Solved

WHM, Cpanel and SSL (Basic Help)

Posted on 2009-07-04
2
764 Views
Last Modified: 2013-11-30
I have a dedicated server running centos/whm with cpanel. I have 10 accounts on a shared ip and then 2 others on seperate dedicated ips (those 2 of which im not worried about).

The shared ip site accounts all have to deal with the "untrusted/unverified site" prompts in regards to their security certificate when accessing email, cpanel etc securely, which is whatever whm/cpanel does by default.

I would like to get a step by step guide as to what I need to do to install a security certificate that will be trusted for the accounts on a shared ip. Please, total noob to this aspect of server stuff so reply accordingly if you could.

I am totally new to ssl and my googling and cpanel forum trawling has only confused me more. Is it not possible to get a certificate that can work for a shared ip server?

I appreciate the assist!
0
Comment
Question by:aiwazz
2 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 24783713
In general terms, it isn't possible to get an SSL certificate that is *guaranteed* to work for more than one domain, when listening on the same IP and same port.

There are routes, but most of these aren't guaranteed to work, require multiple ports, require all the domains to share a common root, or some combination of the above.

Ok, from the top then.

first option is to give each SSL site on the shared IP its own port. So instead of using 443 (the default) you assign 444, 445 etc. The urls then look like

https://<name of host>:<nonstandard port>/

which is a pain to give someone, but of course all the http sites can still share port 80, so provided your https use model doesn't require that users are able to just type https://<name of host>/ and get straight there (but click a link or a bookmark) it works ok. You might also find that some web proxies will not permit connections to other than 443 (anti evasion measure) so some users are going to have issues.

Second option, wildcard certificates.
These are only usable if all the sites share the format https://<name of server>.<your domain>/ so that a certificate of the format *.<your domain> will match on the * for all your sites.

Third option, microsoft style multi-host certificates
These are called Subject Alternative Name (SAN) certificates, and are increasingly supported in modern browsers:
http://www.digicert.com/subject-alternative-name.htm

downside is that they aren't supported in ALL browsers, and in fact some will flag it as a security violation, ignore all but the primary (non SAN) name, or both.

Final option: get separate IPs on your hosting.
This is often cheaper than SAN or wildcard certificates (for which CAs charge a LOT) and some hosting centers bundle the first 5 IPs with the basic package (and are quite reasonable for further allocations) - Certainly the budget provider I use (10ukp/month) gives 5 IPs in the basic vhost package.
0
 

Author Closing Comment

by:aiwazz
ID: 31599823
Very informative and full explanation, i really appreciate it and thank you for taking the time! I may try a wildcard but I see that d ip is the way to go. Cheers!
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Auto Smartport macro for Dell and HP laptops 2 54
Hacked File Timestamps 4 49
nexus filter logs 3 28
SQL won't work after disabling SSL3 / TLS1 2 0
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now