Finding and Installing Your SSL Certificate

After your SSL certificate has been issued by the Certificate Authority (CA), you need to download it and install it on your web server. This guide walks through the general process of finding your certificate and installing it on common server platforms.

Finding Your SSL Certificate

From Your SSL Provider’s Dashboard

Log in to your account with the provider where you purchased the SSL certificate.
Navigate to your products or SSL certificates section.
Click on the SSL certificate you need.
Look for an option like “Show Certificates”, “Download”, or “View Certificate”.
Copy or download the Server Certificate text.

Important: Copy everything, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

Certificate Files You May Need

Depending on your server, you may need:

File	Description
Server Certificate	Your domain’s SSL certificate
Private Key (.key)	Generated when you created your CSR
CA Bundle / Intermediate Certificates	Chain of trust certificates from the CA
Root Certificate	The CA’s root certificate (sometimes included in the CA bundle)

Installing on Apache

Upload your certificate files to the server (commonly to /etc/ssl/ or /etc/apache2/ssl/).

Edit your Apache virtual host configuration file:

<VirtualHost *:443>
    ServerName yourdomain.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/ssl/yourdomain.crt
    SSLCertificateKeyFile /etc/ssl/yourdomain.key
    SSLCertificateChainFile /etc/ssl/ca-bundle.crt
</VirtualHost>

Test the configuration:
```
apachectl configtest
```
Restart Apache:
```
sudo systemctl restart apache2
```

Installing on Nginx

Combine your server certificate and CA bundle into one file:

cat yourdomain.crt ca-bundle.crt > yourdomain-combined.crt

Edit your Nginx server block configuration:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/ssl/yourdomain-combined.crt;
    ssl_certificate_key /etc/ssl/yourdomain.key;

    # Recommended SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
}

Test the configuration:
```
nginx -t
```
Reload Nginx:
```
sudo systemctl reload nginx
```

Installing on cPanel

Log in to cPanel.
Navigate to Security → SSL/TLS.
Click Manage SSL sites under “Install and Manage SSL for your site (HTTPS).”
Select the domain from the dropdown.
Paste your Certificate (CRT) in the Certificate field.
Paste your Private Key in the Private Key field.
Paste the CA Bundle in the Certificate Authority Bundle field.
Click Install Certificate.

Installing on Plesk

Log in to Plesk.
Go to Websites & Domains and select your domain.
Click SSL/TLS Certificates.
Click Add SSL/TLS Certificate.
Upload or paste your certificate, private key, and CA certificate.
Click Upload Certificate.
Go back to Hosting Settings for the domain and select the new certificate.

Verifying Your Installation

After installation, verify that the SSL certificate is working correctly:

Visit your website using https:// and check for the padlock icon.
Use an online checker like SSL Labs Server Test to perform a thorough analysis.
Verify the certificate chain is complete and trusted.

Troubleshooting

Certificate chain incomplete: Ensure you have installed the intermediate/CA bundle certificates.
Private key mismatch: The private key must be the one generated alongside the CSR used to issue the certificate.
Browser shows “Not Secure”: Check for mixed content issues — resources loaded over HTTP on an HTTPS page.

Notes

SSL certificates are typically issued in PEM format (Base64 encoded text). If your server requires a different format (e.g., PFX/PKCS#12), you can convert using OpenSSL:
```
openssl pkcs12 -export -out yourdomain.pfx -inkey yourdomain.key -in yourdomain.crt -certfile ca-bundle.crt
```
Always keep a secure backup of your private key and certificate files.