Solved

WHM, Cpanel and SSL (Basic Help)

Posted on 2009-07-04
2
773 Views
Last Modified: 2013-11-30
I have a dedicated server running centos/whm with cpanel. I have 10 accounts on a shared ip and then 2 others on seperate dedicated ips (those 2 of which im not worried about).

The shared ip site accounts all have to deal with the "untrusted/unverified site" prompts in regards to their security certificate when accessing email, cpanel etc securely, which is whatever whm/cpanel does by default.

I would like to get a step by step guide as to what I need to do to install a security certificate that will be trusted for the accounts on a shared ip. Please, total noob to this aspect of server stuff so reply accordingly if you could.

I am totally new to ssl and my googling and cpanel forum trawling has only confused me more. Is it not possible to get a certificate that can work for a shared ip server?

I appreciate the assist!
0
Comment
Question by:aiwazz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 24783713
In general terms, it isn't possible to get an SSL certificate that is *guaranteed* to work for more than one domain, when listening on the same IP and same port.

There are routes, but most of these aren't guaranteed to work, require multiple ports, require all the domains to share a common root, or some combination of the above.

Ok, from the top then.

first option is to give each SSL site on the shared IP its own port. So instead of using 443 (the default) you assign 444, 445 etc. The urls then look like

https://<name of host>:<nonstandard port>/

which is a pain to give someone, but of course all the http sites can still share port 80, so provided your https use model doesn't require that users are able to just type https://<name of host>/ and get straight there (but click a link or a bookmark) it works ok. You might also find that some web proxies will not permit connections to other than 443 (anti evasion measure) so some users are going to have issues.

Second option, wildcard certificates.
These are only usable if all the sites share the format https://<name of server>.<your domain>/ so that a certificate of the format *.<your domain> will match on the * for all your sites.

Third option, microsoft style multi-host certificates
These are called Subject Alternative Name (SAN) certificates, and are increasingly supported in modern browsers:
http://www.digicert.com/subject-alternative-name.htm

downside is that they aren't supported in ALL browsers, and in fact some will flag it as a security violation, ignore all but the primary (non SAN) name, or both.

Final option: get separate IPs on your hosting.
This is often cheaper than SAN or wildcard certificates (for which CAs charge a LOT) and some hosting centers bundle the first 5 IPs with the basic package (and are quite reasonable for further allocations) - Certainly the budget provider I use (10ukp/month) gives 5 IPs in the basic vhost package.
0
 

Author Closing Comment

by:aiwazz
ID: 31599823
Very informative and full explanation, i really appreciate it and thank you for taking the time! I may try a wildcard but I see that d ip is the way to go. Cheers!
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question