Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

disabled autoSSL and set new certificates to access website

Discussion in 'Security' started by Angel Castro, Sep 8, 2018.

Tags:
  1. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    Hi!

    Recently I updated to EasyApache4 and I had a certificate for each website, example:
    • azul.example.com.mx
    • rojo.example.com.mx
    • verde.example.com.mx

    That self signed certificate the I have was served to access from each computer that have installed my certificate of the sucursal.

    Example:
    • computer1 have installed the certificate to access into azul.example.com.mx
    • computer2 have installed 2 certificates to access into azul.example.com.mx and verde.example.com.mx
    • computer3 have installed 3 certificates to acess into azul.example.com.mx, verde.example.com.mx and rojo.example.com.mx
    But the update make my certificate unable to work anymore, that means that the computer1 have access to all websites like computer3 and I don't want it.

    What I can do?

    I hope someone can help me.
    Thanks in advance.
     
    #1 Angel Castro, Sep 8, 2018
    Last edited by a moderator: Sep 8, 2018
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    The example is a bit confusing.. How exactly you were restricting the website based on certificate?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    We had self signed certificates created using OpenSSL, so basically in order to access the website you will need a cetificate installed on you local computer, so the server side certificate will give access. I can provide you the commands used to generate these certificates:
    • openssl req -newkey rsa:4096 -nodes -keyform PEM -keyout camysite.key -x509 -days 365 -outform PEM -out camysite.cer
    • openssl genrsa -out servermysite.key 4096
    • openssl req -new -key servermysite.key -out servermysite.req
    • openssl x509 -req -in servermysite.req -CA camysite.cer -CAkey camysite.key -set_serial 100 -days 365 -outform PEM -out servermysite.cer
    • openssl genrsa -out clientemysite.key 4096
    • openssl req -new -key clientemysite.key -out clientemysite.req
    • openssl x509 -req -in clientemysite.req -CA camysite.cer -CAkey camysite.key -set_serial 101 -days 365 -outform PEM -out clientemysite.cer
    • openssl pkcs12 -export -inkey clientemysite.key -in clientemysite.cer -out clientemysite.p12
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,531
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Angel Castro,

    Have you tried reinstalling the certificates using WHM >> Install an SSL Certificate on a Domain? It's important to use cPanel, WHM, or one of the available API functions to install a certificate so that it's configured in the correct locations.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    We tried that, but it does't work for what we need, in the certificate of the website it appears that it belongs to us, but any computer or from a cellphone can access to the website.
    As i was saying, previously to access to website from a computer or device that want do it, they needed the self signed certificate of us installed in the computer o device, and now anybody can do it, is a risk.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,531
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Can you provide some more information about how you are restricting access in this way?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    In the server I add the certificates files and in the client (desktop, laptop, etc.) I install the certificate (self signed certificate) to browser for they can access my website.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,531
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Angel Castro,

    Those steps won't restrict access. It might prevent web browsers from presenting a warning about the certificate's trust level on the workstations you install it on, but there's no aspect of those steps that will prevent access to the website.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    It's correct, but is possible implement with WHM or I can't do it anymore?
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,531
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If you'd like to restrict access to your website, you should consider using the Directory Privacy feature to restrict access to only those that know the username and password:

    Directory Privacy - Version 74 Documentation - cPanel Documentation

    Or, you could restrict access by IP address per the examples on the following post:

    Disable access to compromised website

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Angel Castro

    Angel Castro Active Member

    Joined:
    Jul 16, 2018
    Messages:
    36
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    Aguascalientes, México
    cPanel Access Level:
    Root Administrator
    Well, thanks for answer.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice