Knowledge Base

How to install a third-party SSL certificate

This article describes how to obtain and install a third-party SSL certificate on your A2 Hosting account.

Most A2 Hosting servers support Server Name Indication (SNI), which means SSL certificates do not require a dedicated IP address to work correctly. However, to ensure complete compatibility, you should consider purchasing a dedicated IP address. For more information about SNI support at A2 Hosting, please see this article.

Installing a third-party SSL certificate

You can install an SSL certificate from a third-party provider on your A2 Hosting account. There are two ways to do this:

  • You can purchase a brand-new SSL certificate. To do this, you must first generate a private key and Certificate Signing Request (CSR) in cPanel. You submit the CSR to the third-party provider, who then generates an SSL certificate and sends it to you.
  • If you have already purchased an SSL certificate from another provider for your domain, you can install it in cPanel. To do this, you must have the private key and SSL certificate. Some SSL certificates require a Certificate Authority (CA) bundle as well. (The CA bundle may also be called an Intermediate Certificate.)
Generate a private key and CSR

If you have not already purchased an SSL certificate from another provider, you must first generate a private key and Certificate Signing Request (CSR).

If you have already purchased an SSL certificate from a provider and have the private key (.key) file and SSL certificate (.crt) file, do not follow this procedure. You do not need to generate a private key or CSR. Follow the Install a private key procedure below instead.

To generate a private key and CSR, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the Security section of the cPanel home screen, click SSL/TLS Manager.
  3. Under Private Keys (KEY), click Generate, view, upload, or delete your private keys. The Private Keys page appears.
  4. Under Generate a New Private Key, confirm that the Key Size is set to 2,048 bits.
  5. In the Description text box, type a descriptive name for the key, such as SSL cert private key.
  6. Click Generate. cPanel generates and displays the private key. You are now ready to generate a Certificate Signing Request (CSR).
  7. Click Return to SSL Manager.
  8. Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests. The SSL Certificate Signing Request page appears.
  9. Under Generate a New Certificate Signing Request (CSR), in the Key list box, select the description for the private key you generated in step 6.
  10. In the Domains text box, type the domain that you want to secure with the certificate.
    Make sure that you specify the correct domain name that you want to secure. A2 Hosting recommends that you use the www.example.com domain form, because then the certificate works with both https://www.example.com and https://example.com. (Do not add https:// to the domain name in the Domains text box.)
  11. Complete the remaining fields for the CSR.
  12. To create the CSR, click Generate. cPanel generates and displays the CSR.
  13. Copy the CSR text and submit it to the third-party SSL provider. When you receive the SSL certificate from the provider, you are ready to enable SSL for your web site. Go to the Install the certificate and activate SSL procedure below.
Install a private key

If you have already purchased an SSL certificate from another provider and you have the private key and certificate, you must first install the private key using cPanel.

If you are purchasing a brand-new certificate and just completed the procedure above to generate a CSR, do not follow this procedure. Follow the Install the certificate and activate SSL procedure below after you receive the certificate from the provider.

To install a private key, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the Security section of the cPanel home screen, click SSL/TLS Manager.
  3. Under Private Keys (KEY), click Generate, view, upload, or delete your private keys. The Private Keys page appears.
  4. Under Upload a New Private Key, upload the key using one of the following methods:
    • Paste the key text in the Paste the key below text box, type a description in the Description text box, and then click Save.
    • Alternatively, click Browse, select the .key file on your computer, type a description in the Description text box, and then click Upload.
  5. Click Go Back.
  6. Click Return to SSL Manager.
  7. You are now ready to install the certificate and enable SSL for your web site. Go to the Install the certificate and activate SSL procedure below.
Install the certificate and activate SSL

At this point, you should have a private key installed and a certificate from the third-party provider. (You may also optionally have a CA bundle.) If so, you are ready to install the certificate and activate SSL for your web site.

If you have a multi-domain SSL certificate, you must follow the procedure below and install the certificate for each domain that you want to secure. Additionally, the server must be running CentOS 6, which supports Server Name Indication (SNI).

To do this, follow these steps:

  1. From the SSL/TLS Manager page, under Certificates (CRT), click Generate, view, upload, or delete SSL certificates. The Certificates page appears.
  2. Under Upload a New Certificate, upload the certificate using one of the following methods:
    • Paste the certificate text in the Paste your certificate below text box, type a description in the Description text box, and then click Save Certificate.
    • Alternatively, click Browse, select the .crt file on your computer, type a description in the Description text box, and then click Upload Certificate.
  3. Click Go Back, and then click Return to SSL Manager.
  4. Under Install and Manage SSL for your site (HTTPS), click Manage SSL sites.
  5. Under Install an SSL Website, click Browse Certificates, select the certificate you want to use, and then click Use Certificate. cPanel fills in the Certificate (CRT) and Private Key (KEY) fields automatically.
  6. In the Domain list box, select the domain you want to secure with the certificate.
  7. If your SSL certificate requires a CA (Certificate Authority) bundle, paste it under Certificate Authority Bundle (CABUNDLE). Otherwise, leave this field blank.

    Not all SSL certificates require a CA bundle (which is also sometimes called an Intermediate Certificate). If you are unsure whether your certificate requires a CA bundle, contact the certificate provider.
  8. Click Install Certificate. cPanel installs the certificate on the server and enables SSL. When the process is complete, you receive an SSL Host Successfully Installed message.
  9. Click OK. You can now securely access the specified domain by using the https:// prefix in a web browser. If you need further assistance, please open a support ticket with our Guru Crew on the Customer Portal at https://my.a2hosting.com.