This guide shows you how to install an SSL certificate on H-Sphere, the multi-server hosting control panel originally developed by Positive Software and later acquired by Parallels. It walks through the SSL panel in the H-Sphere control panel where you paste the issued certificate and intermediate chain, and the points where each H-Sphere version labels the same fields differently.
A note on H-Sphere status
Before you start: H-Sphere is end-of-life. Parallels (now Plesk International / WebPros) stopped active development around 2013 and never shipped a modern TLS or PHP refresh. If you are setting up a new hosting environment, use Plesk, the actively maintained control panel from the same vendor lineage that succeeded H-Sphere, or cPanel. Legacy H-Sphere installations still work, and the SSL workflow below still installs valid commercial certificates on the sites they host, but the panel itself should be considered unsupported software you are maintaining until you can migrate.
Generate a CSR code on H-Sphere
If you already generated your CSR and received the issued certificate from your CA, skip ahead to the installation section.
Every commercial SSL/TLS certificate starts with a CSR (Certificate Signing Request), a block of encoded text that carries your domain and contact details and is paired with a private key. You have two options:
- Generate the CSR automatically with our CSR Generator. The CSR and its private key are created in your browser, so save the key somewhere safe: you will need it later, because H-Sphere expects you to upload the same key that was paired with the CSR.
- Generate the CSR on the H-Sphere panel itself by following our tutorial on how to generate a CSR on H-Sphere. The private key stays inside the panel.
Open the CSR with any text editor (for example Notepad), copy the entire block (including the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines), and paste it into the order form. If you want to confirm the CSR before submitting it, run it through our CSR Decoder.
Install an SSL certificate on H-Sphere
After the Certificate Authority issues your certificate, you will receive an archive by email. Download and extract it on the machine you use to manage H-Sphere. You will need two pieces of text to paste into the panel:
- The primary server certificate issued for your domain (the .crt file).
- The CA bundle that contains the intermediate (and root) certificates (the .ca-bundle file). H-Sphere accepts this as a single block of stacked PEM certificates.
If you generated the CSR with our CSR Generator rather than inside H-Sphere, you will also need the private .key file you saved at that step, because the panel will ask for the matching key. If you generated the CSR inside H-Sphere, the key already lives on the server and you do not paste it again.
Open each file in a plain text editor so you can copy its contents in the next steps. Make sure you include the BEGIN CERTIFICATE and END CERTIFICATE markers; missing them is a common reason H-Sphere rejects the input.
Step 1: Log in to the H-Sphere control panel
Sign in to your H-Sphere control panel as the user that owns the domain you want to secure. The SSL controls are configured per domain, under that domain’s settings in the panel.
Step 2: Open the SSL settings for your domain
Open the domain you want to secure, locate the SSL row, and click Edit. The SSL configuration page opens with the fields where you paste the issued certificate and the chain.
Step 3: Paste the primary certificate
Find the section labelled Install Certificate based on previously generated Certificate request and paste the contents of your primary .crt file into the certificate box. Include the BEGIN CERTIFICATE and END CERTIFICATE markers on their own lines, with no extra blank lines or characters around the block.
Step 4: Paste the certificate chain
In the box labelled Certificate Chain File, paste the contents of your .ca-bundle file. Some H-Sphere builds label this field Certificate Authority File; both refer to the same intermediate (and root) chain. The chain is what lets browsers and mobile clients build a complete trust path back to a root CA; omit it and your site will work in a desktop browser but fail in many mobile apps and API clients.
Step 5: Upload and apply
Click Upload (some H-Sphere versions show Install or Submit). The panel writes the certificate and chain into the domain’s configuration and reloads the front-end web server. Your site is now reachable over HTTPS on port 443.
Replacing the certificate on the H-Sphere control panel itself
The control panel listens on its own hostname and uses a self-signed certificate by default, which is why browsers warn when you log in. To present a trusted certificate on the panel hostname, log in to the H-Sphere server over SSH as root and replace the certificate and key files used by the front-end web server that fronts the panel (commonly under /hsphere/local/config/httpd/ssl.crt/ and /hsphere/local/config/httpd/ssl.key/; the exact paths vary by H-Sphere build and Linux distribution, so confirm them against your install). Place the panel certificate and matching key in those files, append the intermediate chain to the bottom of the certificate file so the full chain is served, then restart the front-end web server. Browse to the panel hostname and confirm the padlock.
Test the SSL installation
After uploading, open your site over https:// and check the padlock. For a deeper check that also confirms the intermediate chain and protocol support, run the domain through our SSL Checker. If the report flags a missing intermediate, go back to the SSL page in H-Sphere, paste the full CA bundle into the Certificate Chain File field, and upload again.
Frequently Asked Questions
No. Parallels stopped active development of H-Sphere around 2013, and the product never received a modern security refresh after that. Existing installs still work and the SSL workflow above still installs valid commercial certificates on the sites the panel hosts, but H-Sphere itself is unsupported software. For new servers, use Plesk (the actively maintained successor from the same vendor lineage) or cPanel.
Different H-Sphere builds use slightly different labels for the same field. Both Certificate Chain File and Certificate Authority File refer to the intermediate (and root) certificates issued by your CA, delivered as a .ca-bundle file. Paste the full bundle in either case.
Only if the CSR was generated outside the panel. When you generate the CSR inside H-Sphere, the private key is stored on the server and the panel pairs it with the certificate automatically. When you use our CSR Generator or another external tool, the key is created with the CSR and you have to provide it to the panel along with the certificate; keep that key file safe, because a certificate without its matching key cannot serve HTTPS.
Per-domain certificates are written under the H-Sphere user’s web configuration, typically inside /hsphere/local/home/<user>/<domain>/ and the front-end web server’s SSL directories (the exact layout depends on your H-Sphere build and the Linux distribution it runs on). The control panel’s own certificate lives with the front-end web server that fronts the panel hostname, under /hsphere/local/config/httpd/ on most installations.
The most common cause is leaving the Certificate Chain File field blank, or pasting the CA bundle without the BEGIN CERTIFICATE and END CERTIFICATE markers. Open the domain in H-Sphere again, paste the full .ca-bundle contents into that field, upload, then re-run our SSL Checker.
Yes, when you can. Because H-Sphere is no longer developed, it does not receive security patches for the panel itself or its bundled stack, and modern TLS hardening (current cipher suites, OCSP stapling, HTTP/2, HSTS) is harder to keep in line. Plesk is the actively maintained control panel from the same vendor lineage and is the most direct migration target; cPanel is the other widely deployed option. Both handle SSL certificate installation through a clearer interface and support automated Let’s Encrypt issuance and renewal out of the box.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


