To get an SSL certificate you need to first generate a CSR (Certificate Signing Request) on your server. To do this:
- Pick your the relevant domain or subdomain from the dropdown at the top of the blue sidebar
- Go to
Edit mail aliases
and create an alias forwebmaster@example.com
to forward to your real email address (example.com
is a placeholder, use the domain or subdomain you're ordering the cert for) - Go to
Server Management > Manage SSL Certificate
on the blue sidebar - Click the
Create Signing Request
tab at the top - In
Server names
at the top of the form, remove thewww.
part of name if present, that shouldn't be included - Leave the big
Other domain names
box under that blank - For email address enter
webmaster@example.com
(whereexample.com
is the cert domain) Department
can be left blank unless you work for a large companyOrganisation
should be your company name, or your name if you're an individual.City
andState
should be filled out with your city or town, and your county, respectivelyCountry code
should beGB
if you're in the mainland UK (UK
is not a valid ISO country code).SSL key size
should be either2048
or4096
, use the default if this doesn't make sense to youCertificate hash type
should beSHA2
- Click
Generate CSR Now
A private key and a CSR should now be generated for you. You don't need to worry about the private key, Virtualmin has already installed that in the right place for you. You will now need to send that CSR to us using the customer portal.
You should have received an email from us with the subject "SSL Certificate Configuration Required, containing a link. If you click that link it will take you to a configuration page in our Customer Portal, which will ask you for the CSR. In Virtualmin, copy the section that looks like this:
-----BEGIN CERTIFICATE REQUEST----- lots of random letters and numbers -----END CERTIFICATE REQUEST-----
Be sure to include the lines with the dashes, as they're part of the CSR. Now that you have this copied, go back to the configuration page on the Customer Portal and paste it into the box at the top. Ensure you don't have any extra spaces or blank lines above or below the CSR, it won't be accepted if there are.
You can then fill out the remainder of the form. Where it asks for Title
you should enter your job title.
When complete, you should press the Click to Continue >>
button at the bottom. Due to a bug, it may reject your CSR the first time you submit it, but if you scroll down and click the button a second time it should accept it. If it fails on the second attempt then you should double-check that there are no blank spaces or blank lines before/after your CSR. If you're still unable to submit your CSR, create a support ticket, and include your CSR in the ticket so we can double-check it for you.
If your CSR is accepted you will be asked to pick a verification email address from a list of predefined email addresses. Pick the webmaster@example.com
(where example.com
is the cert domain) email address that you set up earlier, and then press the Click to Continue >>
button.
Comodo will then send you an email with further instructions for confirming that you're really the domain owner, and that you are happy for them to issue the certificate. Follow the steps they require. Once complete, your certificate will then be emailed to you, usually this is sent within an hour for Positive SSL and Essential SSL Wildcard, and can take a few days for EV SSL due to the Extended Validation checks.
When you have the certificate, download the zip file from the email and unzip it. Inside there should be a .crt
file with your domain name, which needs to be installed on the server. To do this:
- Go back to Virtualmin
- Pick your the relevant domain or subdomain from the dropdown at the top of the blue sidebar
- Go to
Server Management > Manage SSL Certificate
on the blue sidebar - Click the
Apply Signed Certificate
tab at the top - Press the circle radio button next to
Uploaded file
- Press the paperclip button and attach the
.crt
file with your domain name - Click
Install Now
to install the certificate
You will also need to install the CA Bundle (sometimes called the intermediate certificate). To do this:
- Go to
Server Management > Manage SSL Certificate
on the blue sidebar - Click the
CA Certificate
tab at the top - Press the circle radio button next to
Uploaded file
- Press the paperclip button and attach the
.ca-bundle
file with your domain name - Click
Install Now
to install the CA certificate
That's it, your SSL certificate should now be installed. If you have any questions please create a support ticket, and we'd be happy to help.