Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How do I fix a "certificate error" with my web host?

Posted on 2011-02-16
6
432 Views
Last Modified: 2012-05-11
My web host doesn't seem to be able to explain this to me.  I am a small one-person web design company.

When I go to the WHM cpanel from my home computer - MSIE gives me a "certficate error" indicating that it is not safe to proceed.

What, where, how do I fix this?  

Do I have to pay for a certficate?  I do not accept credit cards and neither do any of my clients.

Thanks.
0
Comment
Question by:aprillougheed
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:majidhajali
ID: 34911306
if you are using sharing hosting, you cannot use certificates except your hosting company place a shared certificate for all the users to use that.
so, that certificate may not trusted by your browser.
for solving your problem, open the certificate and select install certificate and place the certificate in trusted root certificate authorities store.
after that, you shouldn't see the error message.
0
 

Author Comment

by:aprillougheed
ID: 34912000
Where do I "open the certificate" ??   Is that something I do for MSIE?  Like under Internet Options/Tools/Content?  

I see a Certificate with my name on it for "Other People" under Content - but I'm unable to select and remove it.

It is indeed expired.

Surely there is some web site tutorial that explains step by step how to solve this issue.

Thanks.
0
 
LVL 4

Assisted Solution

by:majidhajali
majidhajali earned 250 total points
ID: 34913984
To view certificates in the MMC snap-in

   1.

      Open a Command Prompt window.
   2.

      Type mmc and press the ENTER key. Note that to view certificates in the local machine store, you must be in the Administrator role.
   3.

      On the File menu, click Add/Remove Snap In.
   4.

      Click Add.
   5.

      In the Add Standalone Snap-in dialog box, select Certificates.
   6.

      Click Add.
   7.

      In the Certificates snap-in dialog box, select Computer account and click Next. Optionally, you can select My User account or Service account. If you are not an administrator of the computer, you can manage certificates only for your user account.
   8.

      In the Select Computer dialog box, click Finish.
   9.

      In the Add Standalone Snap-in dialog box, click Close.
  10.

      On the Add/Remove Snap-in dialog box, click OK.
  11.

      In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
  12.

      Optional. To view certificates for your account, repeat steps 3 to 6. In step 7, instead of selecting Computer account, click My User account and repeat steps 8 to 10.
  13.

      Optional. On the File menu, click Save or Save As. Save the console file for later reuse.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 11

Accepted Solution

by:
RedLondon earned 250 total points
ID: 34914931
By default, WHM uses a self-signed certificate to secure connections between your PC and the WHM interface on port 2087 (ie https://servername.domain.com:2087/)

Your PC will alert you to the fact that this signature is untrusted because it is not signed by a trusted authority.  You can tell your PC that you trust that certificate and things will work as normal, but ideally your webhost would purchase a proper certificate instead of using WHM's selfsigned one.  This would need cost them no more than about $20 per year, and would mean that neither you nor anyone else using the WHM or cPanel interface via SSL would see the warnings relating to self-signed and untrusted certificates.  The same certificate can be used for secure connections to POP3, SMTP and IMAP services on the server without any warnings about certificate trustworthiness.

A separate issue, irrespective if the SSL cert in use being a self-signed (ie, untrusted) or a proper (ie Thawte, Geotrust, Godaddy, RapidSSL, Comodo, Verisign) certificate is that each certificate has a valid from and a valid until date.  If you try to connect to a secure connection and the certificate is not valid, you will get a warning to that effect.  This could happen if your PC's clock/calendar is wrong (ie the certificate might be valid until December 2011 but if your PC thinks today is 17 Feb 2012 then it will erroneously warn you that the certificate is invalid).

Since you say that you are getting a warning that the SSL cert has expired, you need your webhost to take action.  At no charge they can get the WHM server to regenerate a new self-signed certificate for each of the cPanel, FTP, POP3, IMAP and SMTP services - this will mean new connections see a valid certificate but they will still warn that the certificate was not issued by a trusted authority (ie, the server made it up itself).  For $9.95 (via http://www.namecheap.com/ssl-certificates/geotrust-ssl-certificates.aspx) they can buy a RapidSSL certificate signed by Geotrust which will obviously be valid now (so no expiry date warnings) and since it is signed by a trusted authority, there'd be no untrusted warnings either.

To me, for $9.95pa it's a no brainer.  Irrespective of it being a better solution than a self-signed one, if it saves a host just one support call per year it has paid for itself.  There is no reason why they would not do this.  You cannot do it: the WHM SSL certificate is specific to the server's hostname, not unique to each account on the server, so WHM supports only one certificate.  Only the server administrator can do this.
0
 

Author Comment

by:aprillougheed
ID: 34922530
Wow.  I wish I could award both answers 500 points.  Just super fantastic brillant answers.

Since I can't give you both 500 points  -- I'll have to split it.

Thank you so very very much.
0
 

Author Closing Comment

by:aprillougheed
ID: 34922533
Fantastic job!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about why website design really matters in today's demanding market.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question