Install My SSL Certificate

Required: This article is for customers that have already requested their SSL, downloaded their SSL files and are ready to install those files onto their server. If you haven’t done those things, here are some resources for you.

• If you have purchased an SSL certificate but have not requested it for your domain, go to Request my SSL certificate.
• If you're thinking about adding an SSL certificate to your site and want to learn about what it can do for you, take a look at Get an SSL certificate. 

After you've downloaded your certificate files, you can install them on your server.

 Note: If you do not see your server or specific OS version in this list, please refer to your server documentation to install your SSL and then Redirect HTTP to HTTPS automatically. Additionally, you may find third-party tools like Wappalyzer or DNSChecker or useful for identifying the server or specific operating system you are using.

If you're using Managed WordPress or Websites + Marketing, your SSL certificate is automatically installed for you.

 

SSL certificate installation instructions

 

Most popular servers

• cPanel

Not the right server type? Go back to the list of installation instructions 

After your certificate request is approved, you can download your certificate from the SSL manager and install it on your Web Hosting (cPanel) plan.

Required: Deluxe and extended validation (EV) certificates, as well as SSLs for

addon domains or subdomains must be installed manually.

 

 Note: Want Wurk to install and maintain your SSL for you? Consider purchasing a Managed SSL.

1. If you haven't done it already, download your certificate from the SSL manager and save the .crt file somewhere that's easy to find.
2. Go to your Wurk product page.
3. Select Web Hosting and then select Manage for the Web Hosting (cPanel) plan you're installing the SSL on.
4. Select cPanel Admin.
5. In the Security section, select SSL/TLS.
6. Under Certificates (CRT), select Generate, view, upload, or delete SSL certificates.
7. In the Upload a New Certificate section, select Choose File and navigate to the .crt file you downloaded in step 1. Select the file and then select Open.
8. If you want to, type a description of the certificate in the Description text box.
9. Select Upload Certificate.
10. When you get confirmation that the certificate has been saved, select Go Back.
11. At the bottom of the SSL Certificates page, select Return to SSL Manager.
12. Under Install and Manage SSL for your site (HTTPS), select Manage SSL Sites.
13. In the Install an SSL Website section, select Browse Certificates.
14. Select the certificate that you want to activate and select Use Certificate. This will auto-fill the fields for the certificate.
15. At the bottom of the page, select Install Certificate.
16. On the Successfully Installed pop up, select OK.

Your certificate is installed! Now you need to direct visitors to the secure version of your site by redirecting to HTTPS.

• Apache (CentOS)

Not the right server type? Go back to the list of installation instructions 

After your certificate request is approved, you can download your certificate   from the SSL manager and install it on your Apache server. If your server is running Ubuntu instead of CentOS, please see Manually install an SSL certificate on my Apache server (Ubuntu).

1. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_bundle.crt or similar) and primary certificate (.crt file with randomized name) into that folder.
• For security, you should make these files readable by root only.
2. Find your Apache configuration file.
• On default configurations, you can find a file named httpd.conf in the /etc/httpd folder.
• If you have configured your server differently, you may be able to find the file with the following command:

grep -i -r "SSLCertificateFile" /etc/httpd/

• /etc/httpd/ may be replaced with the base directory of your Apache installation.
2. Open this file with your favourite text editor.
3. Inside your httpd.conf file, find the <VirtualHost> block.
4. To have your site available on both secure (https) and non-secure (http) connections, make a copy of this block and paste it directly below the existing <VirtualHost> block.
5. You can now customize this copy of the <VirtualHost> block for secure connections. Here is an example configuration:

<VirtualHost xxx.xxx.x.x:443>

  DocumentRoot /var/www/coolexample

  ServerName coolexample.com www.coolexample.com

         SSLEngine on

         SSLCertificateFile /path/to/coolexample.crt

         SSLCertificateKeyFile /path/to/privatekey.key

         SSLCertificateChainFile /path/to/intermediate.crt

</VirtualHost>

• Don't forget the added 443 port at the end of your server IP.
• DocumentRoot and ServerName should match your original <VirtualHost> block.
• The remaining/path/to/... file locations can be replaced with your custom directory and file names.
6. First, run the following command to check your Apache configuration file for errors:

apachectl configtest

8. Confirm that the test returns a Syntax OK response. If it does not, review your configuration files.

 Warning: The Apache service will not start again if your config files have syntax errors.

