How To Install an SSL Certificate On Your Prosper202 Server

by Mike Chiasson on January 4, 2013 · 13 comments

On the Aff Playbook forum we get asked all the time about pixel placements and people being told they need an SSL certificate installed on their server. These aren’t always the easier questions because they do require a little bit of knowledge on the back end of your web servers. However, with the rise of Virtual Private Server (VPS) becoming more prevalent to the internet marketing community, and cPanel seeming to be the preferred software to manage your VPS, it has gotten significantly easier for the average user to do install their own SSL cert.

In this follow along I go through the actual process of requesting, purchasing, and installing an SSL. The entire process took me approximately 5-7 minutes to do on an actual live install I created.

But first, some general rules about this post.

  • This post references Prosper202 (a tracking software) for its primary purpose, but in reality this guide works for the server itself. This means the SSL will work for P202 or anything else on the specific server.
  • This post contains a bit of tech info in it. Sorry if its over your head, trying to make it as easy to follow as possible.
  • Please don’t confuse having an SSL as meaning your site is completely ‘Secure’. It helps, but its not the end all solution.
  • I wrote this post using the server management software cPanel, but its a very similar process on any server management software.

Prerequisites

No matter what kind of server you are using, you need to have a static IP address (IP) assigned to ONLY the domain you want to install the SSL cert on. You can configure your host to have multiple IPs on the same server hosting many sites, but you need to make sure your desired site is configured to be the only site/account on a specific IP address.

I recommend as stated to have a great VPS. I currently use Beyond Hosting for most of my VPS needs. Feel free to check them out.

Not sure why you need an SSL cert? Check our Why You Need an SSL Cert.

Step 1

Login to your cPanel administration page.

Step 2

In the top left box in the cPanel homepage that says ‘Find’ type in ‘SSL‘ and you should see the ‘SSL/TLS Manager’ option appear to the right.

Step 3

Here is where you will do the majority of tasks needed.

SSL Main Options

SSL Main Options

You will need to use 4 of the options above to get things setup properly. First click on the ‘Private Keys (KEY)‘ option. We want to go generate a new key.

Choose your domain from the drop down and click generate.

Choose your domain from the drop down and click generate.

After you generate the Private Key, you need to go back to the main SSL area and choose to Generate a Certificate Signing Request (CSR). On this page you will fill out the fields with your information. This information will be freely viewable on your public SSL so don’t put anything you wouldn’t want to be shared out there.

Certificate Signing Request (CSR)

Certificate Signing Request (CSR)

After you fill out this form you will click ‘Generate’. You will then come to a page that shows your CSR in all its unreadable glory. Keep this page open or save this info somewhere you will need it in a few minutes.

CSR Generated

CSR Generated

Step 4

Next you need to acquire an SSL Cert from a 3rd party. These are the people who basically tell other people’s web browser “yes this site is authentic by Mike, blah blah blah”. You can get these from numerous people and although many people will argue that certain certifiers are different there are only a few basic things you need to understand. Each 3rd party certifying authority (CA) is basically the same. So whether you got a $10 SSL from GoDaddy or a $300 one from VeriSign, they do pretty much the same thing. You can think of this like buying a store brand of aspirin as opposed to buying the name brand Tylenol. The main difference is that certain CA’s have been around longer and therefore are understood to be a valid 3rd party on older devices. So if someone is using a computer from like 1995, and never updated their browser, their browser might not believe your HTTPS SSL Cert is valid. Needless to say, most people could care less about this.

I recommend people go with GoDaddy for SSL Certs. In the example below you will see I am actually renewing the one I am using in today’s write up, but the process of making a new one is the same. GoDaddy wants to charge you like $50 for an SSL Cert which is a rip off, so let me show you this little trick. Just go to Google and search for “GoDaddy SSL” and you will see a sponsored listing to get one for $12.99 as opposed to the $50-$60 normal price. Or you can just click this special link, http://www.godaddy.com/compare/gdcompare3_ssl.aspx.

Go Daddy SSL

Go Daddy SSL (be sure to drop down for just one year)

 

Checkout On The Next Page

Checkout On The Next Page

Now, as much as I love using GoDaddy because of their pricing, their interface is kind of confusing. So lets walk through this.

GoDaddy Services

GoDaddy Services

You want to go to your GoDaddy Services and select SSL Certificates. You will now see an option to ‘Setup’ the new Turbo SSL you just purchases. After you do that you will then have to come back to this page and choose to launch the control panel.

GoDaddy SSL Credits

GoDaddy SSL Credits

When you get here, you are going to choose ‘Credits’ on the left hand side. It will most likely say ’0′ because GoDaddy wants to torture us. You have to manually click the Update List.

GoDaddy SSL Credits

GoDaddy SSL Credits

You will now have a valid Credit and can choose the ‘Request Certificate’ option.

Now GoDaddy will prompt you to complete a few steps here. On the first screen you are going to choose “Third Party” and then you will paste in the CSR that you generated earlier (that really long bunch of random text).

GoDaddy CSR Entry

GoDaddy CSR Entry

Next GoDaddy is looking for a Domain Verification. This is to prove to them you own the actual site (some Certificate Authorities require multiple levels of identification, phone calls, etc. GoDaddy is simple and quick though). I just picked email authentication and they will send an email to whomever is on the domain registration email list. Alternatively you could choose to upload FTP files, etc.

