Installation Knowledge Base

How to Install an SSL/TLS Certificate In Microsoft Exchange 2010 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2010. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy your certificate Copy your Primary Certificate to your Exchange Server’s desktop. Select Exchange Management Console Open the Start menu, go to Programs, select Microsoft Exchange 2010 and then choose Exchange Management Console. Select Server Configuration Click the Manage Databases link, then select Server Configuration. Select Complete Pending Request Find your certificate on the menu in the center of the screen, then click Complete Pending Request in the Actions menu.   Open your certificate Find your certificate file, then select Open, then Complete. Note: Exchange 2010 sometimes gives an error message, “The source data is corrupted or not properly Base64 encoded.” Hit the “F5” key to refresh and make sure it says “False” under “Self-Signed.” If it does still say true, you may need to regenerate your CSR on the current Exchange 2010 Server, or reissue your certificate. Enable your certificate Next you will need to enable your certificate, go back to the Exchange Management Console and select Assign Services to Certificate. Select your server Select your server, then click next. Choose your services Choose the services for which you would like to enable your new certificate: Next > Assign > Finish Note: If you prefer to install your certificate using Exchange Powershell, just run the following command where just the desired services are specified by the Enable-ExchangeCertificate segment of the command: Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\your_domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS,POP,IMAP,SMTP” Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Microsoft Exchange 2007 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2007. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy and save your certificate on your Exchange Server. Connect to your Exchange Server via FTP and copy your SSL Certificate File onto your Exchange Server’s desktop. Select Exchange Management Shell From the Start menu, choose MS Exchange Server 2007, then select Exchange Management Shell. Run the Import and Enable commands together Run the Import-ExchangeCertificate and Enable-ExchangeCertificate commands together: Import-ExchangeCertificate -Path C:\newcert.p7b | Enable-ExchangeCertificate –Services “SMTP, IMAP, POP, IIS” Note: Both commands are run on the same line, divided by a “pipe” character. Verify the certificate has been enabled To verify whether or not the certificate has been enabled, run the following command: C:\> Get-ExchangeCertificate -DomainName your.domain.name Note: In the Services column, SIP and W are abbreviations for “SMTP,” “IMAP,” “POP3” and “Web (IIS). If the Certificate is not properly enabled, run the Enable-ExchangeCertificate command line again by copying the thumbprint of your certificate as shown below: Enable-ExchangeCertificate -ThumbPrint [paste] -Services “SMTP, IMAP, POP, IIS” Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions Select Run Open the Start menu, select Run… Access mmc Type mmc, click OK. The Microsoft Management Console window should open. Select Add/Remove Snap-In Select the File menu, choose Add/Remove Snap-In. Add a Certificate Click Certificates, then Add. Select the correct account Select the correct computer account, then Next. Choose Local Computer Choose Local Computer, then click Finish. Click OK Click OK to close Add/Remove Snap-Ins. Expand the Certificate folder In the Console window, expand Certificates. Import your intermediate certificate Right-click on Intermediate Certification Authorities, hover over All Tasks, then select Import. Click Next The Certificate Import Wizard should appear, click Next. Select Browse Select Browse and locate the Intermediate Certificate file. Change the extension to PKCS #7 Change the extension filter in the bottom right corner to: PKCS #7 Certificates (*.spc;*.p7b). Open the Certificate File Select the Certificate File and click Open. Click Next Choose Next. Click Place All Certificate in the Following Store Click Place All Certificate in the Following Store. Select Browser Select Browser, choose Intermediate Certification Authorities, then click Next. Select Finish Select Finish.  

