Knowledge Base

How to install a GlobalSign SSL certificate

This article describes how to order and install a GlobalSign SSL certificate on your Webhost.Berlin account that does not support "one-click" installation. These SSL certificates currently are:

  • GlobalSign Alpha Wildcard SSL
  • GlobalSign Domain Verified Wildcard SSL
  • GlobalSign Organization Verified SSL
  • GlobalSign Organization Verified Wildcard SSL
  • GlobalSign Extended Validation SSL
  • Most Webhost.Berlin servers support Server Name Indication (SNI), which means SSL certificates do not require a dedicated IP address to work correctly. However, to ensure complete compatibility, you should consider purchasing a dedicated IP address. For more information about SNI support at Webhost.Berlin, please see this article.
  • If you want to install a GlobalSign OneClick SSL certificate, please see this article instead.

Installing a GlobalSign SSL certificate

You can use a GlobalSign SSL certificate to add SSL encryption to your web site. Some types of SSL certificates, such as wildcard certificates, also enable you to provide encryption for a domain and all of its subdomains.

To set up SSL for your web site, you first generate a private key and Certificate Signing Request (CSR). After you order the certificate through the Webhost.Berlin Customer Portal, you receive an e-mail that allows you to submit the CSR to the signing authority. The signing authority generates the SSL certificate, and then sends it to you by e-mail for installation on your site.

To order, configure, and install your GlobalSign SSL certificate, please go through the following procedures in the order in which they appear.

Generating a private key and CSR

The first step is to generate a private key and CSR (Certificate Signing Request) for your domain. Depending on the type of account you have, you may need to do this from the command line. For example, if you have a Dynamic (semi-managed) VPS, you can use the OpenSSL command-line tool to generate a private key and CSR. For information about how to do this, please see this article.

If your account includes cPanel access, however, you can use it to generate the private key and CSR. To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the Security section of the cPanel home screen, click SSL/TLS Manager.
  3. Under Private Keys (KEY), click Generate, view, upload, or delete your private keys. The Private Keys page appears.
  4. Under Generate a New Private Key, confirm that the Key Size is set to 2,048 bits.
  5. In the Description text box, type a descriptive name for the key, such as GlobalSign cert key.
  6. Click Generate. cPanel generates and displays the private key. You are now ready to generate a Certificate Signing Request (CSR).
  7. Click Return to SSL Manager.
  8. Under Certificate Signing Requests (CSR), click Generate, view, or delete SSL certificate signing requests. The SSL Certificate Signing Request page appears.
  9. Under Generate a New Certificate Signing Request (CSR), in the Key list box, select the description for the private key you generated in step 6.
  10. In the Domains text box, type the domain that you want to secure with the certificate.
    • For non-wildcard SSL certificates, make sure you include the www subdomain (for example, www.example.com). This ensures the GlobalSign SSL certificate secures both the primary domain (example.com) and the www subdomain (www.example.com).
    • For wildcard SSL certificates, type the domain name preceded by an asterisk and period (*.). For example, if your domain name is example.com, type *.example.com.
  11. Complete the remaining fields for the CSR.

  12. To create the CSR, click Generate. cPanel generates and displays the CSR.
  13. Copy the CSR text located between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST headers, and then save it locally on your computer. You will need this information later during the SSL configuration process.
Ordering the certificate

After you create a private key and CSR, you are ready to order the certificate. To do this, follow these steps:

  1. Log in to the Customer Portal.
    If you do not know how to log in to the Customer Portal, please see this article.
  2. On the menu bar, click Services and then click ORDER NEW SERVICES:

    Customer Portal - Services - Order New Services

  3. In the Categories sidebar, click SSL Certificates.
  4. Locate the GlobalSign SSL certificate that you want, and then click Order Now. The Configure page appears.
  5. In the Domain text box, type the domain name that will use the SSL certificate.

