At 100TB.com we provide unlimited single-host Comodo Positive SSL certificates for free to our clients. These types of certificates are good for most situations and there is no limit as to how many you may request from us.
You can request a certificate here:
https://console.100tb.com >> Apps >> SSL >> Create New >> [enter details - domain & CSR ] >> Create SSL Certificate
A brief overview of SSL...
Secure Sockets Layer, or SSL, is simply a means of enabling data encryption between two peers. Without an SSL-encrypted connection, all of the data being passed back and forth is easily viewable by an intermediary as plain text.
SSL encryption functionality relies on an algorithmic hash between a host’s privately held identity (private key) and a corresponding identity that is being presented publicly to connecting users (certificate).
It is possible to create and sign your own certificates, but since you are probably not a widely-known ‘trusted’ authority, browsers and other clients will display a warning to the connecting user, or deny the connection outright. A self-signed certificate is all that is needed to encrypt connections if you don’t have a client-facing application that is required for you to appear trustworthy.
Summarized, the process of installing a ‘trustworthy’ signed certificate on a service such as a website is as follows:
Create private key
Create Certificate Signing Request (CSR) from private key
Send CSR to a reputable certificate authority
Install/configure certificate(s) provided by that certificate authority.
Trusted SSL installation
Log in to cPanel
Click SSL/TLS Manager (or SSL/TLS on newer versions of WHM/cPanel)
Generate private key - Click "Generate, view, upload, or delete your private keys"
Your existing keys - if there are any - are listed under “Keys on Server”, otherwise you will not see this section displayed. If you already have a key, you should be able to skip to step 4
Select key size (our certificates only support 2048 bits)
Click Return to SSL Manager at the bottom of the page to return to the SSL/TLS Manager.
Generate CSR - Back on the SSL/TLS Manager, click Generate, view, or delete SSL certificate signing requests
If any CSRs already exist for the domain you need a certificate for, delete them
Complete the form under “Generate a New Certificate Signing Request (CSR)”. Under “Key” you will select the private key that you generated in the previous step
On completion of the form, click Generate
You will be provided with a long string of code in a box titled “Encoded Certificate Signing Request”. You will need to temporarily copy all of the contents of this box and save them for later when you request a certificate.
To order a certificate you will need to provide the contents of the CSR code to the authority who you are requesting your certificate from. See Requesting a Certificate for more info on requesting a certificate from 100TB.
Download certificate(s) - The certificate authority will provide you with what is referred to as a Certificate Authority (CA) Bundle. This is a collection of certificates that enhance the overall trustworthiness of the host being certified, also called intermediary certificates.
Install certificate(s) - On the SSL/TLS Manager, click Generate, view, upload or delete SSL certificates
For each certificate that you received in the CA Bundle:
Click Upload a New Certificate
Under ‘Choose a certificate file (*.crt)’ click Choose File to locate the certificate file on your computer
Click Upload Certificate
Click Return to SSL Manager to return to the SSL/TLS Manager.
From the SSL/TLS Manager click Setup an SSL certificate to work with your site. If this option is not available, it may have been disabled intentionally in WHM, or it requires a dedicated IP for that cPanel account
Select the certificate you wish to install from the Domain dropdown menu and click Autofill by Domain. This will retrieve your private key, CSR and certificates to prepare them for activation
Click Install Certificate and you’re all done!
Navigating to https://your_domain.com should now work. If you have a complete trusted certificate bundle installed you should not receive any errors from your web browser and the green secure lock should display next to your web address URL. If there are any subsequent links on your page that contain “http://” in them instead of “https://”, this lock may appear yellow and provide a minor warning.
Prerequisites - you must have OpenSSL installed:
yum -y install openssl openssl-devel
apt-get -y install libssl0.9.8
Generate RSA (private) key
openssl genrsa -out domain.com.key 2048
Create a CSR
openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
Verify your CSR
openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr
Submit your CSR
Send CSR to an SSL authority for certificate retrieval
Where you install the certificate depends entirely on which host you are installing it on, and for what software. For use with a website on a basic Apache webserver installation you will need to locate and open the configuration file for your website:
Once open, simply add the following lines to your VirtualHost configuration for that website, filling in your particular site details.
Then reload your webserver configuration to complete the setup!
service apache2 reload
service httpd reload
If you want the website to work with both encrypted and non-encrypted traffic, you will need to have two virtual host entries, one for port 80 (non-SSL) and one for port 443 (SSL only). In the port 443 entry you must specify the ‘SSLEngine on’ in order for SSL to be properly engaged when a request for that website is received.
Requesting a Certificate from 100TB.com
Log in to https://cp.100tb.com
Navigate to Apps >> SSL >> Create New
Enter certificate contact details and paste the contents of your generated CSR code into the ‘CSR’ box. For ownership verification purposes, accepted emails are: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, or email@example.com.
Click Create SSL Certificate
- You will receive an email shortly afterwards with a confirmation link and further instructions on how to retrieve your certificate.