It’s a complex scenario and as you can see from title itself it includes a number of overwhelming terms easy enough to keep away any non-admin guy. Be with me and I’ll demystified this whole topic in a minute.
First let’s clarify the requirements. We have followings and we want to install SSL certificate on a domain. It doesn’t matter if it’s a domain e.g. ajaykumarsingh.com or a subdomain e.g. app.ajaykumarsingh.com.
- Dedicated Apache Server (CentOS) server with WHM & cPanel
- Domain on which we want to install SSL certificate doesn’t have a dedicated IP addressed assigned to it.
- There are already few more SSL certificates installed on other domains hosted on this server.
- SSL certificate is purchased and we have obtained the .crt file.
Here is the problem. You can’t install multiple SSL certificates on a server unless it has SNI. What the heck is SNI? Google for it.
The good news is that Apache v2.2.12 and later supports SNI, which means we can install multiple SSL certificates on a server and this doesn’t require domain to have a dedicated IP address.
Purchase SSL Certificate
Since this tutorial is about installing certificate I’m assuming you have already purchased SSL certificate from a provider. I purchase all my SSL certficates from GoDaddy. Why GoDaddy? Well it’s just matter of personal choice and these guys have great support and plenty of tutorials available on their help section to guide through entire process of SSL certificate business. In fact it’s GoDaddy tutorial which I followed to figure out how to do it. I had to figure out some of the steps on my own though.
Download SSL certificate and save it on your local PC. If you have purchased SSL certificate from GoDaddy then the downloaded zipped file will contain two .crt files which again is fucking confusing. Which file is actual certificate?
The zipped file (for Apache) contains two .crt files, in my case these are followings:
As I figured out by myself the later one is the actual .crt file which you will install on server.
Installing SSL certificate via cPanel & WHM
You might ask why I’ve to use cPanel and WHM both to install SSL certificate. Can’t it be done from just one interface – either WHM or cPanel? The answer is yes it can be done but I’m no fucking genius so I don’t know how to do it. You should be able to install SSL certificate from cPanel itself instead of using WHM but for that you might have to tweak some server settings to allow cPanel to have this capability. Go figure out yourself.
Let’s cut the chase and get down to the business.
Launch cPanel for the domain on which you want to install SSL certificate. Browse to security section and click on SSL/TLS Manager
On SSL/TLS Manager page click on Generate, view, upload, or delete SSL certificate.
On Certificates page locate Upload a New Certificate section and click on Choose File.
Browse to the folder where you have saved your SSL certificate and select the .crt file (in my case it’s 31bfdf4fe52391.crt)
Click on Upload.
Once it’s uploaded it will show a message for the same.
cPanel business ends here.
Step 4: Install the certificate
It’s not all done. You have just uploaded the SSL certificate, the next step is to install the SSL certificate. To install certificate I used WHM.
Login to WHM and go to SSL/TLS »Install an SSL Certificate and Setup the Domain
On this page scroll down a bit and locate Domain [Browse], click on Browse. On browse window select the domain/subdomain on which you want to install the certificate. Once it’s selected it will populate the fields as shown below.
You have to enter nobody in Use field instead of the domain’s account name otherwise it will show error since we don’t have a dedicated IP for this domain.
Scroll up on this page and click on Submit button.
Once installed it will show the message.
That’s all folks mission accomplished!
Check if SSL is working
You can check it at SSL Shopper. Enter your domain or subdomain on which you have installed SSL certificate and click on check SSL.
500 Internal Server Error
If you encounter this error when you visit https:// then it means your SSL was installed with wrong user account. You can check Apache error log to find out exact error.
You can fix this error in /etc/httpd/conf/httpd.conf file under SSL entry by changing the account user name.
I’m not sure if above above steps are the best (easiest/proper) way to install SSL certificate. As it stands out I know only above ways. If you know any better way to do it then let me know in comments.