    • For non-wildcard SSL certificates, make sure you include the www subdomain (for example, www.example.com). This ensures the GlobalSign SSL certificate secures both the primary domain (example.com) and the www subdomain (www.example.com).
    • For wildcard SSL certificates, just type the domain name (example.com). Do not add an asterisk and period (*.) to the start of the domain name.
  6. Click Continue. The Review & Checkout page appears.
  7. Click Checkout. The Checkout page appears.
  8. Under Payment Details, select the payment method that you want to use.
  9. Select the I have read and agree to the Terms of Service check box.
  10. Click Complete Order. After the order is processed, you receive an e-mail message from Webhost.Berlin.
Configuring the certificate

After you order the certificate, you receive an e-mail from Webhost.Berlin with the subject SSL Certificate Configuration Required. To configure the certificate, follow these steps:

  1. Open the e-mail message, and then click the configuration URL. The URL resembles the following:
    https://berlin.hosting/configuressl.php?cert=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    If you are not currently logged in to the Webhost.Berlin Customer Portal, you must log in before configuring the certificate.
  2. The Configure SSL Certificate page appears. Under Server Information, in the Web Server Type list box, select the web server.
    If you have a cPanel account, select Apache +ModSSL.

    GlobalSign SSL - Configure server type

  3. In the CSR text box, paste the CSR text that you copied in the previous procedure. Make sure the CSR text is between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST headers.
  4. Under Administrative Contact Information, complete the fields.

    Make sure you specify a valid e-mail address in the Email Address text box. Otherwise, you will not receive the SSL certificate from the signing authority.
  5. Click Click to Continue. After a few moments, the Configure SSL Certificate page reappears with a Certificate Approver Email section:

    GlobalSign SSL - Approver e-mail

  6. Select a valid e-mail address that you can use to approve the certificate application, and then click Click to Continue. The Configuration Complete page appears.
  7. Open the e-mail message, and then click the approval URL. The Approve or Reject SSL Certificate Application page appears.
  8. Review the application details, and then click I APPROVE. The signing authority reviews the application, generates the certificate, and sends it to the e-mail address you specified as the administrative contact.

    The application process frequently undergoes a manual review by the signing authority. Therefore, it may take some time until you receive the e-mail with your certificate. In other words, you do not receive the certificate as soon as you click I APPROVE.
Installing the certificate

After you receive the e-mail message from GlobalSign that contains your certificate, you can install it on the web server. Depending on the type of account you have, you may need to do this from the command line.

If your account includes cPanel, however, you can use it to install the certificate. To do this, follow these steps:

  1. Log in to cPanel.
    If you do not know how to log in to your cPanel account, please see this article.
  2. In the Security section of the cPanel home screen, click SSL/TLS Manager.
  3. Under Certificates (CRT), click Generate, view, upload, or delete SSL certificates. The Certificates page appears.
  4. Under Upload a New Certificate, in the Paste your certificate below text box, paste the certificate text from the e-mail that you received from GlobalSign. Make sure you include the BEGIN CERTIFICATE and END CERTIFICATE headers.
  5. In the Description text box, type a descriptive name for the certificate, such as GlobalSign cert for example.com.
  6. Click Save Certificate.
  7. Click Go Back, and then click Return to SSL Manager.
  8. Under Install and Manage SSL for your site (HTTPS), click Manage SSL sites.
  9. Under Install an SSL Website, click Browse Certificates, select the certificate you want to use, and then click Use Certificate. cPanel fills in the Certificate (CRT), Private Key (KEY), and Certificate Authority Bundle (CABUNDLE) fields automatically.
  10. In the Domain list box, select the domain you want to secure with the certificate.
  11. Click Install Certificate. cPanel installs the certificate on the server and enables SSL. When the process is complete, you receive an SSL Host Successfully Installed message.
  12. Click
    . You can now securely access the specified domain by using the https:// prefix in a web browser.
    If you are using a wildcard SSL certificate, you must also install the certificate for your subdomains. To do this, follow these additional steps:
    1. Under Manage Installed SSL Websites, locate your primary domain, and then in the Actions column, click Use Certificate for New Site.
    2. Under Install an SSL Website, in the Domain list box, select the subdomain you want to protect with the wildcard certificate.
    3. Click Install Certificate. cPanel installs the certificate for the subdomain.
    4. Repeat steps 1 to 3 for any other subdomains that you want to protect with the wildcard certificate.

 

More Information

For more information about GlobalSign AlphaSSL, please visit http://www.alphassl.com.