How to install an Origin CA certificate in cPanel

Table of Contents

  1. Overview
  2. Generating the Certificate Signing Request (CSR)
  3. Installing the Origin CA Certificate in cPanel
  4. Troubleshooting Errors

 

Overview

This guide will walk you through the steps to install a Cloudflare Origin CA certificate in cPanel.

First we will generate a certificate signing request (CSR) either through cPanel or directly from Cloudflare.com. After submitting the CSR to Cloudflare.com, you will receive your Cloudflare issued Origin CA certificate. Lastly, we will install this certificate in cPanel to enable it for your website.

Cloudflare Origin CA Certificate is only trusted by Cloudflare and therefore should only be used by origin servers that are actively connected to Cloudflare. If at any point you pause or disable Cloudflare, your Origin CA certificate will throw an untrusted certificate error.

Generating the Certificate Signing Request (CSR)

Using cPanel

  1. Log into your cPanel at your hosting provider for your website (usually something like cpanel.<mydomain.com>
  2. HomeSecurity section → click on SSL/TLS
    • Private Keys (KEY) → Click on Generate, view, upload or delete your private keys
      • Creating a new key:
        • Set your Key Size and a Description, then click Generate
      • Upload an existing key:
        • Paste the existing Private Key and set a Description, then click Save
  3. Certificate Signing Request (CSR) → Click on Generate, view, or delete SSL certificate signing requests
    • Select a Key Size
    • Enter your Domain(s) with optional wildcard (ex: *.mydomain.com)
    • Enter the contact information for the certificate: City, State, Country, Company, Company Division (this will show up on the certificate and thus your website)
    • Enter the Email address associated with the CSR
    • Enter a new CSR Passphrase (Cloudflare may use this to confirm your identity later)
    • Enter a Description for the CSR (for your use)
    • Click Generate
  4. Upload your CSR to Cloudflare
    • Log into your Cloudflare Dashboard
    • Select your domain to install the certificate
    • Go to the Crypto tab → Origin Certificates section
    • Click on Create Certificates
    • Select I have my own private key and CSR
    • Paste the generated CSR (from step 2 above)
    • Double check the hostnames (your domains)
    • Set the certificate expiration (when the certificate no longer works)
    • Click Next
    • Select Format (PEM)
    • Copy the generated Origin Certificate (used on Installation Step 3b)
  5. Install the Cloudflare issued Origin CA Certificate

Using Cloudflare Dashboard

  1. Log into Cloudflare.com Dashboard
  2. Select your domain
  3. Go to the Crypto tab → Origin Certificates section
  4. Click on Create Certificates
  5. Select Let Cloudflare generate a private key and CSR
  6. Choose your Private Key Type
  7. Click Next
  8. Copy and upload your Private Key to cPanel (Upload an existing key)
  9. Copy the generated Origin Certificate
  10. Install the Cloudflare issued Origin CA Certificate


Installing the Origin CA Certificate in cPanel

  1. Log into your cPanel at your hosting provider for your website (usually something like cpanel.<mydomain.com>)
  2. HomeSecurity section → click on SSL/TLS
  3. Certificates (CRT) → click Generate, view, upload, or delete SSL certificates
    • Scroll to Upload a New Certificate
    • Paste the Origin Certificate
    • Enter a Description (for your use)
  4. Click Save Certificate
  5. SSL/TLSInstall and Manage SSL for your site (HTTPS) → Click Manage SSL Sites
    • Install an SSL Website → Click Browse Certificates
    • Find the certificate for the domain and click Use Certificate
    • Paste Cloudflare's Root Certificate in the Certificate Authority Bundle: (CABUNDLE) text box.
    • Click Install Certificate
  6. Congratulations the certificate is now installed! You should now be able to browse to your domain using SSL. For example: https://<mydomain.tld> If you encounter any errors please review the troubleshooting section below.

 

Troubleshooting Errors

Error Message Solution
The certificate could not be installed on the domain "example.com". Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “Cloudflare, Inc.” to obtain the Certificate Authority Bundle for "example.com". Paste the Cloudflare Root RSA Certificate text in the CABUNDLE text box during step 5 of installation.

 

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk