How to install Sectigo SSL on cPanel
Credit card numbers, medical details, and other sensitive information are transmitted only after being converted into a secure code. It uses encryption algorithms to scramble the data during transit, which prevents hackers from gaining access to it.
Domain authentication reassures site users that they're interacting with the site identified in the URL bar. Without SSL, online transactions would be vulnerable to interception by unauthorized parties.
SSL is commonly used to protect communications between web browsers and servers. However, it is also used for server-to-server communications and for web-based applications.
Installing SSL on cPanel
For installing the SSL service on cPanel, the below steps must be followed:
- Creating an email account under the domain name
- Generating the CSR
- Sending CSR to the CA Company
- Domain Control Validation
- Download and install the Certificate
Create an email account under your domain name
As the first step, we will create an email account to set this account as the base email address for configuring the SSL certificate. This email address will be used for receiving the verification emails and the certificate which will be sent from the Certificate authority (CA). Also, we will use this email account when we want to generate the CSR code.
- For creating the email account, log in to cPanel and, click on the Email Accounts option in the EMAIL section.
- Then click on the +Create button.
We have to create an email account named admin, or administrator, or webmaster, or postmaster or, hostmaster.
In this tutorial, we create an email account with the name 'admin'. Enter the username (admin), generate a password and, click on the '+Create' button.
Generate the CSR (Certificate Signing Request)
A CSR is a block of encoded text that is given to the CA company when applying for an SSL Certificate. The CSR contains information that will be included in the certificate such as:
- the organization name
- domain name
It also contains the public key that will be included in the certificate.
For generating the CSR,
- find the Security section in cPanel main page and click on the SSL/TLS option
- In SSL/TLS page click on the Certificate Signing Requests (CSR) option.
- Fill the required information in the CSR generation form and click on the Generate button.
Key: It is better to select the default value (2,048 Bit). If you select the 2048-bit key, a completely new Private Key will be generated.
- In the Domains text box, enter the domain name of the website that the certificate will secure (common name).
- The common name for all Wildcard certificates should be represented with an asterisk in front of the domain (*.domain.com).
- To create your CSR code for multiple domains, enter each domain in a new line.
City/State: Enter the complete name of your city and state (or region) in related boxes.
Country: Select your country from the drop-down list.
Company: Enter the officially registered name for your business. Also, you can enter the domain name without the extension.
Email: We will use the email account that we created in the previous step.
Click on the Generate button. The next page will show the newly generated CSR code. You can now use the Encoded Certificate Signing Request to activate the certificate.
Sending CSR to the CA Company
At this step, we have to send the generated CSR and the contact information to the CA company by filling a form.
In order to access the mentioned form,
- Login to your client area in MonoVM website, and select the purchased Sectigo or PositiveSSL service in your service’s list
- After selecting and opening the service page, click on the Submit Certificate Request button.
- In the next page, we have to copy and paste the generated CSR in the relavant text box and click on "Submit CSR" after completion.
Domain Control Validation
A Domain Control Validation (or DCV) must be completed before issuing an SSL certificate in order to verify the person making the request is in fact authorized to use the domain related to that request.
By clicking on Submit CSR button, a new page will appear.
On this page we can define an email account as the main account for receiving the validation email.
Also, we can check the generated CSR details. We select the created email account via the drop-down menu and click on the Submit Validation Request button. By clicking on this button we will receive a validation email in the predefined email address.
Note: Receiving the validation email may take upto a few minutes to an hour.
Now let's go and check the received email.
After receiving the Domain Control Validation email, click on the portal link and enter the validation code.
Download and install the Certificate
After submitting the validation code the CRT file will be accessible on the service page.
Open the service page in Monovm client area > click on the Download CRT button > download the zip file which contains the CRT files.
After downloading the file, extract it.
Now we are going to install the certificate on cPanel. Login to cPanel once again and click on the SSL/TLS option via the Security section. In the SSL/TLS page click on Generate, view, upload, or delete SSL certificates option to open the certificate installation page.
On the next page, we can install the downloaded certificate. Click on the Choose File button and open the downloaded CRT file. Then click on the Upload Certificate button.
After saving the certificate we will be able to install the certificate. Click on Go Back option to go back to the previous page. We will be able to see that the certificate has already been added to cPanel.
Click on install.
By selecting the install, the Certificate: (CRT), Private Key (KEY) and, Certificate Authority Bundle: (CABUNDLE) boxes will fill automatically.
Click on the Install Certificate button to complete the SSL installation steps.
Now we have completed the SSL installation and our website can be redirected to https so it will be loaded with the security protcol.
Open your website, click on the lock sign beside the URL bar, and select the Certificate option. We can check the certificate information in the opened box.