Help me get my head around ssl/cert fundamentals for whm host

[stardotstar]

Hi all,

I am studying the ssl and certificate options closely and am not going to spring for a wild card cert just yet - although I can see that it is an effective way of offering a single certificate to cover say, whm, cpanel, whmcs etc on the main physical host.

Initially I purchased a certificate for my physical host:

host.domain.com.au

which (obviously) has the physical IP address of the interface on the server to which all the other ones as virtual addresses are bound.

Now, I find that when I visit:
https://host.domain.com.au
I can view the certificate and it looks fine, it shows all the details I entered when generating the request that should (not before and valid until, public key components etc) and there is not challenge about the cert when the browser visits after deleting all the existing (self signed) certs for the main host.

However when I attempt to resolve the WHM session as
https://host.domain.com.au/whm
I get challenged about adding the exception...
I could understand this if I had routed via the proxy domain redirection
https://whm.host.domain.com.au
but why would I not be able to access
https://host.domain.com.au:2086
with the certificate installed and valid for that host and IP?

I must be missing some fundamental concept here.

I have purchased the certificate for
host.domain.com.au in order to ensure that my clients when they resolve mail or other web services to the physical host they do not get a cert challenge. Not to obviate the need for them to buy and install their own certs for https://their.domain.com.au (which I understand they will only be able to do if they are assigned a virtual/dedicated IP by me as the host)

But is it not useful to have a genuine certificate for the physical host as a starting point (ie not a large monetary outlay and good "shopfront" policy for a host?)

Perhaps I misunderstand the application I need/or have not installed the cert properly...

Perhaps I cannot do what I am trying to do with host.domain.com.au and needed to purchase domain.com.au - or even necessarily *.domain.com.au.

I would appreciate anyone who has the time to assist me in untangling my understanding of what I am doing and trying to achieve with this subject!

Best regards,
Will


PS thinking about this I suspect it has something to do with port 443 being the ssl/https pipe? and therefore the native cpanel ports do not fall into the category of being secured by the installed ssl cert for a host which browsers negotiate over 443??


UPDATE: In my research I have found the services config area where the ssl can be installed for the services which allows me to use a non-selfsigned cert for these - I am intalling my main host cert there now. Still confused but starting to make some progress myself.

[whwrobert]

Hello,

Well actually before explaining what is happening I would like to tell you how SSL works. First when you purchase SSL it is very name sensitive for example:

SSL issued for WebHostingWorld.Net will give you SSL error when you access:

https://www.WebHostingWorld.Net

If you purchase SSL for www.WebHostingWorld.Net it will give you SSL error when you access:

https://WebHostingWorld.Net

-----------------------------------------------------------------

Now after installing SSL you can access everything present under the public_html directory. For example if SSL is issued for WebHostingWorld.Net then you can access everything under public_html directory of WebHostingWorld.Net using link:

Example:

https://WebHostingWorld.Net/plans.php
http://webhostingworld.net/billing/cart.php

and so on.

But the issue is you are trying to access WHM or Cpanel through https link BUT WHM or Cpanel is not installed under public_html directory, its installed in /usr/loca/cpanel so obviously it will give you a warning message. So I think you cannot remove this warning message for WHM or Cpanel Link.

If anyone has solution for this issue, I would really be happy to know what it is but I think you cant do it

[stardotstar]

That's a very interesting aspect of the redirection that happens when the cpanel or whm url appendix is applied to the main url.

I appreciate the domain/subdomain context and that is why I was toying with wildcards but they are too expensive for me right now and I would need more than 10 subdomains of a tld to justify it - I am guessing I will be able to get away with a lot less than that for the moment so individual quick and dirty host based certs are the way I am travelling.

(BTW Thank you for the informative and constructive reply!) lots of water under the bridge since my post much in the way of research etc. It seems that the only way through is a truly comprehensive study of ssl and apache in the whm/cpanel architecture and I am thrashing it out with the support team and google

Thanks,
Will