How to Install an SSL/TLS Certificate In Media Temple (GRID) The following instructions will guide you through the SSL installation process on Media Temple (GRID). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to Media Temple Log in to Media Temple and view your Account Center. Select your domain Click Domains in the navigation bar and select the appropriate domain name you would like to secure. View your GRID Access your GRID Control Panel. Note: The list of configuration options can vary depending on if you selected the “primary domain” under your account. Choose “Primary Domain” or “Alternative Domain” For securing the Primary Domain, scroll domain to Add-Ons and select SSL Certificate. For securing alternative domains (meaning, not your Primary Domain), scroll domain to Alternative Domain Admin and select SSL Certificate. Import certificate In the configuration page, click Import Certificate. Input your certificate files Copy and paste your Certificate Files into the appropriate text box(s). Key – This is your private key that was created during the generation process. Note 1:Leave this text box blank if you previously created the Certificate Signing Request (CSR) and private key in your Account Center. Media Temple will auto-fill the appropriate key file. Note 2: If you made the CSR and private key outside of your Media Temple account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Certificate – This is your server certificate that was issued to your domain(s). Note:If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“. CA/Chain Certificate – This is your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate.Note 1:If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path. Note 2: If you forgot to save these files, download the appropriate CA/Chain Certificate for your certificate. Save your certificate files Once you have inputted all of the certificate files into the appropriate boxes, click Save. Note: It could take Media Temple up to 24 hours to finish configuring your SSL certificate on your live site. Please feel free to contact your host if this process takes longer than usual.   Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate in Mac OS X El Capitan (v.10.11) The following instructions will guide you through the SSL installation process on Mac OS X El Capitan (v.10.11). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch the server app Launch and access the Mac OS El Capitan (v10.11) Server App. Select Keychain Access From the Finder window, under Favorites, select Applications, then Utilities, and click Keychain Access. Select system From the Keychain Access window, under Keychains, select System. Move the Intermediate Certificates Drag-and-drop the Intermediate Certificates (.cer or .crt) file into the System folder. Modify Keychain Enter the Administrator’s Password and click Modify Keychain.  Open the Server application From the Finder window, under Favorites, select Applications and then Server. Choose the correct server name From the Server App window, under Choose a Mac, select one of the following options to determine which server to install the SSL Certificate on: To install the SSL Certificate on thecurrent server: Click This Mac – YourServerNameand click Enter the Administrator Nameand Password and click To install the SSL Certificate on another server: Click Other Mac – YourOtherServerNameand click Enter your Host Name and IP Address. Enter the Administrator Name and Passwordand click Access your Certificates section From the Server App window, under the Server section, click Certificates.  Select your Pending certificate From the Certificate page, select the Pending certificate that you created during the CSR generation process. On the resulting Certificates page, you will see a box titled “Drag files received from your certificate vendor here”, drag-and-drop Your Server Certificate (.crt or .cer) into this box and click Ok. Go back to the main Certificates page From the Server App window, under Server, click Certificates. Select the Custom option On the Certificates page, click the Secure services using drop-down menu, and select Custom. Assign Your Server Certificate From the Service Certificates window, in your Certificate List, choose Your Server Certificate for each service you’d like to use the SSL Certificate for. It is recommended that you select all services that are used for communications (e.g. file sharing, mail, websites, etc.), then click OK. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In LiteSpeed The following instructions will guide you through the SSL installation process on LiteSpeed. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Add a new Listener In your LiteSpeed WebAdmin console, click Listeners and then Add. Configure the new Listener Use the following Address Settings to configure the newly created Listener: Listener Name– Enter the internal friendly name for your Listener. IP Address– Select Any from the dropdown unless you want to bind the Listener to a particular CPU. In that case, enter the unique IP-port combination. Port – Most HTTPS connections are managed through port443 by default. However, if you have other Listeners operating on that port, this may cause an issue and require you to use another port such as 8443. Secure – Select Notes – Add any internal notes that will help you distinguish the Listener in the future. Click Select your Listener From your WebAdmin console, click Listeners and select your Listener Name (for our example, we chose to name the Listener “SSL”). Select the SSL tab Once you’re on the SSL tab under your newly created Listener, click the Edit button on the SSL Private Key & Certificate section. Configure the filepaths Use the following instructions to properly configure your Certificate filepaths as shown below: Private Key File –This is the path to your private key that was previously saved on your directory during the generation process via OpenSSL. Certificate File– This is the path to your server certificate that the CA sent you. You should already have this saved locally or in your server directory.Only complete one of the two options below to successfully install the intermediate certificates: CA Certificate Path – This is the path to the intermediate certificate “file” that the CA sent you. CA Certificate File– This is the path to the “directory” holding the intermediate certificates that the CA sent you. Click Return to the SSL tab Once you’re back on the SSL tab under your Listener, click the Edit button on the SSL Protocol section. Select “Protocol Version” For Protocol Version, select TLSv1.1 and TLSv1.2 and then click Save. Select your Listener Now, from your WebAdmin console, click Listeners and select your Listener Name (e.g. SSL). Select the General tab Under your selected Listener, select the General tab and click the Add button on the Virtual Host Mappings section. Select the Virtual Host In the Virtual Host Mappings section of your General tab, select the Virtual Host you want to connect the Listener to from the drop-down menu. Enter all the Domains(s) Once you have the appropriate Virtual Host selected, enter all of the Domains that connect to your vhost(s) – this tells OpenLiteSpeed where to send traffic this listener picks up – and click Save. Note 1: If you have multiple domains in the certificate that connect to the vhost, use a comma “,” to separate the additional domains. Note 2: If you have one vhost and configured the server to disregard other vhosts, you can enter an asterisk “*” as the domain.  Restart Navigate to your Dashboard by selecting “Dashboard” from the left-hand side menu. Once on your Dashboard, click the green Graceful Restart button. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate in Jetty Java HTTP Servlet Web Server The following instructions will guide you through the SSL installation process on Jetty Jave HTTP Servlet Web Server. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Convert your certificate files You can easily convert your PEM (.cer or .crt) to PKCS#7 (.p7b) Format. You can easily do this on your own system by running below OpenSSL command. openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer Import the certificate Once your certificate is in PKCS#7 (.p7b) Format, you’ll need to add the certificate file to your keystore by running the following command: keytool -import -alias [enter_alias_name]  -trustcacerts -file [enter_certificate_filename].p7b -keystore  [enter_keystore_name] Note 1: Enter the same alias name and keystore name that was used when generating the private key and Certificate Signing Request (CSR). Note 2: If you receive Error Message: “java.lang.Exception: Input not an X.509 certificate”, double-check the alias/keystore name entered and the format of the certificate. You may still be using the PEM (.cer or .crt) format and not the correct PKCS#7 (.p7b) format. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. How to Fix “certificatessxception: Input not an X.509 certificate” Error If you receive the error message “certificatessxception: Input not an X.509 certificate”, please follow these alternative Installation Instructions below: Import the intermediate certificate Using the PEM (.cer or .crt) formatted certificate, import the Intermediate Certificate into your keystore by running the following command: keytool -import -alias intermediate  -trustcacerts -file intermediate_file_name -keystore [enter_keystore_name] Import the server certificate Using the PEM (.cer or .crt) formatted certificate, import Your Server Certificate into your keystore by running the following command: keytool  -import -alias [enter_alias_name] -trustcacerts -file server_certificate_file_name  -keystore [enter_keystore_name] Verify the keystore contents Verify the Contents of the keystore by running the following command: keytool -list -v -keystore  your_keystore_filename  >output_filename.txt Enter your password Enter your keystore password. View the Output File View the Output File.Note: Your Server Certificate will be imported into the alias by the “Entry Type” of the specified “PrivateKeyEntry”. Edit the Jetty Connector Edit the Jetty Connector to point to the keystore and password: <Call name=”addConnector”> <Arg> <New class=”org.mortbay.jetty.security.SslSocketConnector”> <Set name=”Port”>8443</Set> <Set name=”maxIdleTime”>30000</Set> <Set name=”keystore”><SystemProperty name=”jetty.home”  default=”.” />/etc/keystore</Set> <Set name=”password”>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> <Set name=”keyPassword”>OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name=”truststore”><SystemProperty name=”jetty.home”  default=”.” />/etc/keystore</Set> <Set name=”trustPassword”>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> </New> </Arg> </Call> Note 1: Reference Jetty Configuring Setting for a correct configuration. This Jetty Configuration documentation will also address how to set your SSL/HTTPS Ports and redirect HTTP to HTTPS. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In F5 BIG IP (version 9) The following instructions will guide you through the SSL installation process on F5 Big-IP Load Balancer V9. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Launch the GUI Launch your F5 Big-IP Web GUI. Select “SSL Certificates” The SSL Certificates option is listed under Local Traffic. Select your certificate’s name Your certificate’s name will be listed under General Properties. Select your .crt file This is the yourdomain.crt file that you received from the issuing CA. Open and import Once you’ve located your .crt file, you need to select Open, then Import. Install your intermediate certificates To enable the intermediate certificates, return to the Web GUI, and under Local Traffic, select SSL Certificates. Choose Import. In Import Type, choose Certificateand Create New. Name your Intermediate Certificate. Find the CA bundle that includes your intermediate, click Open, then Import. Enable your SSL To enable the SSL certificate, create or open an SSL Profilefor your Certificate. Choose Configuration, then select Advanced. Select the Server Certificateyou installed from Steps 1-5. Under Chain, find the Intermediate Certificate you imported from Step 6, then select Save. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In F5 BIG IP (version 8 and lower) The following instructions will guide you through the SSL installation process on F5 Big-IP Load Balancer V8 or Earlier. