Install an SSL certificate

The following is required to install the certificate:

certificate file and certificate bundle;
certificate key. The key is generated before ordering the certificate, and the CSR request is generated based on the key.
root access to the server.

Where do I get the data to install the SSL certificate?

The archive with data for SSL certificate installation is sent after the certificate is issued to the contact email, which you specified when registering at ispmanager.com .

You can also download the archive from your client area at ispmanager.com in the SSL certificates section.

Where do I get the private key?

If you did not enable the "Do not save the key in the system" option when ordering a SSL certificate, the key can be found in your client area in the SSL certificates .

If you have not saved the key for some reason, reissue the certificate using a new CSR request.

How do I install the SSL certificate on a VPS or a dedicated server?

Installing the SSL certificate via ISPmanager control panel

Enable SSL for the user who owns the domain: Users → select the user → Perm . button.
Sign in with that user’s account.
Enter WWW → SSL certificates → Add certificate button.
Specify the SSL certificate type "Existing" and fill in all fields:
SSL certificate name — the name of the certificate under which it will be displayed in the system. It may contain Latin letters, digits, dots, as well as _ and - characters.Certificate — the content of SSL certificate in PEM format.Certificate key — the content of SSL certificate key in PEM format.Certificate chain — contents of the SSL certificate bundle file in PEM format. The email from a certification authority usually contains an archive with two files — the certificate itself and the certificate bundle (a file with the .ca-bundle extension).
Note
The GlobalSign CA sends a chain file in PKCS7 format (.p7b extension). You can open this file in a text editor or convert it to PEM format.
Example command for converting
```
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
```
After adding the certificate, you can enable it for the website: WWW domains → select the domain → enable the Secure connection (SSL) option and select the SSL certificate.
Detailed check of the installed certificate is available at the following links:
- https://www.ssllabs.com/ssltest/analyze.html;
- https://www.sslshopper.com/ssl-checker.html .

Manual installation of the SSL certificate

To find out which web server handles SSL requests — Apache or Nginx, run the command:

netstat -napt | grep 443

Installing the SSL certificate on Apache

The certificate is installed in the Apache configuration file:

for Debian — /etc/apache2/apache2.conf;
for CentOS — /etc/httpd/conf/httpd.conf .

Add certificate data to the VirtualHost section of your domain:
Example of configuration
```
<VirtualHost 10.0.0.1:443> 
	DocumentRoot /var/www/user/data/www/domain.com 
	ServerName domain.com SSLEngine on 
	SSLCertificateFile /path/to/domain.crt 
	SSLCertificateKeyFile /path/to/domain.key 
	SSLCACertificateFile /path/to/ca.crt 
</VirtualHost>
```
Comments
domain.com — your domain name10.0.0.1 — IP address of the domain location/var/www/user/data/www/ domain.com — path to your domain’s home directory/path/to/domain.crt — the certificate file/path/to/domain.key — the certificate key file/path/to/ca.crt — the root certificate file
Reboot the Apache server:
Command for CentOS
```
apachectl restart
```
Command for Debian
```
apache2ctl restart
```

Installing the SSL certificate on Nginx

The certificate is installed in the Nginx configuration file:

Combine the SSL certificate, intermediate certificate and root certificate into one file your_domain.crt . You can find the certificate data in the email sent to your contact address after the certificate is issued. You can also download them together with the main certificate in your client area at ispmanager.com.
Example of file
```
-----BEGIN CERTIFICATE----- 
#Your certificate#
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
#Intermediate certificate#
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
#Root certificates#
-----END CERTIFICATE-----
```
Note
There should be no blank lines between certificates.
Create your_domain.key file and copy the contents of the private key into it.
Copy your_domain.crt and your_domain.key files into one directory. E.g., /etc/ssl/ .
Configure the server block in the Nginx configuration file as follows:
```
server {
       listen 443; 
       ssl on; 
       ssl_certificate /etc/ssl/your_domain.crt; 
       ssl_certificate_key /etc/ssl/your_domain.key; 
       server_name your.domain.com;
       }
```
Comments
/etc/ssl/your_domain.crt — path to the certificate file/etc/ssl/your_domain.key — path to the private key fileyour.domain.com — domain name
Note
If you want your website to work with both secure https and unprotected http connections, configure a separate server block for each type of connection.
Reboot the Ngnix server:
```
/etc/init.d/nginx restart
```

Documentation