How To Setup Ssl


Can someone lead me to the steps that I need to do in order to pull the necessary SSL information for the SSL cert., and what I need to do in order to set everything up within my server?



Hello eUser,

First, you must make sure you have a dedicated/static IP for the Siteworx account you want to install a certificate on. Then, you have 3 options available:

1.) Create/Install a self-signed cert. (which can be upgraded to a CA-signed cert. at any later time). To do this, login to your Siteworx account and click the SSL option on the toolbar on the left-hand side. If there isn’t an SSL option in the toolbar, this means that this Siteworx account does not have permission to create SSL certificates. This can be changed in Nodeworx. Once at the SSL page, choose “Create Self-Signed Certificate”. Fill in the information for the certificate (all fields are required), paying special attention to the Common (domain) Name. Click “Generate Certificate”, and Siteworx will create your certificate and install it on your server.

2.) Create/Install a CA-signed cert. If you currently do not have an SSL certificate installed, the option you will see is “Create CA-Signed Cert”. If you already have a certificate installed (for example, a self-signed cert), you will see “Install CA-Signed Cert”. The interface for “Create CA-Signed Cert” is identical to “Create Self-Signed Cert”, and the instructions are the same. After clicking “Create CA-Signed Cert”, providing the necessary information, and submitting the form, you will be presented with two dialog boxes. The top box contains your CSR which you will need to provide to your certificate vendor. The box beneath is where you can paste the certificate information your vendor supplies. Click Install, and your CA-Signed cert will be installed. Note that if you leave this page, you can return to it again by clicking “Install CA-Signed Cert” from the SSL main page.

3.) Migrate an existing cert. To migrate an existing certificate, click on “Migrate Existing SSL Data Files”. From here, you will need to copy and paste the information from your SSL private key file and your SSL certificate. The CSR is optional. Click Install and Siteworx will install the provided SSL certificate on your server.

When creating a self-signed or CA-signed cert, you might run into a couple error messages that have been a little confusing to some people. The first error message is “You have specified a non-existing pointer domain and you have reached your quota for pointer domains” and the other is “You have specified a non-existing subdomain and you have reached your quota for subdomains.” Please refer to this thread for a detailed explanation of that error message.

I hope that helps, and let us know if you run in to any problems.


Thanks, I will follow your directions and hopefully I will not messup.



I bought one from Verisign, and it needs to know the software. The choices are

Microsoft IIS
Read Hat Linux

Which do I choose?



Apache (sometimes labled Apache / mod_ssl).


Worked like a charm for me once I figured out that common name was the domain name common name :slight_smile:

Anyway, you may want to think about ading the ability to edit the installed certificate (self signed anyway) and display the certificate data on the SSL screen once the certificate has been installed. All it says now is:

There is an SSL certificate installed, which is valid for the domain. You have the following options available:

? Install CA-Signed (Certificate Authority) Certificate
? Migrate Existing SSL Data Files
? Delete Certificate

My two cents

I finally got the cert. to work, but now I must install a root cert. Are there any instructions on how to do this?



As far as I know you have to do that by hand (however that works) unless a web interface is added in 1.8.1.


eUser, what do you mean by a ‘root cert’? all you should need is the cert that was generated for you and perhaps a chain cert. can you clarify?



I purchased the cert from Starfield tech (a godaddy company). I have the cert. installed on the server, but it also has a root cert. that needs to be installed on the server in order for no security warnings for some browsers. Here’ what they had said about the root cert.

"Before you install your issued SSL certificate you must install Starfield’s intermediate certificate on your Web server. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a trust-chain that begins at the trusted root CA, through the intermediate and finally ending with the SSL certificate issued to you. Such certificates are called chained root certificates. The usage of an intermediate certificate thus provides an added level of security as Starfield doesn’t need to issue certificates directly from the CA root certificate.

Additional information about why they need the root or intermediate cert. to be installed.

Any ideas on how to tackle this? The server host will not help me w/o charging me for the installation of this cert into the root directory. Any suggestions on how to add this to the server myself?



ok, this is called a “chain cert” as it chains the CA’s authority to a known root CA. You can just edit your /etc/httpd/conf.d/<domain>.conf file and add:

SSLCertificateChainFile /path/to/chain/cert

I’d put the chain cert in the /home/<user>/<domain>/cert directory.

Just restart apache when done and that should be it.


I will use the siteworx SSl utility.
It should ask you information about csr, …

See if there is any error (it should not as at least it will install your ssl certificate)

Then go into your httpd.conf

Locate (siteworx should have added these lines )

SSLCertificateFile          /directory_to_certificate/your issued certificate 
SSLCertificateKeyFile     /directory_to_keyfile/your key file 

then add this line (the intermidiere certificate or chain certificate)

SSLCertificateChainFile /directory_to_chain/your chain certificate

of course you may have to download manualy this last one in the same directory than the issued certificate and the key file (check the path in httpd.conf to be sure)

And it should be fine. But be carreful, I never install this type of certificate on a iworx-cp boxe. So I can’t be sure it will work fine. Maybe you should wait for a pro answer (like iworx team will do)

Hope it will help


erfff sorry Chris, we wrote our posts at the same times !!!

When I began to write mine, your answer didn’t be here :slight_smile:

Chris, correct me if I’m wrong but on an InteWorx box the httod.conf doesn’t do anything and is just “there” [Users have to edit the domainname.con.conf to effect changes] or does httpd.conf actually serve a purpose? (a template or something)?

if we’re talking about the /etc/httpd/conf/httpd.conf then yes, it does serve a purpose. It is the “main” httpd config file. configs for individual domains are stored in the /etc/httpd/conf.d/*.conf files as are 3rd party apache module configs. we often edit the main httpd.conf to tweak settings for performance and other reasons so it does serve a purpose :).


Chris, correct me if I’m wrong but on an InteWorx box the httod.conf doesn’t do anything

I always forget to write /etc/httpd/conf.d/*.conf in the posts I write. I know that but don’t know why, I’m always writing httpd.conf

So sorry for that to everybody !!!


Thanks for the information. Just one question, where and how to you upload the cert. to the root directory? Do you FTP it?



Thanks Chris. That’s exactly what I wanted to know.

Thanks for the information. Just one question, where and how to you upload the cert. to the root directory? Do you FTP it?

You can FTP it but I’d SCP instead eUser. Whenever you deal with certs you need to take special care about the transfer since their soul purpose is to encrypt data and verify authenticity.

If you’re not familiar with scp check out:


What about a CA-cert for the entire server, that is, the root domain or the domain that one enters the server with on nodeworx to admin.

Aside from inividual domains that may or may not need a cert, I want the basic, sans any other cert to be mine and not interworx’s.

Can I just go and add one like I would apache on any other server? Or do I need to watch out for something?