SSL Certificate Error

[ljarratt]

I created an SSL Certificate for a domain. I installed it on the domain (americanmajority.org). Now when I visit https://americanmajority.org/wow I get a certificate error.

Is there something else I need to do to prevent this? It is a self signed certificate using the modSSL in CPanel.

[cPanelDavidG]

I created an SSL Certificate for a domain. I installed it on the domain (americanmajority.org). Now when I visit https://americanmajority.org/wow I get a certificate error.

Is there something else I need to do to prevent this? It is a self signed certificate using the modSSL in CPanel.

Are you using a self-signed SSL certificate or did you purchase one and install that certificate?

[ljarratt]

self-signed...

[cPanelDavidG]

self-signed...

That's why you're getting the "error"

Modern web browsers (especially Firefox 3) are very aggressive in curbing their users from visiting HTTPS sites using self-signed certificates.

To get rid of this issue, simply acquire a signed (not self-signed) SSL certificate for that domain and install it. Note, for SSL certificates: example.com is not the same as www.example.com.

[ljarratt]

Thanks for the help. I was trying to avoid buying one if I could.

[UBERHOST]

Thanks for the help. I was trying to avoid buying one if I could.

Just but a $12.95 RapidSSL cert from ServerTastic, or if you are an eNom reseller you can get them for ten bucks. It's worth a few pennies a day to have a proper certificate IMHO.

[cPanelDavidG]

Just but a $12.95 RapidSSL cert from ServerTastic, or if you are an eNom reseller you can get them for ten bucks. It's worth a few pennies a day to have a proper certificate IMHO.

I've even seen SSL certs cheaper than that in recent days. Some registrars are even claiming to give out free certs when you transfer a domain to them.

[UBERHOST]

I've even seen SSL certs cheaper than that in recent days. Some registrars are even claiming to give out free certs when you transfer a domain to them.

If the cheaper certs are RapidSSL or equivalent (in other words, if they stand up to FF3, lol) then that's great. As for giveaways with purchase, I hope the consumers read all the fine print to make sure that they own the domain and cert, don't have to buy any hosting, can transfer away under standard guidelines, and don't have to buy more years upfront than they really want/need. All that being equal, the more hosts that buy legitimate certs the better for the security of data transfer (in theory at least).

[SoftDux]

That's why you're getting the "error"

Modern web browsers (especially Firefox 3) are very aggressive in curbing their users from visiting HTTPS sites using self-signed certificates.

To get rid of this issue, simply acquire a signed (not self-signed) SSL certificate for that domain and install it. Note, for SSL certificates: example.com is not the same as www.example.com.

Hi Dave

This is causing serious problems with shared SSL's, used for cPanel, WHM & Webmail. Even if you do purchase a cert, the clients still get that error when accessing their webmail or cPanel - I even have clients phoning in saying their websites are down because of this (who actually reads those error messages? Client certainly don't) They see the red error message and think it's broken.

So, how does one "fight this battle"? I sure don't see the point in purchasing a few thousand SSL certs every year just to give the clients secure cPanel & Webmail access without using ours

[cPanelDavidG]

Hi Dave

This is causing serious problems with shared SSL's, used for cPanel, WHM & Webmail. Even if you do purchase a cert, the clients still get that error when accessing their webmail or cPanel - I even have clients phoning in saying their websites are down because of this (who actually reads those error messages? Client certainly don't) They see the red error message and think it's broken.

So, how does one "fight this battle"? I sure don't see the point in purchasing a few thousand SSL certs every year just to give the clients secure cPanel & Webmail access without using ours

Why not set your server to redirect all SSL traffic to the name on the SSL Certificate? This is a setting in Tweak Settings.