The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel redirects, SSL, SNI and Wildcard Certs

Discussion in 'Security' started by rellis, Jan 31, 2014.

  1. rellis

    rellis Registered

    Joined:
    Jan 31, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    This may be a PICNIC (Problem in Chair, Not in Cpanel) but I would appreciate the help.

    I have a reseller account (example1.org) with a valid wildcard SSL -> *.example1.org.

    I have created another account (example2.org) and it too has a valid wildcard SSL -> *.example2.org.

    I do want SSL turned on automagically when the administrator of example2.org goes to Cpanel but I'm triggering a cert error because I get a mismatch of the SSL cert with the hostname.

    I have a newly installed WHM 11.42 and it's bone stock.

    Is this expected behavior?

    I would prefer the folks administering example2.org could stay within their SSL environment and assumed SNI would take care of this.

    I have played around with example1.org and example2.org being owned by root, example1 or example2 accounts and receive the same error.

    I'm running: CENTOS 6.5 x86_64 xenpv – srv WHM 11.42.0 (build 1)

    There are zero issues of I go to example1.org/cpanel but if I go to example2.org/cpanel I trigger the SSL cert error.

    From Installed SSL Hosts:

    Domains: *.example1.org
    IP Address: xxx.xxx.xxx.xxx
    IP Address Type: Shared
    Is primary Website on IP address?: Yes
    Needs SNI?: No
    Owner: Nobody
    Issuer: Comodo

    Domains: *.example2.org
    IP Address: xxx.xxx.xxx.xxx (same as above)
    Ip Address Type: Shared
    Is Primary Website on IP Address: No
    Needs SNI?: Yes
    Issuer: GeoTrust

    Many thanks in advance.
     
  2. rellis

    rellis Registered

    Joined:
    Jan 31, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Okay, definitely a PICNIC for one part.

    I installed the wrong CA bundle when installing the SSL cert. So, good news I don't get a mismatch with the CERT and hostname.

    But, now, I have a new issue. When I go to example2.org/cpanel I end up at example1.org/cpanel.

    In the big scheme of things this isn't an issue as the admin of example2 would log in with their credentials and would administer there environment.

    However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.

    I know SNI is supported by apache but we're talking about Cpanel on port 2083. Am I stuck with this scenario?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home » Server Configuration » Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache.

    Thank you.
     
  4. rellis

    rellis Registered

    Joined:
    Jan 31, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was afraid of that.

    Thanks for the confirmation. Hopefully, this will be an enhancement in the future. Virtual hosting and SNI provide much in the way of a seemingly dedicated environment for all things except use of the cPanel/WHM/Webmail services...
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page