Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

New Scripting for SSL/TLS Manager Panel

Robert Lang shared this idea 9 years ago

The current panel has four sub-panels. However, cpanel generates a new key, csr, and self signed cert, no matter which of the first three sub-panels are chosen. This is confusing to several customers of hosting companies.

Request: Script a set of check boxes in each of the four sub-panels (same check boxes and descriptions) whereby a user can simply generate either a key, csr, or self signing cert independent of the other existing parts. i.e. key, csr, crt.

Why Do This? Live Case: A website owner decided they want to change CA's when buying a new EV SSL Cert. This happens for several reasons, mostly price and support. To do this, we must create a new CSR. If you look at many of the CA's (Certificate Authority) on their websites. They give instructions for generating a new CSR.

What they don't tell you is C-Panel by default, is going to create all three parts, key, CSR, and self signing SSL Cert. So if the sub-panel to generate a new CSR is used in C-Panel, the user has no idea they've just create a new key and self-signing ssl cert as well.

What happens next?: The EV SSL Cert is knocked out from the website domain. No more green bar in the url locator bar of their customer's browsers. Now the site is left, "untrusted." No more "Verified By (CA)."

By adding the above independent feature to C-Panel, will allow hosting company's customers to self-generate a new CSR they can use to apply for new EV SSL Cert from a new CA, without affecting or knocking out their current EV SSL Cert.

This issue is affecting dedicated servers, shared servers, and shared hosting accounts everywhere C-Panel is hosted. I've spoken to Senior IT SSL Admins both at GoDaddy and Host Gator. They are only two companies. And both have stated this is a very needed feature, as more EV SSL Certs are sold.

EV SSL Certs are also expensive to acquire, requiring charted accountants, attorneys, and state government agencies through the vetting process. In the near future, EV SSL Certs are going to be required by State Legislators and other country governments, as the default for all companies operating online businesses. This is to further prevent consumer fraud and assign liability for damages.

Further hosting companies cannot keep absorbing tech support costs by having to use shell access and the WHM Panels simply to restore existing EV SSL Certs. As they have to do now, on every occasion of a customer wishing to switch CA's. And believe me, this market of issuing EV SSL Certs is growing. Which is why there are double the CA's there were just five years ago. All due to offline businesses, their attorneys and business advisers insisting on validating their online presence to reflect the reputation and legalities of their same businesses offline.

In conclusion, IT Admins at hosting companies need to be able to thwart increasing requests for restoring current EV SSL Certs, just because they need to generate a CSR for a new CA. Can we please have this coded in as mentioned above. Your customers are asking for this. Notably the two companies I am dealing with their SSL departments. Thank you.

Replies (2)


We redid the SSL Management systems, and user interfaces, for 11.38. The changes are available to the EDGE tier at the moment, if you desire to verify for yourself. I'm requesting verification internally and we'll update this thread once more information is available.


We have revamped the SSL interface again in v58. I'm going to go ahead and mark this as completed. If there's anything else needed either submit a new request, or reach out to me directly!

Replies have been locked on this page!