To home page

Configuring an SSL certificate in Vesta CP

Description of the procedure for setting up SSL certificates on a server with the Vesta control panel

Create a self-signed certificate using openssl.

Generate a self-signed certificate: ``.shell $ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'

Options that you might want to change while creating the self-signed certificate:

| Option | Description |
| ----------- | ----------- |
| -newkey rsa:4096 | Create a 4096-bit RSA key. | 
| -keyout key.pem | Save the key to a key.pem file. | 
| -out cert.pem | Save the certificate in the cert.pem file. | 
| -nodes | Do not protect the private key with a password. | 
| -days 365 | The number of days the certificate is valid. | 
| -subj '/CN=localhost' | Use this option to avoid questions about the contents of the certificate. Replace localhost with the domain name. | 

----------------

Configuring SSL certificate in VestaCP

To configure the SSL certificate go to the tab **"WEB "**

Press **"Edit "** button on **the desired site** 

![file](/media/article/img/%D0%9C%D0%B5%D0%BD%D1%8E_494_3.png)

In the new window find **"SSL Support "** enter data from the certificate you created with **openssl** or create a new request as described below 

![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_499.png)


When placing an order for a certificate, you have to **"Generate a CSR Request "** to do this, a new window will open where you have to enter your domain details.

![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_498.png)

you get three variables.

* SSL CSR request
* SSL certificate
* SSL certificate key

Data from SSL CSR field must be inserted when purchasing a certificate, this certificate stores the name of your domain name.

After successful verification of the domain, you will receive an archive with 4 files (depending on ssl certificate type). Using Comodo Security Services as an example:

* domain_com.crt
* AddTrustExternalCARoot.crt
* COMODORSAAddTrustCA.crt
* COMODORSADomainValidationSecureServerCA.crt

These ssl-certifications you need to open in notepad and then sequentially add the contents of files on the page of domain editing:

* SSL certificate → insert code from file domain_com.crt
* SSL certificate key → paste the code that was generated when you clicked on the "Generate CSR request" link
* Certificate Authority SSL / Intermediate -> insert the code from AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt.


![file](/media/article/img/%D0%92%D1%8B%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_496_1.png)

Saving changes.

------------------------

It remains only to register redirects from http to https in the file **.htaccess** in the directory of your site, add lines in it:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


That's it, now you will have **https**

You can check if your certificate is installed correctly using this [service] (https://www.sslshopper.com/ssl-checker.html).
Need help?Our engineers will help you free of charge with any question in minutesContact us