cPanel redirects, SSL, SNI and Wildcard Certs

[rellis]

This may be a PICNIC (Problem in Chair, Not in Cpanel) but I would appreciate the help.

I have a reseller account (example1.org) with a valid wildcard SSL -> *.example1.org.

I have created another account (example2.org) and it too has a valid wildcard SSL -> *.example2.org.

I do want SSL turned on automagically when the administrator of example2.org goes to Cpanel but I'm triggering a cert error because I get a mismatch of the SSL cert with the hostname.

I have a newly installed WHM 11.42 and it's bone stock.

Is this expected behavior?

I would prefer the folks administering example2.org could stay within their SSL environment and assumed SNI would take care of this.

I have played around with example1.org and example2.org being owned by root, example1 or example2 accounts and receive the same error.

I'm running: CENTOS 6.5 x86_64 xenpv – srv WHM 11.42.0 (build 1)

There are zero issues of I go to example1.org/cpanel but if I go to example2.org/cpanel I trigger the SSL cert error.

From Installed SSL Hosts:

Domains: *.example1.org
IP Address: xxx.xxx.xxx.xxx
IP Address Type: Shared
Is primary Website on IP address?: Yes
Needs SNI?: No
Owner: Nobody
Issuer: Comodo

Domains: *.example2.org
IP Address: xxx.xxx.xxx.xxx (same as above)
Ip Address Type: Shared
Is Primary Website on IP Address: No
Needs SNI?: Yes
Issuer: GeoTrust

Many thanks in advance.

 

[rellis]

Okay, definitely a PICNIC for one part.

I installed the wrong CA bundle when installing the SSL cert. So, good news I don't get a mismatch with the CERT and hostname.

But, now, I have a new issue. When I go to example2.org/cpanel I end up at example1.org/cpanel.

In the big scheme of things this isn't an issue as the admin of example2 would log in with their credentials and would administer there environment.

However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.

I know SNI is supported by apache but we're talking about Cpanel on port 2083. Am I stuck with this scenario?

 

[cPanelMichael]

However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.

Hello

You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home » Server Configuration » Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache.

Thank you.

 

[rellis]

Hello

You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home » Server Configuration » Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache.

Thank you.

I was afraid of that.

Thanks for the confirmation. Hopefully, this will be an enhancement in the future. Virtual hosting and SNI provide much in the way of a seemingly dedicated environment for all things except use of the cPanel/WHM/Webmail services...

 

[cPanelMichael]

I encourage you to vote and add your input to the existing feature request for this at:

SSL certificate per domain on all services | cPanel Feature Requests

Thank you.