The features in this interface allow you to generate and manage SSL certificates, signing requests, and keys, which enhance your website’s security. They are useful for websites that regularly work with sensitive information, such as login credentials and credit card numbers. Encryption protects visitors’ communications from malicious users.
cPanel & WHM only supports TLSv1.2 or later. The system enables TLSv1.2 by default.
Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher.
If you are using AutoSSL or SSL certificates purchased via your cPanel account to secure a linked mail node, your cPanel & WHM nodes must be able to manage the authoritative DNS server.
You can also purchase and install SSL certificates in cPanel’s SSL/TLS Wizard interface (cPanel » Home » Security » SSL/TLS Wizard).
Note
CAA (Certificate Authority Authentication) records in the domain’s zone file restrict which CAs (Certificate Authority) may issue certificates for that domain.
If no CAA records exist for a domain, all CAs can issue certificates for that domain.
If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA. For example, a CAA record for Let’s Encrypt™ would resemble the following example, where example.com represents the domain name:
example.com. 86400 IN CAA 0 issue "letsencrypt.org"
You can manage CAA records through cPanel’s Zone Editor interface (cPanel » Home » Domains » Zone Editor). For more information about a CA’s requirements, read their documentation.
Available features
This interface contains the following features:
Default SSL/TLS Key Type — Select the type of key the system uses by default for SSL/TLS certificates and certificate signing requests.
Certificates (CRT) — Set up an SSL certificate for the site.
Install and Manage SSL for your site (HTTPS) — Generate, view, upload, or delete SSL certificates.
Default SSL/TLS Key Type
The Default SSL/TLS Key Type section of this interface lets you select a preferred default SSL/TLS key type. The system uses the selected key when it provisions all SSL/TLS certificates and signing requests. When you set a new default key type, this supersedes the server’s set default key type. For more information about the available key types, read the SSL/TLS Key Types documentation.
After you select a preferred key type, click Save to update your settings.
Important
When you update your preferred key type, the system will perform an AutoSSL run. This updates all installed AutoSSL-issued certificates to use the new key type.
Private Keys (KEY)
When you set up an SSL certificate for your site, you must first add a private key.
To access this interface, click Generate, view, upload, or delete your private keys.
This interface allows you to perform any of the following actions:
Generate a new private key.
Upload an existing private key.
Edit a current private key.
Remove a current private key.
You can generate a new key or upload an existing key through a *.key file.
Important
We strongly recommend that you save a copy of your private key in a safe location. You cannot recover a lost private key.
We strongly recommend that you use SSL certificates if your visitors submit sensitive information to your website.
Keys on Server
The Keys on Server table contains the following information:
Column
Description
Description
The private key’s description.
ID
The private key’s ID.
Key Type
The type of private key.
Actions
Edit — Edit the private key.
Delete — Delete the private key.
Edit and view details about a private key
To edit a key’s description or view a key, perform the following steps:
.1Locate the key that you wish to edit in the Keys on Server table in the Private Keys (KEY) interface.
.2Click Edit in the Actions column next to the key that you wish to edit. A new interface will appear that displays the description, the encoded private key, and the decoded private key.
.3Edit the Description text box.
.4Click Update. A success or failure message will appear next to the Description text box.
Delete a private key
To delete a private key, perform the following steps:
.1Locate the key that you wish to delete in the Keys on Server table in the Private Keys (KEY) interface.
.2Click Delete in the Actions column next to the key that you wish to remove. The system will redirect you to the Private Key interface.
.3Click Delete Key. A success or failure message will appear.
Generate a new private key
To generate a private key, perform the following steps:
.1Select the desired key from the Key Type menu. Optionally, in the Description text box, enter a brief description about this private key.
.2Click Generate. A new interface will appear that displays the requested key in an encoded and decoded format.
.3Copy the desired key.
.4Click Return to Private Keys. The new key displays in the Keys on Server table.
Perform either of the following actions to upload a private key:
Paste the key in the text box.
