Legacy


  1. Home
  2. Support
  3. Legacy
  4. SSL
  5. Installing a Self-Managed SSL Certificate via H-Sphere

Installing a Self-Managed SSL Certificate via H-Sphere


We offer self-managed SSL certificates on both whm.pipe.co and purely.domains for customers who wish to perform the process themselves without requiring assistance from Pipe Ten. This guide is written to help guide through that process when ordering and installing the SSL certificate for usage on our Legacy H-Sphere system.

Ordering the SSL Certificate

This part of the guide uses whm.pipe.co as the ordering location, however we do also offer self-managed SSL certificates at purely.domains and provide a guide for ordering them there.

1. Order the SSL certificate you wish to use by clicking the Order Now button.

2. After doing the above, you’ll be redirected to your cart where you’ll need to proceed with Checkout for your SSL certificate order. Simply click the Checkout button shown below to continue.

3. Once you’ve proceeded to Checkout, you’ll need to make sure your billing details are correct. These will auto-fill based on the billing address details already on your account, however you can alter these if you need to. You can choose to pay via credit on your account if you have any, or you can choose the payment method you wish to use if you have one already on your account. Once you’re happy with the details you have given, agree to the Terms of Service by clicking the checkbox and click Complete Order. Please ensure your payment details are valid and payment is able to be taken, otherwise this will cause a delay in processing your order.

4. You’ll then proceed to an Order Confirmation page where you will be greeted by your Order Number. It is important you take note of this in case you require support in the future regarding the order. Once you have done so, it is safe to leave this page.

5. Once we have received the order we will then process this as soon as possible. If there are any issues with your order, we will get in touch via the contact details on the account. If you have any issues with the order you have submitted, please submit a support ticket via your Client Area and provide the Order Number you have taken note of for our reference.

Generating the CSR and Private Key within H-Sphere

Before proceeding with configuring your new SSL certificate, you will need to generate a CSR and Private Key beforehand. You will be asked to supply the CSR to before you can complete the order.

The CSR and Private Key for your site can be generated within your control panel when installing a temporary SSL certificate. You can access this by logging into your hosting account at my.pipe.co. Once you’ve logged in there, you will need to access the site’s Web Services you’re wishing to install the SSL certificate on.

1. Navigate to Domain Settings > Domain Info.

2. Click the domain you wish to generate a CSR and Private Key for.


3. Click the Edit icon in the Web Service field.

4. Click on Generate Self Signed SSL Certificate. This will generate the CSR and Private Key you will need, as well as a temporary SSL certificate for your site. If you already have a valid SSL certificate installed, you will have to disable this or use different means to generate a CSR and Private Key for your domain.

Please Note: If you are on a shared Windows server at this point, you will need to add a dedicated IP address for the site you’re wishing to install the SSL certificate on.

5. You will be prompted to Input the correct information into the SSL Certificate Signing Request Parameters. This section auto-fills using the details on your hosting account, so don’t make changes to the data if you are not sure about the purpose of these changes. The details here will be what are listed in the CSR used for requesting your certificate.

6. A Certificate Signing Request (CSR) , Private Key, and SSL Certificate will be generated. Create a copy of each and save them to a safe area on your computer. The main ones you will need to proceed with your SSL order are the CSR and Private Key. DO NOT MISPLACE THE PRIVATE KEY. The temporary SSL certificate is just temporary as you will be overwriting this when you have your new certificate issued.



Now you’ve finished generating the CSR and Private Key, you should be able to proceed with configuring your new SSL order.

Configuring the SSL Certificate Order

1. Once your SSL order has been processed, you will then receive an email labelled with the subject of SSL Certificate Configuration Required. If you have not received this email, please ensure you check your spam folder before getting in touch with us. An example of the email can be seen below. In order to proceed with the configuration of the certificate, click the link within the email to be redirected to the page where you can perform the configuration.

2. The link will send you to this page shown below, where you will need to click on your most recent SSL order that isn’t shown as configured or complete.

