The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access with SSL

Discussion in 'General Discussion' started by kers7754, Jan 17, 2011.

  1. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I am trying to figure out how all these logins work with and without SSL. I read this post that gave me some information:

    http://forums.cpanel.net/f34/2086-interface-accesable-ssl-172782.html

    So I have installed a real SSL signed from Go Daddy and it seems to work by going here:

    https://www.nerdalerthosting.com
    -- and the joomla backend --
    https://www.nerdalerthosting.com/administrator/

    But when I try to log into the cPanel backend or the webmail, I get redirected to login using SSL and doing so brings up the self signing warning:

    Omnicron - September 2010 Template Demo
    Omnicron - September 2010 Template Demo

    It seems that the SSL doesn't work for anything with a port number? Is that true?

    Thanks,
    --Jeff
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It sounds like you have not installed the certificate for use with cPanel itself, only your site. If you install a certificate on a site, it does not automatically work for cPanel/WHM/Webmail and other services. cPanel/WHM/Webmail are not served by Apache, so installing a certificate for a site does not have any effect on the certificates used by cPanel/WHM/Webmail.

    If you want to install a certificate for use with cPanel/WHm/Webmail, and other services such as IMAP, Exim and FTP, click Main >> Service Configuration >> Manage Service SSL Certificates. This is the interface for managing certificates used by services other than Apache. Note that only one certificate can be installed per service; you cannot install multiple certificates per service, unlike Apache which allows one certificate per site on dedicated IP addresses.

    The following section of our documentation explains service SSL certificates (certificates for services other than Apache and your Web sites):

    Manage Service SSL Certificates

    The redirect to the SSL log-in shown in your screenshots is due to the setting Require SSL in Main >> Server Configuration >> Tweak Settings. This setting disallows logging in via the non-secure ports (2086, 2082 and 2095) and forces log-ins to be from the secure ports (2087, 2083 and 2096).
     
  3. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I understand now. So to secure my production site, you are saying that I am going to need to purchase an SSL for my site (which I have done) as well as an SSL for each service (IMAP, POP3, FTP, WHM and cPanel) for a grand total of 6 certificates? Do most people do this, or do they rely on a self signed certificate for these services?
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    cPanel, the WebHost Manager and Webmail all use the same certificate. This makes a total of four services, other than Apache, that can have certificates installed: cPanel/WHM/Webmail, FTP, Exim and IMAP.

    You do not need to purchase a separate SSL certificate for each of these services. You can install the same certificate for each service, cPanel/WHM/Webmail, FTP, Exim and IMAP. There is no problem with this, and it is done very often.

    You can even install the certificate you purchased for the site for use with these services, but to prevent errors, it needs be generated for the server's hostname.

    Many customers do use self-signed certificates for the services I have mentioned. Self-signed certificates work fine for encrypting data that are transferred. The only issue is that self-signed certificates do not provide identifying information. For many customers, this is acceptable.
     
Loading...

Share This Page