Browse All Articles > Setting Up a Wildcard SSL on cPanel/WHM
A Wildcard Certificate means all of your sub-domains will resolve to the same location, regardless of the non-SSL Document-Root specification. A user will need to purchase a wildcard SSL from a vendor or a reseller that supplies them.
Similar to having multiple certificates installed on a server, each sub-domain containing the certificate needs its own IP as well. Wildcard SSL’s do not work like Wildcard DNS – you will have to specifically install the certificate on each sub-domain. Following are two methods to set up a Wildcard SSL for a domain.
Multiple Accounts
In a case where you have each sub-domain hosted as a separate cPanel account, and each cPanel account has its own IP address, then follow these steps:
• Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
• There are two ways to change a site’s IP address:
i. Via WHM:
Go to WHM > Change site’s IP Address, select the account, then select the IP
ii. Via Command Line:
/usr/local/cpanel/bin/setsiteip -u $user $ip
When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
• The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain
• Click install to install the certificate
One Account
This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cPanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its sub-domains:
• Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
• These are the steps to assign dedicated IPs to multiple sub-domains on the same acco I. Edit /var/cpanel/userdata/$USER/$SUBDOMAIN.$DOMAIN for each subdomain (for addon/parked domains you’ll usually edit the file for the subdomain associated with the addon/parked domain) and change the IP value to a “dedicated” IP.
II. Run /scripts/rebuildhttpconf
III. Edit the DNS zone for the subdomain (which will likely be attached to the parent domain) and update the a-record to point to that IP as well. Then synchronize the zone out to the DNS cluster, if one exists:
IV. /scripts/dnscluster synczone <parentdomain>
V. Edit /etc/domainips and add an entry for that sudomain to point to the IP and run /scripts/rebuildippool to make sure the
IP is marked as taken.
• When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
• The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain
• Click install to install the certificate
So, you can save your time to manage numerous certificates for sub-domains and even save the money as Wildcard SSL Certificates such as RapidSSL Wildcard SSL or GeoTrust True BusinessID Wildcard will provide security for all your sub-domains with one main domain name.
About the Author:
RapidSSLonline is one of the largest cheap SSL certificate providers and is a Platinum partner for VeriSign, GeoTrust, Thawte and RapidSSL. It provides 24/7 support for any question, anytime. For more information about RapidSSLonline, please see my Profile.
Similar to having multiple certificates installed on a server, each sub-domain containing the certificate needs its own IP as well. Wildcard SSL’s do not work like Wildcard DNS – you will have to specifically install the certificate on each sub-domain. Following are two methods to set up a Wildcard SSL for a domain.
Multiple Accounts
In a case where you have each sub-domain hosted as a separate cPanel account, and each cPanel account has its own IP address, then follow these steps:
• Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
• There are two ways to change a site’s IP address:
i. Via WHM:
Go to WHM > Change site’s IP Address, select the account, then select the IP
ii. Via Command Line:
/usr/local/cpanel/bin/sets
When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
• The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain
• Click install to install the certificate
One Account
This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cPanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its sub-domains:
• Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
• These are the steps to assign dedicated IPs to multiple sub-domains on the same acco I. Edit /var/cpanel/userdata/$USER
II. Run /scripts/rebuildhttpconf
III. Edit the DNS zone for the subdomain (which will likely be attached to the parent domain) and update the a-record to point to that IP as well. Then synchronize the zone out to the DNS cluster, if one exists:
IV. /scripts/dnscluster synczone <parentdomain>
V. Edit /etc/domainips and add an entry for that sudomain to point to the IP and run /scripts/rebuildippool to make sure the
IP is marked as taken.
• When you’ve obtained the certificate, go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
• The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target sub-domain
• Click install to install the certificate
So, you can save your time to manage numerous certificates for sub-domains and even save the money as Wildcard SSL Certificates such as RapidSSL Wildcard SSL or GeoTrust True BusinessID Wildcard will provide security for all your sub-domains with one main domain name.
About the Author:
RapidSSLonline is one of the largest cheap SSL certificate providers and is a Platinum partner for VeriSign, GeoTrust, Thawte and RapidSSL. It provides 24/7 support for any question, anytime. For more information about RapidSSLonline, please see my Profile.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)