3. After doing the above, you’ll then need to click Configure SSL Certificate, as shown below.

4. You will then be taken to a page where you will need to submit the type of Web Server your website is hosted on as well as a Certificate Signing Request (CSR).  You should have generated a CSR in one of the previous steps of this guide. Since you’re hosted with Pipe Ten’s legacy hosting services, you will need to select H-Sphere as the server type.


5. Make sure you check the email address under the Administrator Contact Information as it needs to be correct and able to receive emails. This will be where any notifications regarding certificate expiry and renewal dates will be sent to.

6. After providing all the required details, you’ll then be given a list of emails/mailboxes to choose from to send the validation email to. These will need to be one of the following:

admin@yourdomain.co.uk
administrator@yourdomain.co.uk
hostmaster@yourdomain.co.uk
postmaster@yourdomain.co.uk
webmaster@yourdomain.co.uk

This will also be where your certificate gets sent once domain validation has been completed. Ensure the mailbox chosen here is accessible and able to receive emails so that you can complete the configuration. It is also a good idea to check on the left hand side that all the information within your CSR is correct.

Please note: webmaster@ and postmaster@ mailboxes will already be present on your hosting account if you have our mail services enabled. If using our mail services and not a remote email provider, you will need to ensure Discard Incoming Mail is turned off for your webmaster@ mailbox if you wish to use this for domain validation.

7. After choosing which email address to have the email sent to, you should receive one that looks like the one below. You will need to follow the link and input the provided code to complete domain validation.

8. Once domain validation is successful, you should shortly receive an email similar to the one below. You can either download the certificate with its intermediate/chain bundle, or you can copy the plain text version of the certificate towards the bottom of the email. Ensure you include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– sections.

Installing the SSL Certificate

Since you will have already installed the temporary SSL certificate, the installation of your issued one will be classed as editing an existing SSL certificate.

1. Navigate to Domain Settings > Domain Info.


2. Click on the domain you’re wishing to install the SSL certificate on.

3. Click the Edit icon in the Web Service field.

4. Click the Edit icon in the SSL Support field.

5. Various input fields will be displayed:

Install Certificate based on previously generated Certificate request: An SSL certificate can be placed here that has been generated from the CSR acquired during the Install Temporary SSL steps.

Install completely new Certificate key and file pair: Used for installing a renewed SSL. A new SSL can be installed by inputting the Private Server Key and new SSL Certificate in the relevant boxes.

Certificate Chain File: Used to legitimise the SSL signing authority, the Chain File can be built and placed in this section.

Certificate Authority File: Similar to the Certificate Chain, a CA file can be placed in this section to legitimise your SSL to receiving parties.

Certificate Revocation File: In the case of the Private Server key being leaked, a Certificate Revocation List can be placed in this section to ensure any third parties are aware to be distrustful of the site.

You will be using the Install completely new Certificate key and file pair sections to install the private key and SSL certificate.

6. Click Upload once you’re confident you have added in the Key and Certificate into the appropriate fields. Ensure you keep the —–BEGIN—– and —–END—– top and bottom parts of the contents in place, as you can see in the image above. Once installed, you should receive a Information: SSL Config has been updated successfully message and be redirected to your site’s Web Services.

Building the Chain/Authority Certificate Bundle

The chain certificate will be required to show your site is fully trusted in modern day web browsers. It helps build a full chain of trust and proves the Certificate Authority (CA) that issued your certificate can be trusted. When a device cannot find a trusted issuer for a certificate, the entire chain is broken and will not be trusted until the gap in the chain has been filled.

1. Unzip the attached .zip file you will have received when being issued your certificate to find the files shown below within.

2. Open the SectigoRSADomainValidationSecureServerCA.crt file with your preferred text editor and copy the contents into a separate file.

Once you have done this, open the USERTrustRSAAddTrustCA.crt file and copy the contents and paste DIRECTLY BELOW the copy of the SectigoRSADomainValidationSecureServerCA.crt file you just made in your preferred text editor.

The Sectigo RSA DV Secure Server CA (Intermediate 1) must go above the USERTrust RSA Certification Authority (Intermediate) (Intermediate 2) in order to work as expected.

