Manage the Domain SSL Certificate

PSA enables you to upload a Secure Socket Layer (SSL) Certificate, generate a Certificate Signing Request (CSR), generate a Self-signed Certificate, and/or purchase a SSL certificate through a registered certificate authority. Each certificate represents a set of rules used when exchanging encrypted information between two computers. Certificates establish secure communications; this is especially important when handling e-commerce transactions and other private transmittals. Only authorized users can access and read an encrypted data stream.

Notes on Certificates:

• In order to use SSL certificates for a given domain, the domain MUST be set-up for IP-Based hosting.

• When an IP-based hosting account is created with SSL support, a default SSL certificate is uploaded automatically. However, this certificate will not be recognized by a browser as one that is signed by a certificate signing authority.

• The default SSL certificate can be replaced by either a self-signed certificate or one signed by a recognized certificate-signing authority. The self-signed certificate is valid and secure, but many clients prefer to have a certificate signed by a known Certificate Signing Authority.

• If using a SSL certificate issued by a certificate authority other than Thawte or Verisign, a rootchain certificate is required to appropriately identify and authenticate the certificate authority that has issued your SSL certificate.

• If the given domain has the www prefix enabled, you must set-up your CSR or self-signed certificate with the www prefix included. If you do not, you will receive a warning message when trying to access the domain with the www prefix.

• Remember to enter your certificate information in PEM format. PEM format means that the RSA Private Key text must be followed by the Certificate text.

• All certificates are located in the ../vhosts//cert/httpsd.pem file. Where this directory reads , you must enter the domain name for which the certificate was created.

To generate a self-signed certificate or a certificate-signing request, follow these steps:

1. If you have established an IP based hosting account with SSL enabled, the CERTIFICATE button at the Domain Administration page will be enabled.

2. Click the CERTIFICATE button. The SSL certificate setup page appears.

3. The Certificate Information: section lists information needed for a certificate Request, or a Self-Signed certificate.

4. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop down box next to Bits:.

5. To enter the information into the provided text input fields (State or Province, Locality, Organization Name and Organization Unit Name (optional)) click in the text boxes and enter the appropriate name.

6. To enter the Domain Name for the certificate, click in the text box next to Domain Name: and enter the appropriate domain.

7. The domain name is a required field. This will be the only domain name that can be used to access the Control Panel without receiving a certificate warning in the browser. The expected format is www.domainname.com or domainname.com.

8. Click on either the SELF-SIGNED or REQUEST button.

9. Clicking SELF-SIGNED results in your certificate being automatically generated and installed.

10. Selecting REQUEST results in the sending of a certificate-signing request (CSR) to the email address you provided in the fields discussed above. When a CSR (certificate signing request) is generated there are two different text sections, the RSA Private Key and the Certificate Request. DO NOT LOSE YOUR RSA PRIVATE KEY. YOU WILL NEED THIS DURING THE CERTIFICATE INSTALLATION PROCESS. LOSING IT IS LIKELY TO RESULT IN THE NEED TO PURCHASE ANOTHER CERTIFICATE.

11. When you are satisfied that the SSL certificate has been generated or the SSL certificate request has been correctly implemented, click UP LEVEL to return to the Domain Administration page.

To upload a file containing the certificate authorized by the Certificate Signing Authority:

1. Click the CERTIFICATE button at the Domain Administration page. The SSL Certificate page appears.

2. If you wish to upload a Certificate File authorized by the Certificate Signing Authority, click the BROWSE... button under the Upload previously bought Certificate File (without private key) section to select the file (the file must be in .txt format)

3. Then, click SEND FILE to copy the certificate to the server.

To upload a new certificate:

1. Click the CERTIFICATE button from the Domain Administration page. The SSL Certificate page appears.

2. If you wish to upload a certificate file from a local computer, under the Uploading Certificate File section, click the BROWSE... button to select the file (the file must be in .txt format).

3. Then, click SEND FILE to copy the certificate to the server. Or, if you want to type in the text of the certificate without downloading a specific file, click in the text box and enter and paste the certificate information.

4. Click SEND TEXT to implement the text on the server.

NOTE: Ensure that the private key text block is included along with the SSL certificate text block when using the SEND FILE or SEND TEXT options.

EXAMPLE FORMAT:

-----BEGIN RSA PRIVATE KEY -----

{[ECRYPTED BLOCK OF TEXT]}

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

{[ECRYPTED BLOCK OF TEXT]}

-----END CERTIFICATE-----

5. When you download the certificate to the server, PSA checks for errors. If an error is detected, PSA restores the old version of the SSL certificate, and PSA warns you to update the certificate. At this point, you can try again to enter text or to download the certificate file.

6. When you are satisfied that the SSL certificate is correctly implemented, click UP LEVEL to return to the Domain Administration page.

If you are using a certificate that has been signed by an authority other than Thawte or Verisign then it is likely that this will require the use of a rootchain, or CA, certificate. To install a rootchain certificate for the domain:

I. Click the CERTIFICATE button at the Domain Administration page. The SSL Certificate setup page appears.

2. The icon next to Use rootchain certificate for this domain appears on this page.

3. If the icon is (ON] then the rootchain certificate will be enabled for this domain. If the icon is (X] this function will be disabled.

4. To change the status of the rootchain certificate, click the ON/OFF button.

5. To upload your rootchain certificate, first make sure that it has been saved on your local machine or network. Use the Browse button to search for and select the appropriate rootchain certificate file.

6. Then click the SEND FILE button. This will upload your rootchain certificate to the server to assure proper authentication of the certificate authority.

7. When you are satisfied that the rootchain certificate is correctly implemented, click UP LEVEL to return to the Domain Administration page.