9. After confirming a Syntax OK response, run the following command to restart Apache:

apachectl restart

 

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

• Apache (Ubuntu)

Not the right server type? Go back to the list of installation instructions 

After your certificate request is approved, you can download your certificate  from the SSL manager and install it on your Apache server. If your server is running CentOS instead of Ubuntu, please see Manually install an SSL certificate on my Apache server (CentOS).

1. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_bundle.crt or similar) and primary certificate (.crt file with randomized name) into that folder.
• For security, you should make these files readable by root only.
2. Find your Apache configuration file.
• On default configurations, you can find a file named apache2.conf in the /etc/apache2 folder.
• If you have configured your server differently, you may be able to find the file with the following command:

grep -i -r "SSLCertificateFile" /etc/apache2/

• /etc/apache2/ may be replaced with the base directory of your Apache installation.
2. Open this file with your favourite text editor.
3. Inside your apache2.conf file, find the < VirtualHost > block.
4. To have your site available on both secure (https) and non-secure (http) connections, make a copy of this block and paste it directly below the existing < VirtualHost > block.
5. You can now customize this copy of the < VirtualHost > block for secure connections. Here is an example configuration:

<VirtualHost xxx.xxx.x.x:443>DocumentRoot /var/www/coolexample

  ServerName coolexample.com www.coolexample.com SSLEngine on SSLCertificateFile /path/to/coolexample.crt SSLCertificateKeyFile /path/to/private key. Key SSL Certificate Chain File /path/to/intermediate.crt</VirtualHost>

• Don't forget the added 443 port at the end of your server IP.
• DocumentRoot and ServerName should match your original < VirtualHost > block.
• The remaining/path/to/... file locations can be replaced with your custom directory and file names.
6. First, run the following command to check your Apache configuration file for errors:

apache2ctl configtest

8. Confirm that the test returns a Syntax OK response. If it does not, review your configuration files.

 Warning: The Apache service will not start again if your config files have syntax errors.

9. After confirming a Syntax OK response, run the following command to restart Apache: apache2ctl restart

 

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

 

• Microsoft Exchange Server 2016
  
  

Not the right server type? Go back to the list of installation instructions. 

After you request the certificate in our online application and it's ready for installation, you must download the files we provide. 

First, you must install the intermediate certificate to your Microsoft® Exchange Server 2016. You also can download the intermediate certificate from the repository.

Then, to install the primary SSL certificate, you must complete the pending request, import the certificate file, and then select the services to which the certificate applies.

To Install an Intermediate Certificate in Microsoft Exchange Server 2016

1. Click Start, and then click Run....
2. Type mmc, and then click OK. The Microsoft Management Console (Console1) window opens.
3. In the Console1 window, click File, and then select Add/Remove Snap-in.
4. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
5. In the Computer Account window, select Computer Account, and then click Next.
6. In the Select Computer window, select Local Computer, and then click Finish.
7. In the Add or Remove Snap-ins window, click OK.
8. In the Console1 window, click + to expand the Certificates (Local Computer)folder on the left.
9. Right-click Intermediate Certification Authorities, mouse over All Tasks, and then click Import.
10. In the Certificate Import Wizard window, click Next.
11. Click Browse to find the intermediate certificate file.
12. In the Open window, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b), select the *_iis_intermediates.p7b file, and then click Open.
13. In the Certificate Import Wizard window, click Next.
14. Select Place all certificates in the following store, and then click Browse.
15. In the Select Certificate Store window, select Intermediate Certification Authorities, and then click OK.
16. In the Certificate Import Wizard window, click Next.
17. Click Finish.
18. Click OK.
19. Close the Console1 window, and then click No to remove the console settings.