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions 1.Transfer your certificates The first step is to transfer your Server Certificate and Intermediate Certificate(s) on to the Big-IP device. Rename your server certificate If your server certificate has any underscores in the name, you will need to replace all underscores with periods. Copy your server certificate Your server certificate will need to be copied to: /config/bigconfig/ssl.crt/folder Copy your intermediate certificates Your intermediate certificate(s) will need to be copied to: /config/bigconfig/ssl.crt/folder Restart your proxy You can restart your proxy by using the following command: # bigpipe proxy <IP Address>:443 disable # bagpipe proxy :443 enable Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In cPanel 11.x The following instructions will guide you through the SSL installation process on cPanel (Paper-Lantern Theme Modern). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to cPanel The first step is to login to your cPanel account, this can typically be accessed by going to https://domain.com:2083 Note: You may encounter an error message “Your connection is not private” or something similar when attempting to visit your cPanel login page. This is caused due to your login page using a self-signed certificate by default. Please disregard this and proceed past the error message. After navigating to your cPanel login page, enter your Username/Password and click Log in. Your cPanel Homepage should look like this: Note: Older versions such as X3 Theme-Classic may not look like the image above, but should still contain the same concept and category structure. Navigate to the SSL/TLS Manager You can access your SSL/TLS Manager page by scrolling down to the Security section and selecting the SSL/TLS button. Note: You can also navigate to the SSL/TLS Manager page by utilizing the Search Feature at the top right of the cPanel home page and searching for “SSL”.  Select “Manage SSL Sites” Your SSL/TLS Manager page will allow you to manage everything related to SSL/TLS configuration for cPanel. The “Manage SSL Sites” Hyperlink is located underneath “Install and Manage SSL for your site (HTTPS)” shown below. Select your domain Change the Domain drop-down to the appropriate domain name that you want to install your SSL certificate on. Copy and paste your certificate files Once you have your domain selected, you just need to copy and paste your individual certificate files into the appropriate text box(s) pictured below. Certificate (CRT) – This is your server certificate that was issued to your domain(s). Note 1:cPanel should automatically fetch the Certificate (CRT) text if you previously uploaded the server certificate in the “Generate, view, upload or delete SSL certificate” section of your SSL/TLS Manager and selected the correct domain name above in the dropdown. Note 2: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“. Private Key (KEY)– This is your private key that was created during the generation process. Note 1: cPanel should automatically fetch the Private Key (Key) text if you previously created the Certificate Signing Request (CSR) in the “Generate, view, or delete SSL certificate signing requests” section of your SSL/TLS Manager and selected the correct domain name above in the dropdown. Note 2: If you made the CSR and private key outside of your cPanel account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Certificate Authority Bundle (CABundle) – This is your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate. Note 1:cPanel should automatically fetch the CA Bundle from a public repository. If not, download the appropriate CA Bundle for your certificate. Note 2: If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path. Click “Install Certificate” Once you have the correct certificate files in the appropriate text boxes, simply click the blue “Install Certificate” button. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. Note 1: You are not required to “Enable SNI for Mail Services.” Server Name Indication (SNI) should only be used if multiple hostnames are being served over HTTPS from the same IP address. Note 2: You or your web host may need to restart the Apache server before the certificate will work. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions If the intermediate certificates did NOT get successfully installed and configured after completing the above instructions, please reference the instructions below on how to manually install them directly in Apache. If you do not have access to your Apache server, please contact your web host or system administrator for additional assistance. Locate the Virtual Host File The Virtual Host File , this can typically be accessed in the /etc/httpd/conf/httpd.conf file. Note: The location and name of this file can change from server to server depending on your configuration. Another popular name for the file is “SSL.conf”. View the Virtual Host File View the Virtual Host configuration with the proper name & IP address (including port 443). Edit the Virtual Host File Edit your Virtual Host configuration by adding the bolded YourIntermediateCertificate file below: <VirtualHost 192.168.255.255:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile  /path/to/YourIntermediateCertificate.crt </VirtualHost> Note: Make sure you type the correct file path and name where you plan on saving the intermediate

How to Install an SSL/TLS Certificate In Citrix Secure Server The following instructions will guide you through the SSL installation process on Citrix Secure Server. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. 2.Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Determine your Microsoft IIS version Different versions of Microsoft IIS have varying steps for completing SSL installations. Please reference the table below if you do not know what version of IIS you are running: Your Operating System IIS Version Windows Server 2003 6 Windows Vista and Windows Server 2008 7 Windows 7 and Windows Server 2008 R2 7.5 Windows 8 and Windows Server 2012 8 Source: https://support.microsoft.com/en-us/kb/224609 Select the appropriate instructions Upon determining what version of IIS you are running, select the appropriate set of SSL Installation Instructions below: Microsoft IIS 6.x Microsoft IIS 7.x Microsoft IIS 8.x The reference instructions above will help you successfully install the SSL certificate. Afterwards, check your work by visiting the website in your browser at https://yourdomain.tldhttps://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.