The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel cert for reseller

Discussion in 'General Discussion' started by Crundy, Dec 22, 2003.

  1. Crundy

    Crundy Active Member

    Joined:
    Oct 9, 2003
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    I have a reseller account using WHM/cPanel and I want to change the certificate that just my users get when they want to connect to their cPanel page.

    I set up secure.domain.com with a dedicated IP and assigned a certificate to it, so https://secure.domain.com/ works fine, but https://secure.domain.com:2083/ still brings up my host's certificate, even though it should be pointing to my cert (same IP right?).

    Does anyone know how to fix this?
     
  2. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    I don't, but I am looking for a solution myself, hopefully short of running a seperate stunnel daemon for each user.

    Anyone have ideas about this?
    Perhaps move the ssl from stunnel directly onto the cpanel apache daemon?
     
  3. masamm

    masamm Registered

    Joined:
    Jan 18, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I’m interested in this too. Anyone knows how to do it?
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    I've seen several people ask this with no definitive answer. I am looking to solve this too as I have a reseller account and would like my clients to login to https://mydomain.com:2083 and get a secure panel.

    I've seen some replies on the net report that since the request is not over port 443 it wont work. Surely there MUST be a work around for this??

    All help is appreciated...
     
  5. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    the port number won't stop a secure connexion... since it works for your own domain, just not for resellers. Not because it won't work, but because YOUR name(your certificate) will come up, not theirs, and they are sure to complain.

    The problem here is that cpanel's secure system uses stunnel, and stunnel can protect either one ip, or all ips on a machine, with ONE secure certificate. Now I've seen machines with resellers where 20 resellers(+1 owner) totaled about 400ips, and there is no clear way to keep track of who's who. running a seperate stunnel for each reseller _might_ work, but you would need a lot of infrastructure to keep the certs in sync, and you'd have to tell each client to login to
    https://resellerdomain.com/cpanel/ not https://clientdomain.com/cpanel/ (the ssl cert protects a domainname, and an ip, and the binding between the two, originally it was a one-to-one binding, but that's going away as a restriction)

    That's why I made the comment about cpanel's use of apache earlier, if cpanel would use apache for ssl instead of stunnel, they could use the apache proxy and rewrite modules to keep /cpanel/ going to the right place(and a change owner would have only one file to change to redirect the security to the right place). The reason they haven't done it, I suspect is that it's a fair bit of work, and that it only works if ALL resellers have their own cert... right now my experience shows ssl penetration of 50% among resellers(despite extremely low prices compared to a few years ago) and maybe 10% among clients, who don't seem to care very much. I'd volunteer to write some of the code myself, but I've been burned before at writing code that was made obsolete or downright dangerous by cpanel modifications before...
     
    #5 perlchild, Feb 4, 2004
    Last edited: Feb 4, 2004
Loading...

Share This Page