cPanel redirects, SSL, SNI and Wildcard Certs

rellis

Registered
Jan 31, 2014
3
0
1
cPanel Access Level
Root Administrator
This may be a PICNIC (Problem in Chair, Not in Cpanel) but I would appreciate the help.

I have a reseller account (example1.org) with a valid wildcard SSL -> *.example1.org.

I have created another account (example2.org) and it too has a valid wildcard SSL -> *.example2.org.

I do want SSL turned on automagically when the administrator of example2.org goes to Cpanel but I'm triggering a cert error because I get a mismatch of the SSL cert with the hostname.

I have a newly installed WHM 11.42 and it's bone stock.

Is this expected behavior?

I would prefer the folks administering example2.org could stay within their SSL environment and assumed SNI would take care of this.

I have played around with example1.org and example2.org being owned by root, example1 or example2 accounts and receive the same error.

I'm running: CENTOS 6.5 x86_64 xenpv – srv WHM 11.42.0 (build 1)

There are zero issues of I go to example1.org/cpanel but if I go to example2.org/cpanel I trigger the SSL cert error.

From Installed SSL Hosts:

Domains: *.example1.org
IP Address: xxx.xxx.xxx.xxx
IP Address Type: Shared
Is primary Website on IP address?: Yes
Needs SNI?: No
Owner: Nobody
Issuer: Comodo

Domains: *.example2.org
IP Address: xxx.xxx.xxx.xxx (same as above)
Ip Address Type: Shared
Is Primary Website on IP Address: No
Needs SNI?: Yes
Issuer: GeoTrust

Many thanks in advance.
 

rellis

Registered
Jan 31, 2014
3
0
1
cPanel Access Level
Root Administrator
Okay, definitely a PICNIC for one part.

I installed the wrong CA bundle when installing the SSL cert. So, good news I don't get a mismatch with the CERT and hostname.

But, now, I have a new issue. When I go to example2.org/cpanel I end up at example1.org/cpanel.

In the big scheme of things this isn't an issue as the admin of example2 would log in with their credentials and would administer there environment.

However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.

I know SNI is supported by apache but we're talking about Cpanel on port 2083. Am I stuck with this scenario?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.
Hello :)

You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home » Server Configuration » Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache.

Thank you.
 

rellis

Registered
Jan 31, 2014
3
0
1
cPanel Access Level
Root Administrator
Hello :)

You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home » Server Configuration » Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache.

Thank you.
I was afraid of that.

Thanks for the confirmation. Hopefully, this will be an enhancement in the future. Virtual hosting and SNI provide much in the way of a seemingly dedicated environment for all things except use of the cPanel/WHM/Webmail services...