After installing the SSL certificate successfully on your web server, If you are getting some error like "unknown certificate issuer" while accessing the URL "https://www.yourdomain.com/", this blog post might resolve your problem, read on!
SSL protocol (https://) is a must for any E-Commerce website if you intend to accept payments on your own website. The first step to install a SSL certificate on your server is to generate a private key. This key (KEY) will allow you to generate a certificate signing request (CSR) and which you can then take to the certificate selling authority and get the certificate (CRT).
How to install SSL certificate on your cPanel based web server.
Log into your cPanel and go to SSL/TLS Manager. The SSL/TLS Manager will allow you to generate SSL certificates, signing requests, and keys. These are all parts of using SSL to secure your website.
Click on the “Generate, view, upload, or delete your private keys” link
Creating a Private Key (KEY)
The first step to installing a SSL certificate is to create a private key file to be used with your SSL certificate. Please note that this private key file must be used with the specific SSL certificate that it is for. This private key is secret and should not be given out. Please note that there is no way to recover a private key file if it is lost.
Just go to the ‘Generate a New Key’ area and select the domain from the drop down, make sure you add www in front of the domain name in the “Host” text field if you want the certificate to work on www.domain.com. Select "Key Size=2048" from the drop down, otherwise certificate selling might send you back to get a new key. Press ‘Generate’ and it will create and save the key for you. This Key has been stored on dedicated server for you to be used for CSR and installing certificate later.
Now ‘Return to SSL Manager’ and go to the next step of generating CSR.
Click on the ‘Generate, view, or delete SSL certificate signing requests’ link.
Creating a SSL Certificate Signing Request
If you are obtaining a certificate from a trusted SSL provider, you must complete the signing request form to provide the information needed to generate your SSL certificate.
You will see the domain name in the drop down select box here for which you created the key in the first step. Go on to complete the other fields and hit “Generate”. If everything goes right, you will see ‘Certificate Signing Request generated!’ message. Now copy the —–BEGIN CERTIFICATE REQUEST—– until —–END CERTIFICATE REQUEST—–
Now use this CSR to buy your SSL certificate. Your CSR has also been saved on the server.
Click on the "Return to SSL Manager"
Once you get your SSL certificate, in my case, I got “thawte SSL” certificate. To install it on your server, In the SSL Manager of your cPanel, click on “Generate, view, upload, or delete SSL certificates”
Thawte provided two certificates. You add first one in the Certificate (CRT) and upload it.
Then go to the "Setup a SSL certificate to work with your site."
Installing Certificates on server
Paste the certificate in the text area or choose a .crt file and hit ‘upload’. And here is the trickiest part, Thawte had provided two certificates, You have to add first one here. Both provided certificates have same labels such as —–BEGIN CERTIFICATE—–: and —–END CERTIFICATE—–:
After uploading your certificate successfully, ‘Return to SSL Manager’,
This is the last step for SSL installation.
Activating SSL on Your Web Site (HTTPS)
Click on the "Setup a SSL certificate to work with your site." Select the domain for which you are setting up SSL certificate from the drop down select box. As soon as you select a domain name, It will fetch its stored key and certificate (.crt) from server and populate the following boxes automatically. If it does not, then, try to his ‘Fetch’ button and hopefully it will get the required information and if it still fails, go back and check your step 1 and 2.
If your Certificate (CRT) and Key (KEY) boxes are filled it information, all you have to do is to add the second certificate in the "Ca Bundle (CABUNDLE)" text area. It says the ‘Paste the ca bundle here (optional):’ thawte did not mention it was a CA Bundle and where would it be added; they just called it a certificate.
Although it says "Paste the ca bundle here (optional):" but it definitely is not optional! Failing to add this second certificate (CA Bundle) will give you "unknown certificate issuer" error.
Add the CA Bundle and press "Install Certificate" That’s it. Now open https://www.yourdomain.com/ and hopefully you will see a padlock in your status bar/address bar.
Hope that helps.
Cheers!