To Install an SSL Certificate in Microsoft Exchange Server 2016

1. Log in to the Exchange Admin Centre. 
2. From the left menu, select Servers, and then click Certificates.
3. Select your certificate (it has a “Pending request” status), and then click Complete.
4. For File to import from, enter the certificate file path we provided (such as \\server\folder\coolexample.crt), and then click OK. Exchange installs your certificate.
5. In the Certificates section, select your certificate again (the status changed to “Valid”), and then click Edit (pencil icon).
6. Click Services, select the services to which the certificate applies (SMTP, UM, UM call router, IMAP, POP, and/or IIS), and then click OK. Your certificate is now ready to use with Exchange 2016.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

 

• Microsoft IIS 10

Not the right server type? Go back to the list of installation instructions. 

After your certificate request is approved, you can download your certificate from the SSL manager and install it on your IIS 10 server.

Convert your .crt file to a .cer file

1. Locate your downloaded .crt file, and double-click to open it.
2. Select the Details tab, and then the Copy to File button.
3. Select Next in the Certificate Wizard. 
4. Select Base-64 encoded X.509(.CER) and then select Next.
5. Select Browse, locate where you want to save your .CER file, and type in a name for your certificate.
6. Select Next and then Finished.

Copy your certificate files onto the server

7. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_iis_intermediates.p7b or similar) and primary certificate (.cer file that you just converted) into that folder.

Add a Certificate Snap-in to the Microsoft Management Console (MMC)

8. Click on your Start Menu, then click Run.
9. In the prompt, type mmc and click OK.
10. Click File, then click Add/Remove Snap-in.
11. On the new window, click the Add button.
12. On the new window, select Certificates and click Add.
13. Select Computer account for the snap-in and click Next.
14. Click Local computer and click Finish.
15. Click Close on the Add Standalone Snap-in window.
16. Click OK on the Add/Remove Snap-in window.

Import the Intermediate SSL Certificate

17. In the MCC Console, click ▸ to expand Certificates (Local Computer).
18. Right click on the Intermediate Certification Authorities folder, hover over All Tasks and click Import.
19. On the new window, click Next.
20. Click Browse, find your gd_iis_intermediates.p7b intermediate certificate file and click Open.
21. Click Next, verify that the certificate information is proper and click Finish.
22. Close the the import was successful notification.

Install your SSL certificate

23. Click on your Start Menu, then click Run.
24. In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
25. Under the Connections panel on the left, click on your Server Name.
26. In the main panel under the IIS section, double click on Server Certificates.
27. Under the Actions panel on the right, click Complete Certificate Request.
28. On the new window, click ... to browse, find your previously uploaded primary certificate file and click Open.
29. Add a Friendly name to easily identify this certificate in the future.
30. In the certificate store option, select Web Hosting and click OK.

Bind the SSL certificate

31. Under the Connections panel on the left, click ▸ to expand the Sites folder.
32. Click the Site Name that you plan to install the SSL certificate onto.
33. Under the Actions panel on the right, find the Edit Site section and click Bindings.
34. On the new window, click Add and fill out the following information:
• Type: select https.
• IP Address: select All Unassigned.
• Port: type in 443.
• Host name: leave this empty.
• SSL Certificate: select your recently installed SSL.
35. Click OK to confirm, then Close for the Site Bindings window.

Restart IIS (optional)

36. Under the Actions panel on the right, find the Manage Website section and click Restart.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved

 

• Microsoft IIS 8

Not the right server type? Go back to the list of installation instructions 

After your certificate request is approved, you can download your certificate  from the SSL manager and install it on your IIS 8 server.

Copy your certificate files onto the server

1. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_iis_intermediates.p7b or similar) and primary certificate (.crt file with randomized name) into that folder.

