Creating versus Purchasing a SSL Certificate
Based on the needs of your website, you may decide to either create a self-signed certificate or purchase an SSL certificate. If your site only handles minimally senstitive data, then creating your own self-signed certificate may be appropriate.
If your site handles extremely senstitive data (such as credit card information), you should purchase an SSL certificate. Buying a certificate offers a third-party verification system to ensure visitors the security of your site.
Name-Based VirtualHosts and SSL
As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer. But the name of the host being requested is contained only in the HTTP request headers, which are part of the encrypted content. It is therefore not available until after the encryption is already negotiated. This means that the correct certificate cannot be selected, and clients will receive certificate mismatch warnings and be vulnerable to man-in-the-middle attacks.
In reality, Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer. In certain specific circumstances, it is acceptable to use a single SSL configuration for several virtual hosts. In particular, this will work if the SSL certificate applies to all the virtual hosts. For example, this will work if:
All the VirtualHosts are within the same domain, eg: one.example.com and two.example.com.
You have a wildcard SSL certificate for that domain (one where the Common Name begins with an asterix: i.e *.example.com)
Multi-domain SSL
Multi domain certificates make it possible to secure up to 100 domains on the same server with a single certificate. You can mix all your different second level domains (i.e. domain.com, domain.net, and otherdomain.com).
A multi domain certificate is best for organizations that have multiple unique domains hosted on a single server. This saves time and money while providing a high level of trust and security. Compare the cost of purchasing many individual certificates to purchasing a single multi-domain certificate (which can consolidate as many as 100 domain names)
Apache cPanel SSL Cert Installation
Installing your cPanel SSL Certificate
The following instructions are for cPanel 11. If you have a different version of cPanel, you will go through a similar process but you may need to ask your web host for specific instructions.
1.Download your Intermediate and Primary Certificate files from your certificate provider to the directory where you will keep your certificate and key files.
2.Login to your cPanel control panel.
3.Find and click on SSL/TLS Manager.
4.Click on Generate, view, upload, or delete SSL certificates.
5.Under the Upload a New Certificate section, click on the Browse button and find your Primary Certificate (yourdomain.crt) that you downloaded in the first step.
How to customize SSL Certificate buttons URL
To customize the Buy SSL Certificate and View Certificates buttons URL:
On Linux systems, issue the following command:
/usr/local/psa/bin/interface_template -p -cert_purchasing_url [url]
To remove the buttons for viewing and purchasing SSL certificates:
On Linux systems, issue the following command:
/usr/local/psa/bin/interface_template -p -cert_purchasing true
