Child pages
  • Installing an SSL Certificate
Skip to end of metadata
Go to start of metadata

At 100TB.com we provide unlimited single-host Comodo Positive SSL certificates for free to our clients. These types of certificates are good for most situations and there is no limit as to how many you may request from us.

You can request a certificate here:

https://cp.100tb.com >> Apps >> SSL >> Create New >> [enter details - domain & CSR ] >> Create SSL Certificate

A brief overview of SSL...

Secure Sockets Layer, or SSL, is simply a means of enabling data encryption between two peers. Without an SSL-encrypted connection, all of the data being passed back and forth is easily viewable by an intermediary as plain text.

 SSL encryption functionality relies on an algorithmic hash between a host’s privately held identity (private key) and a corresponding identity that is being presented publicly to connecting users (certificate).

 It is possible to create and sign your own certificates, but since you are probably not a widely-known ‘trusted’ authority, browsers and other clients will display a warning to the connecting user, or deny the connection outright. A self-signed certificate is all that is needed to encrypt connections if you don’t have a client-facing application that is required for you to appear trustworthy.


Summarized, the process of installing a ‘trustworthy’ signed certificate on a service such as a website is as follows:


  1. Create private key

  2. Create Certificate Signing Request (CSR) from private key

  3. Send CSR to a reputable certificate authority

  4. Install/configure certificate(s) provided by that certificate authority.

Trusted SSL installation

cPanel Website

  1. Log in to cPanel

  2. Click SSL/TLS Manager (or SSL/TLS on newer versions of WHM/cPanel)

  3. Generate private key - Click "Generate, view, upload, or delete your private keys"

    1. Your existing keys - if there are any - are listed under “Keys on Server”, otherwise you will not see this section displayed. If you already have a key, you should be able to skip to step 4

    2. Select key size (our certificates only support 2048 bits)

    3. Click Generate

    4. Click Return to SSL Manager at the bottom of the page to return to the SSL/TLS Manager.

  4. Generate CSR - Back on the SSL/TLS Manager, click Generate, view, or delete SSL certificate signing requests

    1. If any CSRs already exist for the domain you need a certificate for, delete them

    2. Complete the form under “Generate a New Certificate Signing Request (CSR)”. Under “Key” you will select the private key that you generated in the previous step

    3. On completion of the form, click Generate

    4. You will be provided with a long string of code in a box titled “Encoded Certificate Signing Request”. You will need to temporarily copy all of the contents of this box and save them for later when you request a certificate.

  5. Order certificate


    • To order a certificate you will need to provide the contents of the CSR code to the authority who you are requesting your certificate from. See Requesting a Certificate for more info on requesting a certificate from 100TB. 


  6. Download certificate(s) - The certificate authority will provide you with what is referred to as a Certificate Authority (CA) Bundle. This is a collection of certificates that enhance the overall trustworthiness of the host being certified, also called intermediary certificates.

  7. Install certificate(s) - On the SSL/TLS Manager, click Generate, view, upload or delete SSL certificates 

    1. For each certificate that you received in the CA Bundle:

      1. Click Upload a New Certificate

      2. Under ‘Choose a certificate file (*.crt)’ click Choose File to locate the certificate file on your computer

      3. Click Upload Certificate

    2. Click Return to SSL Manager to return to the SSL/TLS Manager.

  8. Activate certificate

    1. From the SSL/TLS Manager click Setup an SSL certificate to work with your site. If this option is not available, it may have been disabled intentionally in WHM, or it requires a dedicated IP for that cPanel account

    2. Select the certificate you wish to install from the Domain dropdown menu and click Autofill by Domain. This will retrieve your private key, CSR and certificates to prepare them for activation

    3. Click Install Certificate and you’re all done! 

Navigating to https://your_domain.com should now work. If you have a complete trusted certificate bundle installed you should not receive any errors from your web browser and the green secure lock should display next to your web address URL. If there are any subsequent links on your page that contain “http://” in them instead of “https://”, this lock may appear yellow and provide a minor warning.

OpenSSL (Advanced)

Prerequisites - you must have OpenSSL installed:

CentOS/RedHat: yum -y install openssl openssl-devel

Ubuntu/Debian: apt-get -y install libssl0.9.8


Generate RSA (private) key

mkdir ~/domain.com.ssl/
cd ~/domain.com.ssl/
openssl genrsa -out domain.com.key 2048

Create a CSR

openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr

Verify your CSR

openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr

Submit your CSR

Send CSR to an SSL authority for certificate retrieval

Install certificate!

Where you install the certificate depends entirely on which host you are installing it on, and for what software. For use with a website on a basic Apache webserver installation you will need to locate and open the configuration file for your website:

CentOS/RedHat: /etc/httpd/conf/httpd.conf
Ubuntu/Debian: /etc/apache2/sites-available/your_domain.com.conf

Once open, simply add the following lines to your VirtualHost configuration for that website, filling in your particular site details.

<VirtualHost 192.168.0.1:443>

DocumentRoot /var/www/html
ServerName www.your_domain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/extra_CA_certificate.crt

</VirtualHost>

Then reload your webserver configuration to complete the setup!

service apache2 reload
or
service httpd reload

If you want the website to work with both encrypted and non-encrypted traffic, you will need to have two virtual host entries, one for port 80 (non-SSL) and one for port 443 (SSL only). In the port 443 entry you must specify the ‘SSLEngine on’ in order for SSL to be properly engaged when a request for that website is received.

Requesting a Certificate from 100TB.com

  1. Log in to https://cp.100tb.com 

  2. Navigate to Apps >> SSL >> Create New

  3. Enter certificate contact details and paste the contents of your generated CSR code into the ‘CSR’ box. For ownership verification purposes, accepted emails are: admin@domain.tld, administrator@domain.tld, webmaster@domain.tld, postmaster@domain.tld, or hostmaster@domain.tld.

  4. Click Create SSL Certificate

  5. You will receive an email shortly afterwards with a confirmation link and further instructions on how to retrieve your certificate.