SSL Installation of Self-Signed Certificate | Bluehost Support
  1. bluehost knowledge base

SSL Installation of Self-Signed Certificate

Before you can use a Private SSL Self-Signed Certificate with your Bluehost hosted domain, we require your account to have a dedicated IP address. You can add a dedicated IP address to your hosting service from the Addons section of your Control Panel.



Accessing the SSL/TLS Manager tool

  1. Log into your Bluehost control panel.
  2. Open the SSL/TLS Manager tool, located in the Security section of the cPanel.

Generate a Private Keys (KEY)

  1. Click on Generate, view, upload, or delete your private keys.
  2. Under the Generate a New Private Key section, select the desired domain from the drop-down list and select Key Size 2048 or 1024
  3. Press the Generate button
  4. Your private key will be displayed. Click Return to SSL Manager

Generate a Certificate Signing Requests (CSR)

  1. Back on the SSL Manager page, click Generate, view, or delete SSL certificate signing requests.
  2. Host: Choose your Main Domain Name
  3. Country: Enter the 2-digit code for the country in which you reside.
  4. State: Enter your State or Locality (Do not abbreviate).
  5. City: Enter the City (Do not abbreviate).
  6. Company: Enter your Company Name.
  7. Company Division: (Optional) You may use this to distinguish between departments.
  8. Email: Enter the address to which the certificate should be sent to.
  9. Passphrase: Enter a phrase to use for the passphrase (password).

    What is a passphrase?

    A passphrase is a word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually, it's just the secret encryption/decryption key used for Ciphers. Usually, we do not set up this protection on SSL certificates.

    How to create a passphrase?

    The passphrase can be set up during the CSR (Certificate Signing Request) generation. If a customer purchases/installs a FREE SSL, then the CSR will be automatically generated without a passphrase.

    Is the passphrase optional or mandatory?

    A passphrase is optional, and without it, SSL can still be imported on SiteLock.

    If we protect the private key with a passphrase, then Apache Webserver is unable to use it unless we supply Apache with the passphrase each time it restarts or reboots. And since keeping that passphrase stored in the filesystem would defeat the point of the passphrase, that means having some sort of method to pass the passphrase to Apache from externally each time it restarts or reboots.

    If the private key is not encrypted, then its protection comes from the fact that only the superuser can read it and therefore relies heavily on the integrity of the system and its highly protected, and chances of comptonization are significantly less.

  10. Press the Generate button.
  11. If you have entered valid information, you will be shown your CSR. (if it looks blank, click back and correct any information)

Add your Certificate (CRT)

  1. Return to the SSL manager and click Generate, view, upload, or delete SSL certificates
  2. Either paste your SSL Cert in the box or click the Upload button to upload the CRT file.
  3. Click the Generate button.
  4. Once you have generated the self-signed SSL, please return to the SSL Manager page, and select Manage SSL Sites.
  5. From here, scroll to the bottom, and you will find a section to install your SSLs.
  6. If you have already created the certificate, you can select the domain or subdomain you want to install, and it will present an Autofill by Domain option.

Note: The KEY, as well as the CRT, will be required when we install your certificate on the server. It is recommended to keep a backup copy of each of these as they may be used for this particular domain name with any host.

If you need further assistance, feel free to contact us via Chat or Phone:

  • Chat Support - From our home page, click the Contact option in the top right-hand corner, then click Chat Now.
  • Phone Support -
    • US: 888-401-4678
    • International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.