Author Topic: Tutorial: Install SSL Certificate on Shared IP Domain  (Read 3271 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Tutorial: Install SSL Certificate on Shared IP Domain
« on: October 18, 2015, 09:22:06 AM »
If you will follow this tutorial I assume you already bought an SSL Certificate (I used COMODO Positive SSL from NameCheap.com for this tutorial) and you just need to install it. Also, I assume that your server is functioning properly.

1) Go to SSL Generator ("Security" - "SSL Generator"), fill in the form with your info (only english symbols).
If you want self signed certificate (not the one bought and signed by proper SSL Authorities like COMODO), then you tick the box that says “Generate Self Signed Certificate (It will display browser warnings)". The certificate will do as it says - will display browser warnings, and it’s not for general/public use. (If you do need self signed certificate, then after generating it jump to STEP 8). You don't need to tick that box if you're installing purchased SSL Certificate.

Press “Generate”. You will get 2 text paragraphs. One starting “-----BEGIN CERTIFICATE REQUEST-----“ and other starting "-----BEGIN PRIVATE KEY-----". Copy them both to a new text file. You might need them later.

2) Copy just the first one, that starts with "-----BEGIN CERTIFICATE REQUEST-----" and go activate/sign it at your Certificate Authority page, where you bought a certificate, following the steps they provide. They will ask you to approve it (I did it by email), and then they will send you a .zip file with .crt and bundle files inside the archive. Download archive to your computer and unzip it. There will also be a text version of .crt file in an email you receive, but we won't need it.

3) Go to SSL Cert Manager, press on “Location of Certificate files” link. That will open File Manager of certs directory. You can use that manager to do the next steps, or you can connect to that directory (/etc/pki/tls/certs/) via FTP, as I did. Upload both new files that you got from COMODO to that directory.

4) Rename your 2 new uploaded files to the same name structure that the other files beginning with "yourdomain.com" are ("yourdomain.com.cert"; "yourdomain.com.csr"). Your new files should be like that - "yourdomain.com.crt" and "yourdomain.com.bundle".

5) If you look at File Manager now (refresh the page), you will see that .cert file is pointing (—>) to .crt file in the same directory. The pointing destination file should be exactly the same name as our new file that we just renamed.

6) Find the .key file. In my case I found it generated back in directory called “private” (/etc/pki/tls/private/), copy it to certs directory (download and upload to that directory). Make sure the name structure of that file is the same as others ("yourdomain.com.key").

7) At this point you should have 5 files showing in the File Manager/FTP directory beginning with your domain name: .bundle; .cert; (pointing to .crt); .crt; .csr; and .key;. They all should have the same default name structure of those first 2 files that were generated for you. For example: yourdomain.com.* (* is the ending of a file e.g crt). If they wont mach - it might not work or you might have to specify the location of .key or other files in your "vhost-ssl.conf" (the link to it is shown on SSL Cert Manager page).

8 ) Press this link in SSL Cert Manager: Location of Apache vHost file /usr/local/apache/conf.d/vhosts-ssl.conf. Clear everything in it and save (if you don't have any other SSL certificates already installed).

9) Go to "SSL Cert Manager" - "Install SSL Certificate" tab. Choose certificate yourdomain.com.cert (NOT .CRT!), choose user (usually that's the default one you created, if you are managing single user server), then add the path to your domain's root directory. In my case I just added "/yourdomain_com" to "public_html" that was already typed in there (this is the way I add my domains in default user account - my domain path of root directories leads to public_html, and the root directories have this kind of name structure - yourdomain_com).
Then enter domain name (yourdomain.com), IP (Shared IP) and Port (443) should be ok (I'm assuming your'e doing this on shared IP just like me, as I still couldn't find out how to set up a domain with separate IP, and no one is answering to my posts in this forum. I guess I might have to create new account for every IP that I want to use...).
Then click "Install SSL".
There might be some errors, and apache might not start at this point. I did it 6 times to make this tutorial, and I'm still not sure how it actually works. I don't know why they did it so complicated...

9) Reboot server.

10) Test the SSL with the button listed under "Domain" tab, hopefully it will work and you will have SSL running. If not, then try pressing "Reload Apache", "Restart Apache" and if you still see error, then restart whole system again.

If you delete that SSL, you might see errors again, but if it was installed correctly there shouldn't be any.


I hope that worked for you, as I did spent 2 sleepless days and nights figuring it out.
If it did worked for you, then you can use this tutorial to install SSL Certificates on other domains too.

This tutorial is just a suggestion of how to install SSL Certificate on domain that is using Shared IP, in Centos Web Panel. I do not take any responsibility for any outcome of using this tutorial.

Have fun!
M.B.
« Last Edit: October 18, 2015, 09:53:50 AM by Mamas »

Offline
*
Re: Tutorial: Install SSL Certificate on Shared IP Domain
« Reply #1 on: October 10, 2017, 02:28:30 PM »
I've managed to create PositiveSSL comodo in CWP
now how to change http to https in CWP
thank you