Browse for the key.
Paste a private key
To paste a private key, perform the following steps:
.1Paste a key in the Paste the key into the following text box: text box.
.2Optionally, in the Description text box, enter a brief description about this private key.
.3Click Save to upload your private key. A new interface will appear that displays a success or failure message.
Browse for a private key
To browse for a private key, perform the following steps:
.1Click Choose File to upload a *.key file.
.2Optionally, in the Description text box, enter a brief description for this private key.
.3Click Upload. A new interface will appear that displays a success or failure message.
Certificate Signing Requests (CSR)
This interface allows you to generate, view, or delete a certificate signing request (CSR). You can also view and edit current descriptions and encoded private keys and decoded private keys.
To access this interface, click Generate, view, or delete SSL certificate signing requests.
Certificate Signing Requests on Server
The Certificate Signing Requests on Server table contains the following information:
Column
Description
Domains
The CSR’s domain.
Created
The time that you created the CSR, in Universal Time, Coordinated (UTC).
Description
The CSR’s description.
Actions
Edit — Edit the CSR.
Delete — Delete the CSR.
Edit and view details about a CSR
To edit a description or view a CSR, perform the following steps:
.1Locate the CSR that you with to edit in the Certificate Signing Requests on Server table in the Certificate Signing Requests (CSR) interface.
.2Click Edit in the Actions column. A new interface will appear that displays the description, the encoded CSR, and the decoded CSR.
.3Enter any desired changes in the Description text box.
.4Click Update Name. A message of success or failure will appear next to the Description text box.
Delete a CSR
To delete a CSR, perform the following steps:
.1Locate the CSR that you wish to delete in the Certificate Signing Requests on Server table in the Certificate Signing Requests (CSR) interface.
.2Click Delete in the Actions column. A new interface will appear.
.3Click Delete CSR to confirm.
A message of success or failure will appear.
If you do not wish to delete the CSR, click Cancel.
Generate a new CSR
Warning
You must have or generate a key before you generate a signing request.
To generate a CSR, perform the following steps:
.1Under the Generate a New Certificate Signing Request (CSR) heading, select the key from the Key menu.
When you select a key, the Edit option appears. Click Edit to view and edit the information for your private key.
If the desired key does not appear in the menu, select the type of key you wish to generate from the Key menu. You can also add a new private key to the Private Key section of the interface.
.2Enter the required information in the text boxes below the Key menu.
NoteIf you do not need the CSR for a business, you can enter your legal name in the Company text box.
.3Click Generate.
Note
Your hosting provider may require additional information.
Certificates (CRT)
This interface allows you to generate, view, upload, or delete SSL certificates.
To access this interface, click Generate, view, upload, or delete SSL certificates.
Certificates on Server
The Certificates on Server table contains the following information:
Column
Description
Domains
The private key’s description.
Issuer
The Certificate Authority (CA) that issues the certificate.
Expiration
The time that the certificate expires, in Universal Time, Coordinated (UTC).
Key Type
The type of private key.
Description
The certificate’s description.
Actions
Edit — Edit the SSL certificate.
Delete — Delete the SSL certificate.
Install — Install the SSL certificate.
Edit and view details about a certificate
To edit a description or view a certificate, perform the following steps:
.1Locate the certificate that you wish to edit in the Certificates on Server table in the Certificates (CRT) interface.
.2Click Edit. A new interface will appear that displays the description, the encoded certificate, and the decoded certificate.
.3In the Description: text box, enter your changes, and then click Update Description. A success or error message will appear.
To delete the certificate you are viewing, click Delete Certificate at the bottom of the interface.
Delete a certificate
To delete a certificate, perform the following steps:
.1Locate the certificate that you wish to delete in the Certificates on Server table in the Certificates (CRT) interface..
.2Click Delete for that certificate. A new interface will appear.
.3Click Delete Certificates. A success or error message will appear.
Install a certificate
To install a certificate, click Install in the Actions column under the Certificates on Server heading in the Certificates (CRT) interface..