GoDaddy Domain Verification

GoDaddy Domain Verification

After you verify your domain. You are just about done with GoDaddy. You just need to go back into the SSL Management and open the SSL Cert and choose to download it. When you download it, you can just choose cPanel from the drop down list. It will download as a zip file. Extract the zip file somewhere and there should be two “.crt” files in there, one called ‘gd_bundle.crt’ and the other will be ‘yourdomain.crt’.

SSL Download

SSL Download

SSL Download

SSL Download

SSL Files

SSL Files

We are now done with GoDaddy. See you in a year when we need you again GoDaddy!

Step 5

Ok now back to our cPanel area. We want to be back on the main SSL screen from step 3 again. This time we want to choose to generate ‘Certificates CRT’. We are going to see a screen like below and we will just upload the file that we downloaded from GoDaddy. You shouldn’t need the ‘gd_bundle.crt’ on your modern server, so just use the one ‘yourdomain.crt’. Below the text entry box you can select to upload a file, click that button and browse to where you downloaded it. Then choose upload.

SSL Cert Install

SSL Cert Install

Great so once that’s done return to the main SSL page and choose ‘Activate SSL On Your Website‘. Once here you are just going to select your domain from the drop down, and it will fetch the rest of the information. Then click ‘Install Certificate’ at the bottom of the screen.

*In the event your CA Bundle (CABUNDLE) field doesn’t load properly on this page, that means you will have to paste your ‘gd_bundle.crt’ there. Just open that file in a text editor and paste in there if it shows up blank.

Final Step Install SSL

Final Step Install SSL

Boom, you are done!

Now you have the option to browse to both HTTP and HTTPS versions of your site. Notice this prosper install loaded in all its https glory!

Prosper202 with Valid SSL

Prosper202 with Valid SSL

Forcing Prosper202 to Have You Login With SSL

Someone in the comments asked how to do this, I was going to cover it in another post but we’ll just add it onto here.

There are a few ways to do this, the easiest is to edit your .htaccess file in the root of your P202 installation and add the following lines there.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} 202-login.php
RewriteRule ^(.*)$ https://www.yourserverhere.com/$1 [R,L]

Just replace the ‘yourserverhere’ part with your actual URL and it will now force you to login securely going forward. ENJOY!

About the author

Mike Chiasson Mike Chiasson is the Director of IT for a publicly traded company by day and an Internet Marketer by night. He absolutely hates the words 'serial entrepreneur' but loves discussions about business. You can follow him on Twitter.

{ 13 comments… read them below or add one }

Affiliate Manager January 4, 2013 at 11:33 am

This will also be handy for Facebook App developers because you’re now required to have SSL for that as well. Thanks Mike!

Reply

Mike Chiasson January 4, 2013 at 11:54 am

Haha this is why all my FB web apps(aka tabs) are hosted on one of my Prosper domains lol.

Reply

Crying January 4, 2013 at 4:28 pm

You forgot the most important part of all this. What to change in Prosper code to make everything work. I mean where exactly should we change http to https and where not.

Reply

Mike Chiasson January 4, 2013 at 7:14 pm

You really have a few options, you could simply visit https://yourprosperdomain.com instead of using the http:// version and it will log you in using SSL. When gernating your pixels there is a button to say you want your SSL one (all that does is put the ‘S’ on the end, which is fine).

Alternatively you could write in some rules into your .htaccess file to force a redirect to the SSL version. I just added this tidbit to the article for yah :)

Reply

Garrett January 4, 2013 at 10:47 pm

Your landing page needs to be https too, right? I believe if you try to load any https javascript pixels from a lander on without https, it will pop up a box asking if you trust it.

Reply

Mike Chiasson January 4, 2013 at 11:32 pm

Your lander doesn’t need to be https in many cases but it can help as stated in my other article. You can go from http link to an https site without a problem, you only get issues when tryin to load http content into an https site (ie: hot linking and image or pixel from somewhere else).

Reply

Garrett January 7, 2013 at 10:53 pm

Got it.. thanks!

Reply

Crying February 11, 2013 at 8:00 pm

It looks like you never did it yourself or worked with it after this.
You missed so many things to do.
There are more than 20 files where all ‘http’ must be changed to ‘https’.
There was some good instruction years ago.

Reply

BigGenius March 25, 2013 at 6:26 am

How can i edit the filed in P202 which says get postback url , it says “http” there.

Reply

Mike Chiasson March 25, 2013 at 7:57 am

You can manually edit that as you place it onto a network’s postback setup or you can check the radio button above that says ‘HTTPS’ and it will automatically add the ‘s’ onto the end of the ‘http’.

Reply

Wei September 27, 2013 at 8:07 pm

I cannot find through your link the the discount for Godaddy SSL certificate at $12.99. Could you help me to find one?

Reply

Jan Orsula April 1, 2014 at 2:03 pm

Hi Mike. Thanks for your time and effort. Very interesting article on prosper202.
It would be a great if you can explain me how to make an Authorization pop-up instead of standard 202-login.php page.

Reply

Mike Chiasson April 1, 2014 at 2:13 pm

Hi Jan, I don’t do that myself so I can’t help you there. In the example I gave I actually have that configured with a simple .htaccess password for a little bit of added protection.

Reply

Leave a Comment

Previous post:

Next post: