(WHM >> Home >> Service Configuration >> Manage Service SSL Certificates)
This interface allows you to manage certificates for your server's services. For example, you can manage certificates for the following services:
SSL certificates allow your web server to identify itself to the computers that access it.
You can use any of the following types of certificates to secure your server's services:
A self-signed certificate.
We recommend that you do not use self-signed certificates. They provide less security than certificates from a CA. Any server could claim to be your server with a self-signed certificate because they do not use a third-party verification system. To remedy this, use certificates from a CA, which verifies that users securely connect to your server.
For more information about how to generate or purchase a certificate, read our Generate an SSL Certificate and Signing Request documentation.
cPanel users may see a
cPanel, L.L.C. offers valid cPanel & WHM license holders a free signed certificate for the services on your server's hostname. This offer replaces the certificates for these services that meet any of the following conditions:
When the existing certificate meets any of these conditions, the server will order a replacement certificate when the
/usr/local/cpanel/scripts/upcp maintenance runs. The system will download and install that certificate when available. If the existing certificate expires before the replacement certificate is available, the system will install a self-signed certificate, and then replace it with the ordered certificate when available.
If you create the
The interface displays the following table, which lists the services on your server and the certificates for each service:
|Service||The service that the certificate secures.|
|Certificate Domains||The domain of the service that the certificate secures.|
The date on which the certificate expires.
|Certificate Key Size||The size of the key, in bits, that the system used to generate the certificate. Larger numbers result in certificates that provide more security.|
This option uninstalls the current certificate for the service and replaces it with a new self-signed certificate.
To reset a certificate, perform the following steps:
Click Reset Certificate next to the service for which to reset the certificate.
Click Proceed to generate and automatically install the certificate.
This option displays details about the installed certificate for the service:
|Domains||The domain of the service that the certificate secures.|
Information about the CA that issued the certificate.
|Key Size||The size of the key, in bits, that the system used to generate the certificate. Larger numbers result in certificates that are more secure.|
The date on which the certificate expires.
This option allows you to apply a certificate to multiple services. This is useful, for example, when you wish to apply a signed certificate for your server's main domain to other services on your server.
To apply a certificate to another service, perform the following steps:
The interface will scroll down to the Install a New Certificate section. Select the checkboxes for the services for which to apply this certificate.
WHM automatically enters the details of the Install a New Certificate text boxes with the certificate's information.
Click Install to install the certificate to the selected services, or click Cancel to cancel the operation.
If you replace a certificate from a CA with a self-signed one, users may see warnings because their client applications do not trust self-signed certificates.
This form allows you to install a new certificate that you can use to secure the services on your server.
To install a new certificate on your server, perform the following steps:
Click Use Certificate to use the certificate, or click Cancel to cancel the operation.
WHM automatically enters the certificate's information into the Install a New Certificate form.
Paste the contents of the Certificate file (
.crt) into the Certificate text box.
Click Autofill by certificate to search for the appropriate private key and CA bundle from cPanel's public CA bundle repository.
.key) into the Private Key text box.
.cab) into the Certificate Authority Bundle text box.
If you selected the
cpsrvd daemon, and the certificate has installed correctly, the interface will prompt you to restart the
cpsrvd daemon. Click Restart cpsrvd to restart the cPanel service daemon.
You must restart the
In cPanel & WHM version 64, we introduced support for the iOS® Apple® Push Notification service (APNs). Use this interface to manage the certificate and key that your server uses to communicate with APNs. For more information about how to install this certificate, read our How to Set Up iOS Push Notifications documentation.