How do I fix a "certificate error" with my web host?

Posted on 2011-02-16
Medium Priority
Last Modified: 2012-05-11
My web host doesn't seem to be able to explain this to me.  I am a small one-person web design company.

When I go to the WHM cpanel from my home computer - MSIE gives me a "certficate error" indicating that it is not safe to proceed.

What, where, how do I fix this?  

Do I have to pay for a certficate?  I do not accept credit cards and neither do any of my clients.

Question by:aprillougheed
  • 3
  • 2

Expert Comment

ID: 34911306
if you are using sharing hosting, you cannot use certificates except your hosting company place a shared certificate for all the users to use that.
so, that certificate may not trusted by your browser.
for solving your problem, open the certificate and select install certificate and place the certificate in trusted root certificate authorities store.
after that, you shouldn't see the error message.

Author Comment

ID: 34912000
Where do I "open the certificate" ??   Is that something I do for MSIE?  Like under Internet Options/Tools/Content?  

I see a Certificate with my name on it for "Other People" under Content - but I'm unable to select and remove it.

It is indeed expired.

Surely there is some web site tutorial that explains step by step how to solve this issue.


Assisted Solution

majidhajali earned 1000 total points
ID: 34913984
To view certificates in the MMC snap-in


      Open a Command Prompt window.

      Type mmc and press the ENTER key. Note that to view certificates in the local machine store, you must be in the Administrator role.

      On the File menu, click Add/Remove Snap In.

      Click Add.

      In the Add Standalone Snap-in dialog box, select Certificates.

      Click Add.

      In the Certificates snap-in dialog box, select Computer account and click Next. Optionally, you can select My User account or Service account. If you are not an administrator of the computer, you can manage certificates only for your user account.

      In the Select Computer dialog box, click Finish.

      In the Add Standalone Snap-in dialog box, click Close.

      On the Add/Remove Snap-in dialog box, click OK.

      In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.

      Optional. To view certificates for your account, repeat steps 3 to 6. In step 7, instead of selecting Computer account, click My User account and repeat steps 8 to 10.

      Optional. On the File menu, click Save or Save As. Save the console file for later reuse.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

LVL 11

Accepted Solution

RedLondon earned 1000 total points
ID: 34914931
By default, WHM uses a self-signed certificate to secure connections between your PC and the WHM interface on port 2087 (ie https://servername.domain.com:2087/)

Your PC will alert you to the fact that this signature is untrusted because it is not signed by a trusted authority.  You can tell your PC that you trust that certificate and things will work as normal, but ideally your webhost would purchase a proper certificate instead of using WHM's selfsigned one.  This would need cost them no more than about $20 per year, and would mean that neither you nor anyone else using the WHM or cPanel interface via SSL would see the warnings relating to self-signed and untrusted certificates.  The same certificate can be used for secure connections to POP3, SMTP and IMAP services on the server without any warnings about certificate trustworthiness.

A separate issue, irrespective if the SSL cert in use being a self-signed (ie, untrusted) or a proper (ie Thawte, Geotrust, Godaddy, RapidSSL, Comodo, Verisign) certificate is that each certificate has a valid from and a valid until date.  If you try to connect to a secure connection and the certificate is not valid, you will get a warning to that effect.  This could happen if your PC's clock/calendar is wrong (ie the certificate might be valid until December 2011 but if your PC thinks today is 17 Feb 2012 then it will erroneously warn you that the certificate is invalid).

Since you say that you are getting a warning that the SSL cert has expired, you need your webhost to take action.  At no charge they can get the WHM server to regenerate a new self-signed certificate for each of the cPanel, FTP, POP3, IMAP and SMTP services - this will mean new connections see a valid certificate but they will still warn that the certificate was not issued by a trusted authority (ie, the server made it up itself).  For $9.95 (via http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates.aspx) they can buy a RapidSSL certificate signed by Geotrust which will obviously be valid now (so no expiry date warnings) and since it is signed by a trusted authority, there'd be no untrusted warnings either.

To me, for $9.95pa it's a no brainer.  Irrespective of it being a better solution than a self-signed one, if it saves a host just one support call per year it has paid for itself.  There is no reason why they would not do this.  You cannot do it: the WHM SSL certificate is specific to the server's hostname, not unique to each account on the server, so WHM supports only one certificate.  Only the server administrator can do this.

Author Comment

ID: 34922530
Wow.  I wish I could award both answers 500 points.  Just super fantastic brillant answers.

Since I can't give you both 500 points  -- I'll have to split it.

Thank you so very very much.

Author Closing Comment

ID: 34922533
Fantastic job!

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
AngularJS web development a very simple procedure. So, to put it, in short, AngularJS’ stand out features are – Two-way data binding, MVC structure, directives, templates, dependency injections and testing.
The viewer will learn how to dynamically set the form action using jQuery.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question