How to install an SSL certificate on the Operations Automation (OA) Control Panel website

  1. Linux-based Control Panel server

    1.1 Exclusive IP address

    1.2 Shared IP address

  2. Windows-based Control Panel server

    2.1 Exclusive IP address

    2.2 Shared IP address

Resolution

During the SSL certificate purchase, select the proper webserver type (if asked):

  • Apache + mod_ssl (for Linux-based Control Panel server)
  • Microsoft IIS (for Windows-based Control Panel server)

Let's assume that the OA Control Panel is accessible at http://cp.provider.com. Provided that you already have the SSL certificate and corresponding private key, perform the steps below to install the certificate on the OA Control Panel (CP) website.

The correct actions depend on the web hosting type (Apache or IIS) and the website IP address type (shared or exclusive).

1. Linux-based Control Panel server

First, check which type of IP address the Control Panel website is using in OA (shared or exclusive):

  • Log in to the OA Provider Control Panel.

  • Click the Hosting CP link to log in to the Provider Hosting Control Panel.

  • Find the Control Panel website in the list of the Provider's websites and click on it.

  • Click the Web Hosting Settings link.

  • Find the IP address type in the Basic Settings section:

Basic Settings

If you do not see the IP address type in the OA Control Panel, enable the Show website IP address and type parameter in the Provider Control Panel at System Director > Configuration Manager > System Properties > CCP Layout.

1.1. Control Panel website uses exclusive IP address

Install an SSL certificate using OA Control Panel

  1. In the OA Provider Hosting Control Panel, click on the CP website.

  2. Click the Web Hosting Settings link.

  3. Switch to the SSL tab.

  4. Click the Install certificate button and follow instructions in the wizard.

1.2. Control Panel website uses shared IP address

Install an SSL certificate using the instructions below

  1. Log in to the server where OA Control Panel is working via SSH as root. In this case, it is cp.provider.com.

  2. Create the httpsd.pem file in the home directory and put both the private key and the certificate itself in this file. It will look like:

     -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQC9lYqCdzK1pI8+QJUIzdxRXZkhZxTF00Ez4ZuoUX11mKOc+tD3
 [ PRIVATE KEY PART ]
 IuJmZxxu+BoDsTHkGbvEUlIsIwD3726U32s3E+39q7GT
 -----END RSA PRIVATE KEY-----

 -----BEGIN CERTIFICATE-----
 MIIERzCCAy+gAwIBAgILAQAAAAABFYV2+oMwDQYJKoZIhvcNAQEFBQAwcTELMAkG
 [ CERTIFICATE PART ]
 1hSck70KzDQoNeMLpNnL5vNERJGm9347RxCatepJPEM4gCMn1dCfdxjPuA==
 -----END CERTIFICATE-----

    Note: It should be the real private key and certificate (together in one file).

  3. Create a backup of the currently installed SSL certificate so you can roll back to the old certificate. You can use the following command (that will create the file httpsd.pem.bak-YYYY-MM-DD):

    # cp /usr/local/pem/etc/apache/httpsd.pem /usr/local/pem/etc/apache/httpsd.pem.bak-`date -I`

  4. Copy the httpsd.pem file you created in step 2 to /usr/local/pem/etc/apache/httpsd.pem:

    # cp -f httpsd.pem /usr/local/pem/etc/apache/httpsd.pem

  5. If an intermediate SSL certificate is used, then put its contents into the /usr/local/pem/etc/apache/httpsd.pem_ca file and add the corresponding Apache directive, SSLCACERTIFICATEFILE, into the /usr/local/pem/etc/apache/httpd.conf_pem.override file:

    <IFMODULE mod_ssl.c> SSLCACERTIFICATEFILE /usr/local/pem/etc/apache/httpsd.pem_ca </IFMODULE>

  6. Restart the Apache server:

    # /etc/init.d/pemhttpd restart

  7. Open the URL of the OA Control Panel in the browser (https://cp.provider.com). It should show the new SSL certificate.

2. Windows-based Control Panel server

First, check which type of IP address the Control Panel website is using in OA (shared or exclusive):

  • Log in to the OA Provider Control Panel.

  • Click the Hosting CP link to log in to the Provider Hosting Control Panel.

  • Find the Control Panel website in the list of the Provider's websites and click on it.

  • Switch to the Web tab.

  • Find the IP address type in the Web Hosting section:

Web Hosting

If you do not see the IP address type in the OA Control Panel, enable the Show website IP address and type parameter in the Provider Control Panel at System Director > Configuration Manager > System Properties > CCP Layout.

2.1. Control Panel website uses exclusive IP address

Install an SSL certificate using OA Control Panel

  1. In the OA Provider Hosting Control Panel, click on the CP website.

  2. Click the More Tools > SSL link.

  3. Switch to the SSL tab.

  4. Click the Install Certificate and Enable SSL button and follow the instructions in the wizard.

2.2. Control Panel website uses shared IP address

Install an SSL certificate using native Windows tools

  1. Import the SSL certificate into the computer account using the Certificates MMC snap-in. Convert the certificate into PFX format before importing (if needed).

  2. Use IIS Manager to configure SSL binding for the Control Panel website in IIS and assign the SSL certificate imported on the previous step.

Find more details about installing certificates in IIS in the following article: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

Internal content