeXnFxapDaVOAKZ
6Age31U8Dtj/oCZsg0fvmql0aeCb8gYbvHCTMYl2PrFEgE4ij/gf72kjipvJerfm
uSm68eQizbTz4iTHnOK34Yjp/+2PkRpc9HiFNxGwP4900fXaTvUk6A8sMAu9JJFl
xibRn+YfxIi7oGRFlUcjgoep/HgK5S/Tyjj7NeTEj1qw8gbdD+dVr004jLDmD6of
gK31DnbmBmTLwSR+
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxkz4Ot3CVzVdHDfHjD8jM4TdoWshc2vBRqRqEXM4e/lQLuXE
kG4k13S74wL9rCcrw6aXUtmvtxSWH8FA7zRlizBtqxIRxdlt06y/QEJANbGKbnA7
moU0JUrCw8lj1SzKcwww+95KUfCxAsDUnp6cOVMWRL2B0c9UlMbOaHeLLw4MC8jd
50Wel1QCFaXFtC0WEuCfHhaCXLw2lD13qu+MFS9Igl6RoiraW8lrHF5LiBXch/o8
7h7gjTQNJifg4/FCFzkCChbRKnJQMp7hNmmMX4shHmau6IHopKpJtIN3XOebcK3N
LzmgpS27Y6KSTQ9FgJRbbskB5o5YlzGEvJWNhwIDAQABAoIBAA/h4EvOsR8M/h0h
dpEMCYS50op4KyC0c7F1v60QHmkHid2Ht5udxsOe7OF8vtaH+KBd+ma/Wqx+MJvw
fYPrHWrtgQsfkl7XUE2Q22yJId1rD9xSjuOMYaXO/BR0T9OmF7zpMA8sOaWgcnz2
9tCRgY+x0OnGh9xHD84ush9526L0B+xTWulgBRIIwXh1Gv6MrUpFTAHpDwsF2z0u
7+p/yEi+vuQUDw9d734fWz+gUMeuxDdMK468OPD2o4ys9tBYitZqxSVoEqhGlbCH
tUqtCXaEkhNnJDqQdSGuiz/7AbJdGX5+K6NAxix4jR09VD7JXrQAV3avvNHoQGvJ
5SQ9k4kCgYEA7aWgTdI4yBsAxlLdMXCzEAJOnvZH9i3sajGfVVALopffqiGd8ZWd
FWJWCUL4zIiPMYju3JsgpJ/qZVWJHROS2nkybRVgGX0T33/d4ujw1ZwSGw1W0TIJ
AvMX2ajN5GyX+9ZpQKEkrNwI1hKs9peQpbTN36Dn62sIiomdMoD8Y/UCgYEA1Z1z
j7SJCU126MppmX+5oQ/oXF8ordS8eOMSi9NrKkfbODX7iLc0VHTZZLpAwGaBEG/u
UNHPFo8himP7TwpjnUSAPQ/FZP44QQsPIi3zBno3frpWENbfIvGG4dolLZ91VJzF
fmQFX5tcg+Gw0TSP9n46GPGR6FBCVpxEuuOg+gsCgYEAr+lqQDDc10Mlz6iHE5HY
+oC6sfCcVB6qYfFZgE1AT5scdVNtFuco4CtqhHCOuthbJs+2AJbUEwhM+bXXSS60
BgSwzw6DlFqB229LUCweGgDtZhj5quDeytAnV3cc8XlxB3ovbyfZfhtibxRj9CU9
bWvo+SCijCEusV4sfrX8HgECgYEAnmIv3M0vDgaxs8jgoz9gk1sIHfUwZDLny3oR
tjr7qk287OCZr7SmyDgbN+QhPobCCz3ypVnrAf7+D24yV1iMo3621o9q/IbBjvh0
MBOBrbvQidX/Gl029OG/8JWeG0Wv6RyUEjJ3CXxYDDC6uWMPmuPcj8INPQLFLRKQ
o0FDiiECgYAROhJILko716z3/DixpxxV6GrC0wHkVc7LgeUR2aFzsCOi+y4d02T8
mf5d/WJdJXGzGup4lP8SKgFOxu0zAclXqI1MI7ISUVGjwz2rR+cbgH8owoW1/qmk
UKpN3Q5MOf0bx0HhUKLGw3tSIugSOyZQU7Q1QRrv5YWTJ2fWcZ6ETA==
-----END RSA PRIVATE KEY-----

Please copy and paste these to a text file and save it on your local computer for future reference (you can also view these from the SSL Key Manager link in cPanel).

Ordering Your SSL Certificate

Now that you have your CSR and Private RSA Key, you can order an SSL certificate from a third-party provider. You will only need the CSR at this time, as the Private RSA Key is used later when installing the certificate on the server.

Typically when you order an SSL certificate, an authorization email is sent out to the address listed in the Whois contact information for the domain (you can view this by doing a Whois lookup on your domain). Instructions are listed in the email on how to validate the order, which is usually done by clicking on a link.

Once you've verified the order, another email is sent out that contains the actual SSL certificate. This is what you use, along with the Private RSA Key and CA Bundle (Intermediate Certificate) to install the SSL on the server.

Installing Your SSL Certificate

Please Note

Some providers do not show you the data that you need to paste, instead, they just give you files or an archive with files that contain the necessary information. You will need to open the files with a text editor to view the data.

The CSR ends in .csr, the SSL certificate ends in .crt, the Private RSA Key ends in .key, and the CA Bundle (Intermediate Certificate) ends in .cabundle.

The CA Bundle can contain one or more certificate strings, so make sure you copy and paste the entire thing!

  1. Once you've received your SSL certificate from your SSL provider, go back to main page in cPanel and click on the Install SSL Certificate link.
  2. Select the domain that you ordered the SSL certificate for from the Domain dropdown.
  3. Paste the certificate key, which was sent from your SSL provider, in the Certificate box.
  4. Paste the Private RSA Key in the Private RSA Key box.
  5. Paste the CA Bundle (Intermediate Certificate) in the Intermediate Certificate (CA Bundle) box. This is optional, but most providers have one. This is usually included in the email that contains the certificate key. If not, you will need to ask your third-party SSL provider what it is. If there is no mention of a CA bundle, then you most likely do not need one.
  6. Click on the Install Certificate button.

Verify SSL Certificate

You can verify that your SSL has been installed correctly by going here. For Server Hostname, enter the domain you entered when you generated the Private RSA Key, e.g. www.yourdomain.com, yourdomain.com, sub.domain.com, and click the Check SSL button.

Troubleshooting Failed Installs

The main reason SSL certificates fail to install is because:

  • The Private RSA Key does not match the SSL certificate
  • No CA Bundle was entered when the SSL certificate was installed

You will need to reinstall the certificate with the appropriate information.

You can also use the following tools to help you figure out what information to use:

Professional hosting platform starting at $10/mo

View Plans