The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Certificate is not trusted because its self signed

Discussion in 'Security' started by Bloke2, Feb 19, 2016.

  1. Bloke2

    Bloke2 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Recently when I log into Cpanel for accounts I get this message on Firefox. "Your connection is not secure. The owner of 100.00.00.10 (example) has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Ip address 100.00.00.10:2087(example) uses an invalid security certificate."

    Do I need to fix anything? I save the exception and it goes away. I know before there were a few self signed certificates that were expiring and I thought they auto renew for Cpanel.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's a normal message if you have installed a self-signed certificate. You will need to install a signed certificate if you prefer to avoid this warning. Note that some users are now using "Let's Encrypt" for their signed certificates:

    [How-To] Installing SSL from Let's Encrypt

    Thank you.
     
  3. Bloke2

    Bloke2 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I was referring to the certificates for exim, cpanel, dovecot, and ftp. I was getting messages these would expire. But also they would automatically renew. My certificate for my store and website are fine.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The self-signed service certificates will automatically renew, but note it's a new self-signed certificate so your browser may issue the warning again.

    Thank you.
     
  5. Bloke2

    Bloke2 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Ok so I didn't have to set them up, this is how it is supposed to be? The warning in my browser went away after made the exception and clicked ok.
     
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Great but it's better to install the ssl certificate from trusted ssl authority. Recommendation is to install ssl on server hostname which then can be used on other services. Users generally ask when they want to access emails at secure ports.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that is by design. However, as mentioned in the previous post, a signed certificate is typically advised so it's from a trusted authority, and visitors are not presented with a warning.

    Thank you.
     
  8. Bloke2

    Bloke2 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Where do I get certificates for exim, cpanel, dovecot, and ftp?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can purchase a certificate for these services from anywhere you would purchase a certificate for a domain name. There's no special certificate that's required. You can install the certificate via "WHM >> Manage Service SSL Certificates" as documented at:

    Manage Service SSL Certificates - Documentation - cPanel Documentation

    Thank you.
     
  10. Bloke2

    Bloke2 Active Member

    Joined:
    Feb 4, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Ok. So I have to have a separate certificate for the website eCommerce, and another for the other services such as exim, cpanel, dovecot, and ftp?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can use the same certificate if you want to use the same hostname for your services that you use for your domain name. However, most of the time the certificate for the services is for the hostname of the server because it's the certificate that all domain names on the server use when accessing the service.

    Thank you.
     
Loading...

Share This Page