The Default SSL/TLS Key Type setting in WHM allows you to choose the type of cryptographic key that cPanel generates when it creates self-signed SSL/TLS certificates. This setting affects the default key algorithm used across the server for AutoSSL and other certificate operations.

Important: This setting has been removed from WHM starting with cPanel version 110 and later. Modern versions of cPanel automatically use the most secure and appropriate key type. If you are running an older version (108 or earlier), follow the steps below. If you are on version 110+, this setting is no longer available and ECDSA keys are used by default.

Step 1: Log in to WHM

Open your browser and navigate to https://your-server-ip:2087. Enter your root credentials to log in.

Step 2: Open Tweak Settings

In the left-hand sidebar or search bar, navigate to Home » Server Configuration » Tweak Settings.

Step 3: Find the Setting

Click on the Security tab at the top of the Tweak Settings page. Use the search/filter box to look for Default SSL/TLS Key Type.

Step 4: Choose the Key Type

Select from the available options:

  • RSA — The traditional key type. RSA keys are widely compatible but require a larger key size (2048 or 4096 bits) for equivalent security.
  • ECDSA — Elliptic Curve keys. They provide equivalent security to RSA with much smaller key sizes, resulting in faster handshakes and less overhead. ECDSA is the modern standard and is recommended.

Step 5: Save

Click Save at the bottom of the page to apply the change.

Important Notes

  • On WHM version 110 and later, this setting no longer exists. The system defaults to ECDSA keys.
  • Changing this setting only affects newly generated certificates. Existing certificates will continue to use their current key type until they are renewed or reissued.
  • AutoSSL and Let's Encrypt certificates issued through cPanel will use the selected key type going forward.
  • ECDSA keys are generally preferred for modern servers due to better performance and smaller certificate sizes.

Troubleshooting

  • Cannot find the setting: If you are on cPanel version 110 or later, this setting has been removed. The system uses ECDSA by default.
  • Want to verify your current key type: Use the Manage SSL Hosts interface in WHM (Home » SSL/TLS » Manage SSL Hosts) to inspect existing certificates and their key types.

For more information, see the official cPanel documentation: Tweak Settings.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...