Cpanel is SLOW in SSL

Brad

Well-Known Member
Aug 16, 2001
231
0
316
I've been struggling with this slow cPanel SSL on our server for quite some time with no resolution. Even have had VO staff involved many times, they cannot figure it out either.

What I've found, is that I'm not alone on this. I've tested many other demos on various sites and each one has the same unusual characteristics.

If you load up cpanel in SSL, you will see that the page does not finish fully loading for quite a few seconds after the page is displayed. Keep your eye on the the progressbar message &opening page& on the task and you will see that the page is still loading, even though everything seems to be displayed, the browser is still trying to finish the request for quite some time. What is it doing? This delay was not there until about 5 months ago, before that it was SSL as usual. Our SSL is just fine outside of cPanel.


Is there anything anyone can think of here, I'm puling my hair out and I really think it's the non-standard port and cPanel causing the delay somehow. Maybe my connection, but even VO staff saw the same thing while testing and so I don't believe this is the issue.
 

awsol

cPanel Test Bitch
Feb 8, 2002
591
0
316
Boston MA
Normally SSL is actually slower. Theres really no need to use cpanel securely. If anyone hacked the server I doubt they would target individuals. They would already have root or equivilant access. Thus they would do the damage through there. Another reason SSL isn't needed is nothing is passed outside the one server. So information can't really be intercepted. I mean it is nice to give customers that relaxed feeling by saying our cpanel is secure etc. But in reality since the information never really publishes to another server other than yours there's no need to use SSL.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
SSL is definitely more reassuring. Clear text username and passwords and any non-SSL data would be prone to interception.
 

Brad

Well-Known Member
Aug 16, 2001
231
0
316
Exactly! Otherwise, why have it? Because it is there for a purpose, security is taken too lightly sometimes.


[quote:ef6516ce2a][i:ef6516ce2a]Originally posted by moronhead[/i:ef6516ce2a]

SSL is definitely more reassuring. Clear text username and passwords and any non-SSL data would be prone to interception.[/quote:ef6516ce2a]
 

feanor

Well-Known Member
Aug 13, 2001
836
0
316
Was that a question?
OK, you realize that if you need to secure WHM via a certificate recognized by all common browsers, you need to make a webserver key for it and then send the CSR off to Thawte/Geotrust whomever, and then get it back and installed and bound to the virtual host on port 2087.

CPanel can't birth an all-compassing SSL cert that will make ANYHOST.HOSTNAME.NET be a flawless SSL transmission on port 2087.....

If you want it for each of your WHM/CPanel machines, you'll need a specialized webserver cert for each, issued by a recognized certificate authority.
 

TRAIN YARD SOFTWARE

Well-Known Member
Dec 20, 2001
224
0
316
[quote:39a4d4a01d][i:39a4d4a01d]Originally posted by feanor[/i:39a4d4a01d]

bound to the virtual host on port 2087.

If you want it for each of your WHM/CPanel machines, you'll need a specialized webserver cert for each, issued by a recognized certificate authority.[/quote:39a4d4a01d]

How do we do this? SSL Cert to 2087?, we know how to get a cert, ie geotrust etc, we do it all the time.

how to bound as you say it, to https://xxx.xxx.xxx.xx:2087 or https://tys.biz:2087 && this domain has a vaild cert on it but not on 2087 or 2096 or 2083
 

bert

Well-Known Member
Aug 21, 2001
602
0
316
[quote:674a6a3318][i:674a6a3318]Originally posted by TRAIN YARD SOFTWARE[/i:674a6a3318]

[quote:674a6a3318][i:674a6a3318]Originally posted by feanor[/i:674a6a3318]

bound to the virtual host on port 2087.

If you want it for each of your WHM/CPanel machines, you'll need a specialized webserver cert for each, issued by a recognized certificate authority.[/quote:674a6a3318]

How do we do this? SSL Cert to 2087?, we know how to get a cert, ie geotrust etc, we do it all the time.

how to bound as you say it, to https://xxx.xxx.xxx.xx:2087 or https://tys.biz:2087 && this domain has a vaild cert on it but not on 2087 or 2096 or 2083[/quote:674a6a3318]

The easiest way to do this is say order a certificate for your server name, i.e. servername.domain.com. Once you have ordered and installed the certificate you need to add it to WHM via WHM itself.

If your domain name shares the domain with the hostname of the server, is hosted on that particular server, and it already has a certificate, then simply add it to WHM.