An SSL certificate for VPS/VDS is used to ensure the security of data transfer between the client and the server. An SSL certificate is used to protect the transmitted data by encryption, which prevents access to this data by intruders.
An SSL certificate for VPS/VDS also helps in improving user trust in your site, as it ensures that your site is secure and trusted. In addition, the SSL certificate improves the SEO optimization of the site, since Google and other search engines prefer sites protected by the HTTPS protocol.
certificate file and certificate chain;
certificate key. The key is generated before ordering the certificate, a CSR request is generated based on the key.
root-access to the server.
Where does the data for installing the certificate come from?
The archive with the data for installing the SSL certificate will be sent immediately after the certificate is issued to the contact email address you specified when registering on the PQ.Hosting website.
You can also download the archive in the personal account of PQ.Hosting in the SSL certificates section
If when ordering an SSL certificate you did not enable the option "Do not save the key in the system", the key can be found in your personal account in the SSL certificates section. If for some reason you have not saved the key, issue the certificate again using a new CSR request.
Installing an SSL certificate on a VPS/VDS or dedicated server
1. Enable the ability to use SSL for the user who owns the domain: Users → select user → Access.
2. Log in under this user's account.
3. Go to SSL Certificates → Add Certificate button
4. Specify the certificate type "Existing" and fill in all fields:
The name of the SSL certificate is the name of the certificate under which it will be displayed in the system. It can contain letters of the Latin alphabet, numbers, dots, as well as the signs _ and -.
SSL certificate — the contents of the SSL certificate in PEM format.
The SSL certificate key is the contents of the SSL certificate key in PEM format.
SSL Certificate chain — the contents of the SSL certificate chain file (Certificate bundle) in PEM format. In a letter from a certification authority, an archive usually arrives, in which there are two files — the certificate itself and the certificate chain (a file with the .ca-bundle extension).
5. After adding the certificate, you can enable it for the site: Sites → select site → Edit → in the drop-down menu, click Edit → in the SSL Certificates field, select the desired SSL certificate.
6. You can check the certificates by following the link:
https://www.ssllabs.com/ssltest/analyze.html;
https://www.sslshopper.com/ssl-checker.html.
Please note that the GlobalSign certification authority sends a chain file in PKCS7 format (extension .p7b). You can open this file in a text editor or convert it to PEM format. Example of a conversion command: openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
To find out which web server handles SSL requests - Apache or Nginx, run the command:
netstat -napt | grep 443
Installation on Apache
1. The certificate is installed in the Apache configuration file:
for Debian OS — /etc/apache2/apache2.conf;
for CentOS OS — /etc/httpd/conf/httpd.conf.
2. Add the certificate data to the VirtualHost section of your domain:
Configuration example
<VirtualHost 10.0.0.1:443>
DocumentRoot /var/www/user/data/www/domain.com
ServerName domain.com SSLEngine on
SSLCertificateFile /path/to/domain.crt
SSLCertificateKeyFile /path/to/domain.key
SSLCACertificateFile /path/to/ca.crt
</VirtualHost>
3. Restart Apache:
Command for CentOS OS
apachectl restart
Command for Debian OS
apache2ctl restart
Installing an SSL certificate on Nginx
The certificate is installed in the Nginx configuration file.
1. Combine the SSL certificate, intermediate and root certificates into one file your_domain.crt. You can find the certificate data in an email sent to your contact e-mail after the certificate is issued. You can also download them together with the main certificate in your personal account on the PQ.Hosting website.
Sample file
-----BEGIN CERTIFICATE-----
#Your certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Intermediate certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Root certificate#
-----END CERTIFICATE-----
2. Create your_domain.key file and copy the contents of the certificate's private key into it.
3. Copy the files your_domain.crt and your_domain.key to one directory. For example, /etc/ssl/.
4. Configure the server block in the Nginx configuration file as follows
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain.crt;
ssl_certificate_key /etc/ssl/your_domain.key;
server_name your.domain.com;
}
5, Restart the Nginx server:
/etc/init.d/nginx restart
If you have any difficulties installing an SSL certificate on your hosting account, contact support for additional help.