You should end up with the contents shown below, which you can just copy and paste if this is easier for you:

-----BEGIN CERTIFICATE-----
MIIGEzCCA/ugAwIBAgIQfVtRJrR2uhHbdBYLvFMNpzANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgx
MTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCR0IxGzAZBgNV
BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UE
ChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5TZWN0aWdvIFJTQSBEb21haW4g
VmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA1nMz1tc8INAA0hdFuNY+B6I/x0HuMjDJsGz99J/LEpgPLT+N
TQEMgg8Xf2Iu6bhIefsWg06t1zIlk7cHv7lQP6lMw0Aq6Tn/2YHKHxYyQdqAJrkj
eocgHuP/IJo8lURvh3UGkEC0MpMWCRAIIz7S3YcPb11RFGoKacVPAXJpz9OTTG0E
oKMbgn6xmrntxZ7FN3ifmgg0+1YuWMQJDgZkW7w33PGfKGioVrCSo1yfu4iYCBsk
Haswha6vsC6eep3BwEIc4gLw6uBK0u+QDrTBQBbwb4VCSmT3pDCg/r8uoydajotY
uK3DGReEY+1vVv2Dy2A0xHS+5p3b4eTlygxfFQIDAQABo4IBbjCCAWowHwYDVR0j
BBgwFoAUU3m/WqorSs9UgOHYm8Cd8rIDZsswHQYDVR0OBBYEFI2MXsRUrYrhd+mb
+ZsF4bgBjWHhMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAw
CAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0
LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2Bggr
BgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNv
bS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov
L29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0/H
ukdN+Jx4GQHcEx2Ab/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH
7rM2kYb2OVG/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu/Coa9zcV3HAO4OLGi
H19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE/uWLMUx
RP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLv
xvcRviKFxmZEJCaOEDKNyJOuB56DPi/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38
sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v//cWoaasm56ekBYdbqbe4oyAL
l6lFhd2zi+WJN44pDfwGF/Y4QA5C5BIG+3vzxhFoYt/jmPQT2BVPi7Fp2RBgvGQq
6jG35LWjOhSbJuMLe/0CjraZwTiXWTb2qHSihrZe68Zk6s+go/lunrotEbaGmAhY
LcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5
yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K
00u/I5sUKUErmgQfky3xxzlIPK1aEn8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----


3. Once you have the SectigoRSADomainValidationSecureServerCA.crt file contents bundled on top of the USERTrustRSAAddTrustCA.crt file contents, save the file so you have a copy when you need it.

Installing the Chain/Authority File

Now that you have built the chain/authority file, you just need to install it.

1. Navigate to Domain Settings > Domain Info


2. Click on the domain you’re wishing to install the SSL certificate on.


3. Click the Edit icon in the Web Service field.

4. Click the Edit Icon in the SSL Support field.

5. Various input fields will be displayed:

Install Certificate based on previously generated Certificate request: An SSL certificate can be placed here that has been generated from the CSR acquired during the Install Temporary SSL steps.

Install completely new Certificate key and file pair: Used for installing a renewed SSL. A new SSL can be installed by inputting the Private Server Key and new SSL Certificate in the relevant boxes.

Certificate Chain File: Used to legitimise the SSL signing authority, the Chain File can be built and placed in this section.

Certificate Authority File: Similar to the Certificate Chain, a CA file can be placed in this section to legitimise your SSL to receiving parties.

Certificate Revocation File: In the case of the Private Server key being leaked, a Certificate Revocation List can be placed in this section to ensure any third parties are aware to be distrustful of the site.

6. You will need to paste the chain/authority file you have just created into different fields depending on which operating system your website is hosted on.

Linux: Paste the contents into the Certificate Chain File section.

Windows: Paste the contents into the Certificate Authority File section.

Once you have done so, you will need to click Install for the under the corresponding field to the above specifications as shown below.

You should receive a Information: SSL Config has been updated successfully message once you have done this and be redirected to your site’s Web Services.

You will now be able to test your site’s SSL certificate and connection over HTTPS to ensure it is working as expected.

Was this article helpful to you? 2

Last modified: 03/10/2019