Add a Certificate Snap-in to the Microsoft Management Console (MMC)

2. Click on your Start Menu, then click Run.
3. In the prompt, type mmc and click OK.
4. Click File, then click Add/Remove Snap-in.
5. On the new window, click the Add button.
6. On the new window, select Certificates and click Add.
7. Select Computer account for the snap-in and click Next.
8. Click Local computer and click Finish.
9. Click Close on the Add Standalone Snap-in window.
10. Click OK on the Add/Remove Snap-in window.

Import the Intermediate SSL Certificate

11. In the MCC Console, click ▸ to expand Certificates (Local Computer).
12. Right click on the Intermediate Certification Authorities folder, hover over All Tasks and click Import.
13. On the new window, click Next.
14. Click Browse, find your previously uploaded intermediate certificate file and click Open.
15. Click Next, verify that the certificate information is proper and click Finish.
16. Close the the import was successful notification.

Install your SSL certificate

17. Click on your Start Menu, then click Run.
18. In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
19. Under the Connections panel on the left, click on your Server Name.
20. In the main panel under the IIS section, double click on Server Certificates.
21. Under the Actions panel on the right, click Complete Certificate Request.
22. On the new window, click ... to browse, find your previously uploaded primary certificate file and click Open.
23. Add a Friendly name to easily identify this certificate in the future.
24. In the certificate store option, select Personal and click OK.

Bind the SSL certificate

25. Under the Connections panel on the left, click ▸ to expand the Sites folder.
26. Click the Site Name that you plan to install the SSL certificate onto.
27. Under the Actions panel on the right, find the Edit Site section and click Bindings.
28. On the new window, click Add and fill out the following information:
• Type: select https.
• IP Address: select All Unassigned.
• Port: type in 443.
• Host name: leave this empty.
• SSL Certificate: select your recently installed SSL.
29. Click OK to confirm, then Close for the Site Bindings window.

Restart IIS

30. Under the Actions panel on the right, find the Manage Website section and click Restart.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

• Microsoft IIS 7

Not the right server type? Go back to the list of installation instructions. 

After your certificate request is approved, you can download your certificate  from the SSL manager and install it on your IIS 7 server.

Copy your certificate files onto the server

1. Find the directory on your server where certificate and key files are stored, then upload your intermediate certificate (gd_iis_intermediates.p7b or similar) and primary certificate (.crt file with randomized name) into that folder.

Add a Certificate Snap-in to the Microsoft Management Console (MMC)

2. Click on your Start Menu, then click Run.
3. In the prompt, type mmc and click OK.
4. Click File, then click Add/Remove Snap-in.
5. On the new window, click the Add button.
6. On the new window, select Certificates and click Add.
7. Select Computer account for the snap-in and click Next.
8. Click Local computer and click Finish.
9. Click Close on the Add Standalone Snap-in window.
10. Click OK on the Add/Remove Snap-in window.

Import the Intermediate SSL Certificate

11. In the MCC Console, click ▸ to expand Certificates (Local Computer).
12. Right click on the Intermediate Certification Authorities folder, hover over All Tasks and click Import.
13. On the new window, click Next.
14. Click Browse, find your previously uploaded intermediate certificate file and click Open.
15. Click Next, verify that the certificate information is proper and click Finish.
16. Close the the import was successful notification.

Install your SSL certificate

17. Click on your Start Menu, then click Run.
18. In the prompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
19. Under the Connections panel on the left, click on your Server Name.
20. In the main panel under the IIS section, double click on Server Certificates.
21. Under the Actions panel on the right, click Complete Certificate Request.
22. On the new window, click ... to browse, find your previously uploaded primary certificate file and click Open.
23. Add a Friendly name to easily identify this certificate in the future.
24. Click OK.