Upload a New Certificate
To paste a certificate, perform the following steps:
.1Under the Upload a New Certificate heading, paste the text of the certificate in Paste the certificate into the following text box: text box.
.2Optionally, in the Description: text box, enter a brief description for this certificate.
.3Click Save Certificate to upload your certificate.
.4A success or error message will appear on a new screen.
To browse for a certificate, perform the following steps:
.1Under the Choose a certificate file (.crt)* heading, click Choose File.
.2Optionally, in the Description: text box, write a brief description about this certificate.
.3Click Upload Certificate.
.4A success or error message will appear.
Generate a New Certificate
To generate a self-signed SSL certificate, perform the following steps:
.1Under the Generate a New Certificate heading, select the key from the Key menu. If the desired key does not appear in the menu, use the Private Keys feature to add a new private key.
.2Enter the appropriate information in the Domains, City, State, Company, Company Division, Email, and Description text boxes and the Country menu. You must enter the Domains, City, State, Country, and Company information.
.3Click Generate.
Important
We reserve self-signed certificates for intranet uses. To secure a public website, we recommend that you purchase and install a certificate from a trusted CA.
Install and Manage SSL for your site (HTTPS)
In WHM, system administrators can create and install SSL certificates for their users’ cPanel accounts. cPanel users can manage the certificates that correspond to their domains.
To access this interface, click Manage SSL sites.
This interface allows you to perform the following actions:
Change the primary domain on a shared IP address.
Update a certificate.
Uninstall a certificate.
View a certificate’s details.
Use a certificate for another site.
Warning
Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.
If a SSL certificate already exists on a domain with a dedicated IP address, the interface displays the Manage Installed SSL Websites table below the introductory text.
Column
Description
FQDN
The website’s domain name.
Certificate Expiration
The date when the certificate expires.
Document Root
The location of the domain’s website files.
Actions
You can perform the following actions:
Make Primary — Make this website the main domain on the shared IP address.
A success or failure message will appear above the table.
This action only appears for non-primary websites.
Uninstall — Uninstall the SSL certificate. A message will appear to confirm the action. Click Proceed to continue, or click Cancel to return to the Manage Installed SSL Hosts section.
Update Certificate — Update the SSL certificate. The Install an SSL Host section will appear below the table where you modify the form.
Certificate Details — View additional information about the certificate.
Use Certificate for New Site — Use the certificate for another website, addon domain, or subdomain. The Install an SSL Host section will appear below the table where you can modify the form to change the Domain menu.
Install an SSL Website
Use the form in the Install an SSL Website section to install a certificate. You can use three different methods to install a certificate:
Click Browse Certificates.
Search by domain.
Manually enter the information.
Browse Certificates
To use Browse Certificates to install a certificate, perform the following steps:
.1Click Browse Certificates.
.2Click the button that corresponds to the desired certificate. Only certificates that correspond to a domain appear in the list.
.3Click Use Certificate to return to the Install an SSL Host section. The certificate’s information will appear in the text boxes.
.4Optionally, enter the appropriate information in the Certificate Authority Bundle: (CABUNDLE) text box.
.5Click Install Certificate. A success or failure message will appear.
Search by domain
To search by domain to install a certificate, perform the following steps:
.1Select the desired domain in the Domain menu.
.2Click Autofill by Domain. The interface will attempt to retrieve and enter the certificate information.
If this step succeeds, the available text boxes will contain the appropriate information.
If this step does not succeed, the text boxes will remain empty.
.3Click Install Certificate. A success or failure message will appear.
Manually enter information
To manually enter the information to install a certificate, perform the following steps:
.1Select the desired domain in the Domain menu.
.2Enter the certificate information in the Certificate (CRT) text box.
.3Enter the private key information in the Private Key (KEY) text box.
.4Optionally, enter the certificate authority information in the Certificate Authority Bundle (CABUNDLE) text box.
.5Click Install Certificate. A success or failure message will appear.