Crucial Hosting

Installing A Wildcard SSL Certificate

How to install a wildcard SSL certificate in cPanel and setup sub domains on the certificate using a single dedicated IP address.

  • Applies To: All Services
  • Difficulty: Easy
  • Software Required: None
This article was last updated on November 4th, 2015

Installing a wildcard SSL certificate in cPanel is not the easiest thing in the world, and once you do have it installed, being able to actually take advantage of the wildcard feature can be troublesome.

Depending on who you ask, some people will tell you that you need a dedicated IP address for every sub domain you want to have the SSL installed on, that manual edits to the httpd.conf file are required, or that you should have no problem adding sub domains and have them work with HTTPS.

The problem is, this isn't the case. So here's how to actually install a wildcard SSL on cPanel.

First, you need to generate a CSR. However, since the domain will require an asterisk in it, you'll need to submit a ticket to the SSL Certificates department and have them generate a CSR for you.

Once the CSR is generated, go ahead and purchase your SSL certificate.

When you receive the certificate key, you can now install the certificate. You'll need the following:

  • Certificate Key
  • Private RSA Key
  • CA Bundle (Intermediate Certificate)

Both the Certificate Key and CA Bundle are provided after you order the SSL certificate and it's been approved. The Private RSA Key is provided when you generate the CSR.

Login to cPanel and click on the Install SSL Certificate link. From the Domain dropdown, be sure to select the domain that does not have www. in front of it.

Now, in doing this, when cPanel generates the block of code in the httpd.conf file, it's going to set the document root to the following:


And that's ok, but if you want to setup sub domains outside the public_html directory, then the wildcard SSL won't work unless you manually modify the httpd.conf file, which you can't do since it requires root access.

So, to get around this, we need to use mod_rewrite to redirect requests to the appropriate directory.

When you actually set up a sub domain, you can set the path to the document root, and it's probably best to do something like this:


In the .htaccess file in your public_html directory, for each sub domain that needs an SSL certificate, you will need to add the following:

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{HTTP_HOST} ^sub\.domain\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/domains/sub\.domain\.com/
RewriteRule ^(.*)$ /domains/$1

You'll want to replace path with the appropriate data, of course, but it has to reside in the public_html directory (although you could create a symbolic link to a directory outside the public_html directory).


If you're using Magento, you don't have to add anything to your .htaccess file. Simply setup additional stores as parked domains, following the instructions outlined here.

Professional hosting platform starting at $10/mo

View Plans