Changing the WHM Certificate... with CA cert.(50$ offer for Nick ! )

mpierre

Well-Known Member
Jun 30, 2002
196
0
166
I have been trying to install a freessl chained root certificate for my Cpanel/WHM cert.

What I want is to get rid of the warnings about using a self-signed certificate when accessing CPanel / WHM with SSL and when taking e-mails using secure POP.

However, even thought the certificate is well installed, I still get the warning since CPanel confirmed in a ticket opened by my NOC that a bug prevents the use of a CA bundle for the CPanel/WHM cert.

Here is my question :

1 - To the CPanel crew: do you know if you plan to fix this bug soon ? I realize it is very low priority...

2 - To others who have installed FreeSSL certs for CPanel, did you get rid of the warning or do you simply live with it ? If you got rid, how did you do it ?

3 - To those who have installed a Cert without a CABundle, did it work ? Which company did you use ? Verisign ? Thawte ? QuickSSL ( http://www.freessl.com/geotrust/quickssl.html )

I am thinking about getting the QuickSSL product, but since I already paid for my FreeSSL Chained cert. It would be sad to pay 149$ for ANOTHER certificate !

Nick, wanna make 50$ ? Fix the CAbundle bug before I buy my QuickSSL or fix my problem and I'll send you 50$ US with Paypal, a credit card, anything you want...

It's not a lot of money, but if my only 2 choices are buying another cert and waiting for you to fix the bug, I might as well try to influence you !

cPanel.net Support Ticket Number:
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,483
35
208
cPanel Access Level
DataCenter Provider
Originally posted by mpierre
I have been trying to install a freessl chained root certificate for my Cpanel/WHM cert.

What I want is to get rid of the warnings about using a self-signed certificate when accessing CPanel / WHM with SSL and when taking e-mails using secure POP.

However, even thought the certificate is well installed, I still get the warning since CPanel confirmed in a ticket opened by my NOC that a bug prevents the use of a CA bundle for the CPanel/WHM cert.

Here is my question :

1 - To the CPanel crew: do you know if you plan to fix this bug soon ? I realize it is very low priority...

2 - To others who have installed FreeSSL certs for CPanel, did you get rid of the warning or do you simply live with it ? If you got rid, how did you do it ?

3 - To those who have installed a Cert without a CABundle, did it work ? Which company did you use ? Verisign ? Thawte ? QuickSSL ( http://www.freessl.com/geotrust/quickssl.html )

I am thinking about getting the QuickSSL product, but since I already paid for my FreeSSL Chained cert. It would be sad to pay 149$ for ANOTHER certificate !

Nick, wanna make 50$ ? Fix the CAbundle bug before I buy my QuickSSL or fix my problem and I'll send you 50$ US with Paypal, a credit card, anything you want...

It's not a lot of money, but if my only 2 choices are buying another cert and waiting for you to fix the bug, I might as well try to influence you !

cPanel.net Support Ticket Number:
I'll fix it for free, just email me the ticket number :)

cPanel.net Support Ticket Number:
 

mpierre

Well-Known Member
Jun 30, 2002
196
0
166
The ticket was opened by my NOC.

I just asked them the ticket number.

They say the reply was this, if it's any help ( I doubt it ) :

-------------------------------------------------------
yes you can't use one with a CAbundle
just a regular cert (public and private)
-------------------------------------------------------

I will reply with the ticket number once I have it.

cPanel.net Support Ticket Number:
 

tAzMaNiAc

Well-Known Member
Feb 16, 2003
558
0
166
Sachse, TX
Originally posted by mpierre
The ticket was opened by my NOC.

I just asked them the ticket number.

They say the reply was this, if it's any help ( I doubt it ) :

-------------------------------------------------------
yes you can't use one with a CAbundle
just a regular cert (public and private)
-------------------------------------------------------

I will reply with the ticket number once I have it.

cPanel.net Support Ticket Number:
Huh? You can add the CA file to httpd.conf (i.e. under the virtual domains section in the specific domain for which you did the certificate)..that's how I fixed my instantssl certificates.....(?)

cPanel.net Support Ticket Number:
 

rbmatt

Well-Known Member
Oct 21, 2002
212
0
166
Originally posted by tAzMaNiAc
Huh? You can add the CA file to httpd.conf (i.e. under the virtual domains section in the specific domain for which you did the certificate)..that's how I fixed my instantssl certificates.....(?)
I assume this is for the secure cPanel ports, 2087 and 2083 plus secure webmail. This isn't in httpd.conf

cPanel.net Support Ticket Number:
 

rpmws

Well-Known Member
Aug 14, 2001
1,802
9
318
back woods of NC, USA
I remember having this problem and Nick helped me but I think he implimented a global solution. I just made sure my CA cert and the cert and key were in the right place and it works for me.

cPanel.net Support Ticket Number:
 

netwrkr

Well-Known Member
Apr 12, 2003
202
0
166
I opened a ticket on this very issue and was informed by cPanel that the cert was a self signed, WHM generated cert and could not be changed or modified. Is this not true? Those messages when accessing CP for my customers are mad annoying.

Ticket was opened and closed less than 2 weeks ago.

TP

cPanel.net Support Ticket Number:
 

mpierre

Well-Known Member
Jun 30, 2002
196
0
166
Indeed, Cpanel confirms that a bug prevent the use of a CABundle for the 2083 and 2087 ports...

Nick, here is the ticket number : 14024

cPanel.net Support Ticket Number: 14024
 

gsbe

Active Member
Jul 27, 2003
39
0
156
Nashville, TN
one more time, this time with feeling

Not to be dense, but how do you do this? I want to install anything to rid myself of the popup broswer security alarms involved with forcing secure logins to WHM, CPanel, and webmail. How do I do this?

I appreciate the new setting in Tweak Settings "When users access /cpanel or /whm or /webmail on their domain redirect them to the https(ssl) port instead of the insecure one". That's exactly what I'd like to do. This is working great, much thanks for the CPanel team for this.

How do I hide the security alarms without forcing all of my customers to install the self-signed certificate?
 

gsbe

Active Member
Jul 27, 2003
39
0
156
Nashville, TN
Doesn't this suggest that you'd have install a new cert for every domain? domain1.com/cpanel is not going to be able to be on the same cert as domain2.com/cpanel unless I'm missing something here. Are you redirecting all of your CPanel, WHM, and webmail clients to the host's URL? How do Resellers deal with this?

Is this what those expensive certs do, cover mulitple domains with a single cert? If so, maybe this is the catchall solution without redirecting every domain to the server's domain with a valid SSL.

Is anyone out there doing this that can shed some light on the subject? This thread is getting old...