Solved

How do I fix a "certificate error" with my web host?

Posted on 2011-02-16
6
436 Views
Last Modified: 2012-05-11
My web host doesn't seem to be able to explain this to me.  I am a small one-person web design company.

When I go to the WHM cpanel from my home computer - MSIE gives me a "certficate error" indicating that it is not safe to proceed.

What, where, how do I fix this?  

Do I have to pay for a certficate?  I do not accept credit cards and neither do any of my clients.

Thanks.
0
Comment
Question by:aprillougheed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:majidhajali
ID: 34911306
if you are using sharing hosting, you cannot use certificates except your hosting company place a shared certificate for all the users to use that.
so, that certificate may not trusted by your browser.
for solving your problem, open the certificate and select install certificate and place the certificate in trusted root certificate authorities store.
after that, you shouldn't see the error message.
0
 

Author Comment

by:aprillougheed
ID: 34912000
Where do I "open the certificate" ??   Is that something I do for MSIE?  Like under Internet Options/Tools/Content?  

I see a Certificate with my name on it for "Other People" under Content - but I'm unable to select and remove it.

It is indeed expired.

Surely there is some web site tutorial that explains step by step how to solve this issue.

Thanks.
0
 
LVL 4

Assisted Solution

by:majidhajali
majidhajali earned 250 total points
ID: 34913984
To view certificates in the MMC snap-in

   1.

      Open a Command Prompt window.
   2.

      Type mmc and press the ENTER key. Note that to view certificates in the local machine store, you must be in the Administrator role.
   3.

      On the File menu, click Add/Remove Snap In.
   4.

      Click Add.
   5.

      In the Add Standalone Snap-in dialog box, select Certificates.
   6.

      Click Add.
   7.

      In the Certificates snap-in dialog box, select Computer account and click Next. Optionally, you can select My User account or Service account. If you are not an administrator of the computer, you can manage certificates only for your user account.
   8.

      In the Select Computer dialog box, click Finish.
   9.

      In the Add Standalone Snap-in dialog box, click Close.
  10.

      On the Add/Remove Snap-in dialog box, click OK.
  11.

      In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
  12.

      Optional. To view certificates for your account, repeat steps 3 to 6. In step 7, instead of selecting Computer account, click My User account and repeat steps 8 to 10.
  13.

      Optional. On the File menu, click Save or Save As. Save the console file for later reuse.
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 11

Accepted Solution

by:
RedLondon earned 250 total points
ID: 34914931
By default, WHM uses a self-signed certificate to secure connections between your PC and the WHM interface on port 2087 (ie https://servername.domain.com:2087/)

Your PC will alert you to the fact that this signature is untrusted because it is not signed by a trusted authority.  You can tell your PC that you trust that certificate and things will work as normal, but ideally your webhost would purchase a proper certificate instead of using WHM's selfsigned one.  This would need cost them no more than about $20 per year, and would mean that neither you nor anyone else using the WHM or cPanel interface via SSL would see the warnings relating to self-signed and untrusted certificates.  The same certificate can be used for secure connections to POP3, SMTP and IMAP services on the server without any warnings about certificate trustworthiness.

A separate issue, irrespective if the SSL cert in use being a self-signed (ie, untrusted) or a proper (ie Thawte, Geotrust, Godaddy, RapidSSL, Comodo, Verisign) certificate is that each certificate has a valid from and a valid until date.  If you try to connect to a secure connection and the certificate is not valid, you will get a warning to that effect.  This could happen if your PC's clock/calendar is wrong (ie the certificate might be valid until December 2011 but if your PC thinks today is 17 Feb 2012 then it will erroneously warn you that the certificate is invalid).

Since you say that you are getting a warning that the SSL cert has expired, you need your webhost to take action.  At no charge they can get the WHM server to regenerate a new self-signed certificate for each of the cPanel, FTP, POP3, IMAP and SMTP services - this will mean new connections see a valid certificate but they will still warn that the certificate was not issued by a trusted authority (ie, the server made it up itself).  For $9.95 (via http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates.aspx) they can buy a RapidSSL certificate signed by Geotrust which will obviously be valid now (so no expiry date warnings) and since it is signed by a trusted authority, there'd be no untrusted warnings either.

To me, for $9.95pa it's a no brainer.  Irrespective of it being a better solution than a self-signed one, if it saves a host just one support call per year it has paid for itself.  There is no reason why they would not do this.  You cannot do it: the WHM SSL certificate is specific to the server's hostname, not unique to each account on the server, so WHM supports only one certificate.  Only the server administrator can do this.
0
 

Author Comment

by:aprillougheed
ID: 34922530
Wow.  I wish I could award both answers 500 points.  Just super fantastic brillant answers.

Since I can't give you both 500 points  -- I'll have to split it.

Thank you so very very much.
0
 

Author Closing Comment

by:aprillougheed
ID: 34922533
Fantastic job!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question