SSL/TLS Print

  • 0

SSL/TLS

Overview

The features in this interface allow you to generate and manage SSL certificates, signing requests, and keys, which enhance your website’s security. They are useful for websites that regularly work with sensitive information, such as login credentials and credit card numbers. Encryption protects visitors’ communications from malicious users.

Important:

cPanel & WHM supports  Transport Layer Security (TLS) protocol version 1.2and Transport Layer Security (TLS) protocol version  1.3

  • cPanel & WHM only supports TLSv1.2 or newer. The system enables TLSv1.2 by default.
  • Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher.

Note:

CAA (Certificate Authority Authentication) records in the domain’s zone file restrict which CAs (Certificate Authority) may issue certificates for that domain.

  • If no CAA records exist for a domain, all CAs can issue certificates for that domain.
  • If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA. For example, a CAA record for Sectigo would resemble the following example, where example.com represents the domain name:

example.com. 86400 IN CAA 0 issue "sectigoca.com"

You can manage CAA records through cPanel’s Zone Editor interface (cPanel >> Home >> Domains >> Zone Editor). For more information about a CA’s requirements, read their documentation.

Available features

This interface contains the following features:

  • Default SSL/TLS Key Type — Select the type of key the system uses by default for SSL/TLS certificates and certificate signing requests.
  • Private Keys (KEY) — Generate, view, upload, or delete private keys.
  • Certificate Signing Requests (CSR) — Generate, view, or delete SSL certificate signing requests.
  • Certificates (CRT) — Set up an SSL certificate for the site.
  • Install and Manage SSL for your site (HTTPS) — Generate, view, upload, or delete SSL certificates.

Default SSL/TLS Key Type

The Default SSL/TLS Key Type section of this interface lets you select a preferred default SSL/TLS key type. The system uses the selected key when it provisions all SSL/TLS certificates and signing requests. When you set a new default key type, this supersedes the server’s set default key type. For more information about the available key types, read the SSL/TLS Key Types documentation.

After you select a preferred key type, click Save to update your settings.

Important:

When you update your preferred key type, the system will perform an AutoSSL run. This updates all installed AutoSSL-issued certificates to use the new key type.

Private Keys (KEY)

When you set up an SSL certificate for your site, you must first add a private key. To access this interface, click Generate, view, upload, or delete your private keys.

This interface allows you to perform any of the following actions:

  • Generate a new private key.
  • Upload an existing private key.
  • Edit a current private key.
  • Remove a current private key.

You can generate a new key or upload an existing key through a *.key file.

Important:

  • We strongly recommend that you save a copy of your private key in a safe location. You cannot recover a lost private key.
  • We strongly recommend that you use SSL certificates if your visitors submit sensitive information to your website.

Keys on Server

The Keys on Server table contains the following information:

Column

Description

Description

The private key’s description.

ID

The private key’s ID.

Key Type

The type of private key.

Actions

  • Edit — Edit the private key.
  • Delete — Delete the private key.

Generate a new private key

To generate a private key, perform the following steps:

  1. Select the desired key from the Key Type menu. Optionally, in the Description text box, enter a brief description about this private key.
  2. Click Generate. A new interface will appear that displays the requested key in an encoded and decoded format.
  3. Copy the desired key.
  4. Click Return to Private Keys. The new key displays in the Keys on Server table.
  5. Upload the new key to the server. To do this, use either the paste a private key or browse for a private key methods.

Upload a new private key

Perform either of the following actions to upload a private key:

  • Paste the key in the text box.
  • Browse for the key.

Paste a private key

To paste a private key, perform the following steps:

  1. Paste a key in the Paste the key into the following text box: text box.
  2. Optionally, in the Description text box, enter a brief description about this private key.
  3. Click Save to upload your private key. A new interface will appear that displays a success or failure message.

Browse for a private key

To browse for a private key, perform the following steps:

  1. Click Choose File to upload a *.key file.
  2. Optionally, in the Description text box, enter a brief description for this private key.
  3. Click Upload. A new interface will appear that displays a success or failure message.

Delete a private key

To delete a private key, perform the following steps:

  1. Locate the key that you wish to delete in the Keys on Server table.
  2. Click Delete in the Actions column next to the key that you wish to remove. The system will redirect you to the Private Key interface.
  3. Click Delete Key. A success or failure message will appear.

Edit and view details about a private key

To edit a key’s description or view a key, perform the following steps:

  1. Locate the key that you wish to edit in the Keys on Server table.
  2. Click View & Edit in the Actions column next to the key that you wish to edit. A new interface will appear that displays the description, the encoded private key, and the decoded private key.
  3. Edit the Description text box.
  4. Click Update. A success or failure message will appear next to the Description text box.

Certificate Signing Requests (CSR)

This interface allows you to generate, view, or delete a certificate signing request (CSR). You can also view and edit current descriptions and encoded private keys and decoded private keys.

To access this interface, click Generate, view, or delete SSL certificate signing requests.

Certificate Signing Requests on Server

The Certificate Signing Requests on Server table contains the following information:

Column

Description

Domains

The CSR’s domain.

Created

The time that you created the CSR, in Universal Time, Coordinated (UTC).

Description

The CSR’s description.

Actions

  • Edit — Edit the CSR.
  • Delete — Delete the CSR.

Generate a new CSR

Warning:

You must have or generate a key before you generate a signing request.

To generate a CSR, perform the following steps:

  1. Under the Generate a New Certificate Signing Request (CSR) heading, select the key from the Key menu.
  • When you select a key, the Edit option appears. Click Edit to view and edit the information for your private key.
  • If the desired key does not appear in the menu, select the type of key you wish to generate from the Key menu. You can also add a new private key to the Private Key section of the interface.
Enter the required information in the text boxes below the Key menu. Click Generate.

Note:

Your hosting provider may require additional information.

Delete a CSR

To delete a CSR, perform the following steps:

  1. Locate the CSR that you wish to delete in the Certificate Signing Requests on Server table.
  2. Click Delete in the Actions column. A new interface will appear.
  3. Click Delete CSR to confirm.
  • A message of success or failure will appear.
  • If you do not wish to delete the CSR, click Cancel.

Edit and view details about a CSR

To edit a description or view a CSR, perform the following steps:

  1. Locate the CSR that you with to edit in the Certificate Signing Requests on Server table.
  2. Click Edit in the Actions column. A new interface will appear that displays the description, the encoded CSR, and the decoded CSR.
  3. Enter any desired changes in the Description text box.
  4. Click Update Name. A message of success or failure will appear next to the Description text box.

Certificates (CRT)

This interface allows you to generate, view, upload, or delete SSL certificates. To access this interface, click Generate, view, upload, or delete SSL certificates.

Certificates on Server

The Certificates on Server table contains the following information:

Column

Description

Domains

The private key’s description.

Issuer

The Certificate Authority (CA) that issues the certificate.

Expiration

The time that the certificate expires, in Universal Time, Coordinated (UTC).

Key Type

The type of private key.

Description

The certificate’s description.

Actions

  • Edit — Edit the SSL certificate.
  • Delete — Delete the SSL certificate.
  • Install — Install the SSL certificate.

Upload a New Certificate

To paste a certificate, perform the following steps:

  1. Under the Upload a New Certificate heading, paste the text of the certificate in Paste the certificate into the following text box: text box.
  2. Optionally, in the Description: text box, enter a brief description for this certificate.
  3. Click Save Certificate to upload your certificate.
  4. A success or error message will appear on a new screen.

To browse for a certificate, perform the following steps:

  1. Under the Choose a certificate file (.crt)* heading, click Choose File.
  2. Optionally, in the Description: text box, write a brief description about this certificate.
  3. Click Upload Certificate.
  4. <span style="font-size: 12.0pt; font-family: 'Arial',sans-serif; mso-farea

Was this answer helpful?

« Back