Solved

How do I fix a "certificate error" with my web host?

Posted on 2011-02-16
6
426 Views
Last Modified: 2012-05-11
My web host doesn't seem to be able to explain this to me.  I am a small one-person web design company.

When I go to the WHM cpanel from my home computer - MSIE gives me a "certficate error" indicating that it is not safe to proceed.

What, where, how do I fix this?  

Do I have to pay for a certficate?  I do not accept credit cards and neither do any of my clients.

Thanks.
0
Comment
Question by:aprillougheed
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:majidhajali
Comment Utility
if you are using sharing hosting, you cannot use certificates except your hosting company place a shared certificate for all the users to use that.
so, that certificate may not trusted by your browser.
for solving your problem, open the certificate and select install certificate and place the certificate in trusted root certificate authorities store.
after that, you shouldn't see the error message.
0
 

Author Comment

by:aprillougheed
Comment Utility
Where do I "open the certificate" ??   Is that something I do for MSIE?  Like under Internet Options/Tools/Content?  

I see a Certificate with my name on it for "Other People" under Content - but I'm unable to select and remove it.

It is indeed expired.

Surely there is some web site tutorial that explains step by step how to solve this issue.

Thanks.
0
 
LVL 4

Assisted Solution

by:majidhajali
majidhajali earned 250 total points
Comment Utility
To view certificates in the MMC snap-in

   1.

      Open a Command Prompt window.
   2.

      Type mmc and press the ENTER key. Note that to view certificates in the local machine store, you must be in the Administrator role.
   3.

      On the File menu, click Add/Remove Snap In.
   4.

      Click Add.
   5.

      In the Add Standalone Snap-in dialog box, select Certificates.
   6.

      Click Add.
   7.

      In the Certificates snap-in dialog box, select Computer account and click Next. Optionally, you can select My User account or Service account. If you are not an administrator of the computer, you can manage certificates only for your user account.
   8.

      In the Select Computer dialog box, click Finish.
   9.

      In the Add Standalone Snap-in dialog box, click Close.
  10.

      On the Add/Remove Snap-in dialog box, click OK.
  11.

      In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
  12.

      Optional. To view certificates for your account, repeat steps 3 to 6. In step 7, instead of selecting Computer account, click My User account and repeat steps 8 to 10.
  13.

      Optional. On the File menu, click Save or Save As. Save the console file for later reuse.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 11

Accepted Solution

by:
RedLondon earned 250 total points
Comment Utility
By default, WHM uses a self-signed certificate to secure connections between your PC and the WHM interface on port 2087 (ie https://servername.domain.com:2087/)

Your PC will alert you to the fact that this signature is untrusted because it is not signed by a trusted authority.  You can tell your PC that you trust that certificate and things will work as normal, but ideally your webhost would purchase a proper certificate instead of using WHM's selfsigned one.  This would need cost them no more than about $20 per year, and would mean that neither you nor anyone else using the WHM or cPanel interface via SSL would see the warnings relating to self-signed and untrusted certificates.  The same certificate can be used for secure connections to POP3, SMTP and IMAP services on the server without any warnings about certificate trustworthiness.

A separate issue, irrespective if the SSL cert in use being a self-signed (ie, untrusted) or a proper (ie Thawte, Geotrust, Godaddy, RapidSSL, Comodo, Verisign) certificate is that each certificate has a valid from and a valid until date.  If you try to connect to a secure connection and the certificate is not valid, you will get a warning to that effect.  This could happen if your PC's clock/calendar is wrong (ie the certificate might be valid until December 2011 but if your PC thinks today is 17 Feb 2012 then it will erroneously warn you that the certificate is invalid).

Since you say that you are getting a warning that the SSL cert has expired, you need your webhost to take action.  At no charge they can get the WHM server to regenerate a new self-signed certificate for each of the cPanel, FTP, POP3, IMAP and SMTP services - this will mean new connections see a valid certificate but they will still warn that the certificate was not issued by a trusted authority (ie, the server made it up itself).  For $9.95 (via http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates.aspx) they can buy a RapidSSL certificate signed by Geotrust which will obviously be valid now (so no expiry date warnings) and since it is signed by a trusted authority, there'd be no untrusted warnings either.

To me, for $9.95pa it's a no brainer.  Irrespective of it being a better solution than a self-signed one, if it saves a host just one support call per year it has paid for itself.  There is no reason why they would not do this.  You cannot do it: the WHM SSL certificate is specific to the server's hostname, not unique to each account on the server, so WHM supports only one certificate.  Only the server administrator can do this.
0
 

Author Comment

by:aprillougheed
Comment Utility
Wow.  I wish I could award both answers 500 points.  Just super fantastic brillant answers.

Since I can't give you both 500 points  -- I'll have to split it.

Thank you so very very much.
0
 

Author Closing Comment

by:aprillougheed
Comment Utility
Fantastic job!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Problem to be resolved in this article Currently, development of website and web application can be done without writing thousands of lines of programming code by hand. Description This can be done through by using a open source framework such …
Accessibility and Usability are two concepts that seem to be closely related.  But, too many people seem to have a distorted perception of them. During last five years, those two words have come to the day-to-day work of almost every web develope…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video teaches users how to migrate an existing Wordpress website to a new domain.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now