Bind the SSL certificate

25. Under the Connections panel on the left, click ▸ to expand the Sites folder.
26. Click the Site Name that you plan to install the SSL certificate onto.
27. Under the Actions panel on the right, find the Edit Site section and click Bindings.
28. On the new window, click Add and fill out the following information:
• Type: select https.
• IP Address: select All Unassigned.
• Port: type in 443.
• Host name: leave this empty.
• SSL Certificate: select your recently installed SSL.
29. Click OK to confirm, then Close for the Site Bindings window.

Restart IIS

30. Under the Actions panel on the right, find the Manage Website section and click Restart.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

 

Others

• AWS SERVER

Not the right server type? Go back to the list of installations instructions.

After your certificate request is approved, you can download your certificate from the SSL manager and install it on your Amazon Web Services (AWS) server. This guide focuses on the Application Load Balancer (ALB)within the Elastic Load Balancer (ELB) platform.

 Note:
• You can generate a certificate signing request (CSR) on your Elastic Compute Cloud (EC2) instance. There are multiple ways to do this. Check your server documentation for more information.
• If you're utilizing the Elastic Container Service (ECS), you'll want to connect to your Windows. or Linuxinstance and install the certificate manually.

1. Sign in to your Amazon EC2 console at https://console.aws.amazon.com/ec2.
2. In the Navigation menu on the left, expand NETWORK & SECURITY and select Load Balancers.
3. In the main panel, select the load balancer where you wish to upload your certificate.
4. In the new section below, click on the Listeners tab.
5. Click Change in the SSL Certificate column for your HTTPS (Secure HTTP)Load Balancer Protocol.
6. In the new Select Certificate window, click the radio button for Upload a new SSL certificate to AWS Identity and Access Management (IAM).
7. For Certificate Name, type in a name that will allow you to easily identify your SSL at a later date
8. For the Private Key field, simply paste the text from your coolexample.com.key file.
• This should include the "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" lines.
9. For the Public Key Certificate field, simply paste the text from your randomly named .crt file.
• Be sure to should include the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.
10. For the Certificate Chain field, simply paste the text from your gd_bundle.crt (or similar) file.
• Be sure to should include the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.
• You should have a total of three certificate bundles in this text field.
11. Click the blue Save button to finalize your SSL install.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

 

 

• Microsoft Azure Web App

After your certificate request is approved, you can download your certificate  from the SSL manager and install it on your Microsoft IIS Server. Once the certificate is installed on your IIS server, follow this guide to convert the certificate to a .pfxfile and upload it to your Microsoft Azure Portal.

If you are utilizing an Azure Virtual Machine instead of an Azure Web App, you will want to connect to your instance and install the certificate manually. 

1. Click on your Start Menu, then click Run.
2. In the puallyrompt, type inetmgr and click OK to launch the Internet Information Services (IIS) Manager.
3. Under the Connections panel on the left, click on your Server Name.
4. In the main panel under the IIS section, double click on Server Certificates.
5. Select your recently installed certificate.
6. Under the Actions panel on the right, click Export....
7. In the new window, click ... under the Export to: section.
8. Find the directory on your server where certificate and key files are stored, then type out your desired File name. Click Open.
9. For the Password and Confirm password fields, type in a password to secure the file. This will be used when uploading the file to Azure.
10. Click OK to create the .pfx file.
11. Sign in to your Azure portal at https://portal.azure.com. 
12. On the left sidebar, click App Services and select your app in the new listing column that appears.
13. On the left sidebar within your application area, find the SETTINGS grouping and click SSL certificates.
14. In the new SSL area, click Upload Certificate.
15. On the Add certificate sidebar to the right, click the folder icon to browse and select your .pfx file and click Open.
16. Type out your password for the .pfx file in the Certificate password field and click Submit.
17. In the main SSL area, click Add binding below your new certificate.
18. On the Add SSL Binding sidebar to the right, select your Hostname and Certificate.
19. Choose SNI SSL for SSL Type and click Add Binding to finalize the SSL install.

Next steps

• Use our Certificate Checker to confirm the SSL is installed.
• Redirect your web app to HTTPS with a web.config file.

 

More info

• Renewing your SSL certificate.

 Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights r