- Must use IE.
- Log in to control panel and validate domain name via validations wizard.
- Certificates wizard: Web Server SSL/TLS certificate
- Copy encrypted private key –> ssl.key
- Add one subdomain (www.)
Copy certificate –> ssl.crt
Download root and server CA’s from this page
Go to Toolbox, and decrypt the private key –> myserver.key
Using with nginx
Create myserver.crt by appending the following files; ssl.crt, sub.whatever.cer, root.cer
listen 443 ssl;
ssl on;
ssl_certificate /path/to/myserver.crt;
ssl_certificate /path/to/myserver.key;
Notes
Name-based vhosts work by specifying the Host: parameter in the HTTP request. However, this takes place after the SSL/TLS connection has been negotiated, so the web server has no idea what ssl certificate to use. Hence you can only use one ssl keypair per ip/port. Can get around this by using multiple IP addresses pointing to the same server, or running all SSL sites on different ports.
Check chain order, etc. with ssllabs