Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

WHM, Cpanel and SSL (Basic Help)

Posted on 2009-07-04
2
Medium Priority
?
775 Views
Last Modified: 2013-11-30
I have a dedicated server running centos/whm with cpanel. I have 10 accounts on a shared ip and then 2 others on seperate dedicated ips (those 2 of which im not worried about).

The shared ip site accounts all have to deal with the "untrusted/unverified site" prompts in regards to their security certificate when accessing email, cpanel etc securely, which is whatever whm/cpanel does by default.

I would like to get a step by step guide as to what I need to do to install a security certificate that will be trusted for the accounts on a shared ip. Please, total noob to this aspect of server stuff so reply accordingly if you could.

I am totally new to ssl and my googling and cpanel forum trawling has only confused me more. Is it not possible to get a certificate that can work for a shared ip server?

I appreciate the assist!
0
Comment
Question by:aiwazz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 24783713
In general terms, it isn't possible to get an SSL certificate that is *guaranteed* to work for more than one domain, when listening on the same IP and same port.

There are routes, but most of these aren't guaranteed to work, require multiple ports, require all the domains to share a common root, or some combination of the above.

Ok, from the top then.

first option is to give each SSL site on the shared IP its own port. So instead of using 443 (the default) you assign 444, 445 etc. The urls then look like

https://<name of host>:<nonstandard port>/

which is a pain to give someone, but of course all the http sites can still share port 80, so provided your https use model doesn't require that users are able to just type https://<name of host>/ and get straight there (but click a link or a bookmark) it works ok. You might also find that some web proxies will not permit connections to other than 443 (anti evasion measure) so some users are going to have issues.

Second option, wildcard certificates.
These are only usable if all the sites share the format https://<name of server>.<your domain>/ so that a certificate of the format *.<your domain> will match on the * for all your sites.

Third option, microsoft style multi-host certificates
These are called Subject Alternative Name (SAN) certificates, and are increasingly supported in modern browsers:
http://www.digicert.com/subject-alternative-name.htm

downside is that they aren't supported in ALL browsers, and in fact some will flag it as a security violation, ignore all but the primary (non SAN) name, or both.

Final option: get separate IPs on your hosting.
This is often cheaper than SAN or wildcard certificates (for which CAs charge a LOT) and some hosting centers bundle the first 5 IPs with the basic package (and are quite reasonable for further allocations) - Certainly the budget provider I use (10ukp/month) gives 5 IPs in the basic vhost package.
0
 

Author Closing Comment

by:aiwazz
ID: 31599823
Very informative and full explanation, i really appreciate it and thank you for taking the time! I may try a wildcard but I see that d ip is the way to go. Cheers!
0

Featured Post

A new era in Cloud training has arrived.

A day that will go down in Cloud history.. But are you ready for it? Will you accept this Cloud challenge?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question