Answering all your most pressing questions about SSL and cPanel

For many, cPanel and WHM are the golden standards when it comes to the web hosting control panels. They also come with a graphical interface and intuitive automation tools and they’re generally reliable and easy to use.

But that doesn’t mean you won’t still run into some questions when it comes to installing an SSL/TLS Certificate on cPanel or WHM.

That’s why we’ve taken some time to compile a list of frequently asked questions to help make your experience with SSL on cPanel or WHM even easier. Check them out:

Q.1) What is SSL/TLS?

SSL/TLS is a protocol for encrypting communication on the internet. When a client (web browser) access a server (which hosts a website) and an SSL/TLS Certificate has been installed, the client and server perform what is known as the SSL Handshake. During this “handshake,” the browser checks the validity of the certificate and, assuming the certificate is authentic and up to date, determine encryption strength and create a pair of session keys. From this point on, all communication between the client and the server is encrypted and safe from the prying eyes of third parties (Hackers & Cyber Criminals).


Q.2) What is an SSL certificate?

An SSL Certificate, sometimes called a TLS Certificate, serves two purposes. The first is to facilitate an encrypted connection between a client and a server using the SSL/TLS protocol. The second is to authenticate the identity of the company or organization that owns the certificate.


Q.3) What is a Certificate Authority (CA) bundle?

A CA Bundle is a file that contains both root and intermediate certificates. These will be necessary during the installation of your SSL Certificate in order to create the correct certificate chain.


Q.4) What is Server Name Indication?

Server Name Indication (SNI) is an extension of the SSL/TLS protocol that allows the server to not only handle but also deliver multiple SSL Certificates from a single IP Address.


Q.5) What is a shared SSL certificate? How do I install one?

A Shared SSL Certificate is a universal SSL Certificates that protects the temporary URL that you can access your website under. Typically, this is only used for the migration periods when a client is switching their website from another host. This will allow the client to understand how their website will operate once they’ve installed the new SSL Certificate and migrated their domain over to the web host.


Q.6) How do I Generate an SSL Certificate and Signing Request?

  • Follow the steps listed in this guide to generate a Certificate Signing Request (CSR) within cPanel.
  • Follow the steps listed in this guide to generate a Certificate Signing Request (CSR) within WHM.


Q.7) How do I Manage my SSL Hosts?

Management of your SSL Hosts can be done in both cPanel and WHM. For cPanel everything will be managed by the SSL/TLS Manager when you login into cPanel. At that point, you’ll be given the ability to generate a certificate signing request, install an SSL Certificate, and download all the important details of the SSL Certificate.

WHM has the same control but will instead be located under the SSL/TLS link at the bottom of the page when you log in to WHM. This will present you all the options necessary to manage and install SSL Certificates for your clients.


Q.8) How to Install SSL Certificate on cPanel/WHM

Follow the steps listed in this guide to install an SSL Certificate on cPanel.


Q.9) My certificate will not install – I receive a message about a certificate/key mismatch.

This error is associated with cPanel/WHM not finding the SSL Certificate’s Private Key to complete the installation. This is often caused because the Certificate Signing Request (CSR) was generated outside of cPanel/WM and was never imported into the control panel.

To resolve the issue, you would have to re-issue the SSL Certificate within your account with us using a Certificate Signing Request (CSR) that was generated within your cPanel/WHM account.


Q.10) My certificate will not install – I receive a message about a dedicated IP.

This error is typically associated with a hosting environment that is using a Shared IP Address without Server Name Indication (SNI) being enabled.

To resolve this issue, you would have to contact either your system administrator or web host to see if they can enable SNI or request a dedicated IP Address.

Note: A dedicated IP Address may carry an additional cost from your hosting provider.


Q.11) My certificate installed, but my visitors see a warning about a domain mismatch.

This error is caused due to the server delivering another SSL Certificate for another domain that is not the current one being accessed or a self-signed SSL Certificate.

To resolve this issue, you would have to ensure that the SSL Certificate is installed properly for the domain. If the issue is still present, you would want to reach out to your administrator and/or web host to further troubleshoot the issue.

Important Resources


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.