Valid SSL for Cpanel / WHM

[atechstl]

I recently enabled a SSL connection for Cpanel, WHM and webmail. Although I see it is an invalid cert. I am assuming I can just buy a cheap cert for my server. ex. "myserver.mydomain.com" install it and it will fix this problem.

Any suggestions?

[Pawel Kowalski]

If you will only be connecting to this from one computer you can actually install the invalid certificate in your cert store assuming the cert you are using is properly configured. If the only error on the certificate you are getting is that its not from a trusted source in IE click on the certificate error, click view certificate, and then click install certificate. This will encrypt all communications between you and the server and if you ever face a man in the middle attack you will get warned.

And on edit: If you want to be really safe before you install the certificate make sure no trusted web sites are giving you certificate errors (such as https://www.bankofamerica.com), this way you know your network is not compromised and someone is fetching you a fake certificate.

[atechstl]

I am wanting to setup a secure connection for all clients so they don't send all their login info via clear text.

[Pawel Kowalski]

In that case you will want to get a trusted certificate. I never installed one using WHM so maybe someone else can help you out, good luck.

[atechstl]

I am also assuming that I need to redirect all my websites to a different IP address other then the server.

[Pawel Kowalski]

I dont see why you would have to do that as long as the name on the cert matches your hostname.

[atechstl]

A SSL requirement is that it must have a dedicated IP address. Please correct me if I'm wrong though.

[Pawel Kowalski]

The only reason you would need a different IP is if you already have an SSL site on that IP. The reason for this is that you need to have port 443 dedicated for each SSL web site (if you want to avoid having to specify a port in the domain). But if you have no other sites on that IP that use SSL you do not need to change the IP of your web site. Since your VPS comes with 3 IPs by default you can have up to 3 SSL web sites on it. This is how it works in windows and I assume the same goes for linux, I could be wrong and if I am I'm sure someone will correct me.

[jason]

Yes, it works the same way with Linux. Basically you can have one SSL certificate per IP address. You get three IP addresses with the VPS--two are intended for DNS, but there is nothing to stop you from hosting websites using those IPs for sites as well.

In your case, though, all you are doing is replacing the already-existing, cPanel-generated self-signed certificate with an actual third-party signed certificate. All of the infrastructure is in place already to handle encryption with the self-signed cert. All you need to do is replace the self-signed one with the real cert once it is issued. No messing with IPs or any of that required.

If you want to give individual site on your VPS their own secure certs so that they can do https://www.domain.com then you will need to assign a unique IP to each site and buy a separate certificate for each site, but to simply let users access their control panel with https://vpsname.yourdomain.com/cpanel you don't need to do anything different to the server's configuration beyond installing the cert.

--Jason

[atechstl]

So do i just buy a cert for the address: vpsname.mydomain.com or do I purchase a wildcard cert *.mydomain.com?

When you are to install a SSL in WHM the page request a username, IP, Key and Cert. Do I use the username "root" or can I use the username that my domain name is under? Altough my VPS server name is myvps.mydomain.com, mydomain.com has a different username than root.

[jason]

In this case you would probably want to buy a normal (non-wildcard) certificate. A wildcard certificate gives you the ability to secure multiple third-level names (ie: www.domain.com, secure.domain.com, shop.domain.com, etc.) with one certificate, but they are a lot more difficult to set up (especially in cPanel, evidently). Unless you specifically plan on using more than one sub-domain name through https then I would stick with the regular cert for vpsname.mydomain.com.

I don't use cPanel, so I can't say how you would go about installing the cert with cPanel. It sounds as though you are looking at a screen for installing a certificate on an individual account, not for securing the entire server's cPanel access. In Interworx (the control panel I run on my VPS) I had to set up the latter by editing the Apache config files directly, though this may be different for cPanel. Perhaps one of the cPanel experts will see this and offer some advice.

--Jason

[atechstl]

Well I do want to make sure that I am not just securing one account. Whenever, a user types go to cpanel they type theirdomain.com/cpanel. If they click cancel on the popup login box, their browser will open up myvps.mydomain.com/cpanel. The same case with webmail.

Has anyone else done this before? I don't want to waste money on purchasing a SSL that I won't be able to use.

[Pawel Kowalski]

The way cPanel works is as long as you are on the same physical server you can log in to cPanel using whatever domain you wish. So if your parent company is abcservices.com and your client is client.com your client will be able to log in to his/her cpanel using abcservices.com/cpanel. Same goes for web mail.

So really you would only have to secure your main company web site and that will allow your clients that are on the same server use your URL to log in to their cPanel and web mail.

[atechstl]

I purchased my SSL for my server servername.mycompany.com. And I tried to install it. I went to install it and tried setting it up under root. After installing it, I then noticed nothing was different. WHM/Cpanel/Webmail still login under a SSL that states it was assigned by my server name not my RapidSSL.

What can I do? I have customers demanding a secured connection and other customers complaining about a non valid SSL.

[thisisit3]

per-domain certificates for cPanel services ARE NOT SUPPORTED.

in other words, a certificate will work for yourclient.com but will not work for yourclient.com/cpanel (or /whm or /webmail) because those are NOT served by apache, instead they are served by cPanel/WHM processes which do not support certificates per domain.

It is said that the developers are aware of the problem and there are fixes for this problem in the EDGE builds.