disabled autoSSL and set new certificates to access website

Angel Castro

Active Member
Jul 16, 2018
37
4
8
Aguascalientes, México
cPanel Access Level
Root Administrator
Hi!

Recently I updated to EasyApache4 and I had a certificate for each website, example:
  • azul.example.com.mx
  • rojo.example.com.mx
  • verde.example.com.mx

That self signed certificate the I have was served to access from each computer that have installed my certificate of the sucursal.

Example:
  • computer1 have installed the certificate to access into azul.example.com.mx
  • computer2 have installed 2 certificates to access into azul.example.com.mx and verde.example.com.mx
  • computer3 have installed 3 certificates to acess into azul.example.com.mx, verde.example.com.mx and rojo.example.com.mx
But the update make my certificate unable to work anymore, that means that the computer1 have access to all websites like computer3 and I don't want it.

What I can do?

I hope someone can help me.
Thanks in advance.
 
Last edited by a moderator:

Angel Castro

Active Member
Jul 16, 2018
37
4
8
Aguascalientes, México
cPanel Access Level
Root Administrator
We had self signed certificates created using OpenSSL, so basically in order to access the website you will need a cetificate installed on you local computer, so the server side certificate will give access. I can provide you the commands used to generate these certificates:
  • openssl req -newkey rsa:4096 -nodes -keyform PEM -keyout camysite.key -x509 -days 365 -outform PEM -out camysite.cer
  • openssl genrsa -out servermysite.key 4096
  • openssl req -new -key servermysite.key -out servermysite.req
  • openssl x509 -req -in servermysite.req -CA camysite.cer -CAkey camysite.key -set_serial 100 -days 365 -outform PEM -out servermysite.cer
  • openssl genrsa -out clientemysite.key 4096
  • openssl req -new -key clientemysite.key -out clientemysite.req
  • openssl x509 -req -in clientemysite.req -CA camysite.cer -CAkey camysite.key -set_serial 101 -days 365 -outform PEM -out clientemysite.cer
  • openssl pkcs12 -export -inkey clientemysite.key -in clientemysite.cer -out clientemysite.p12
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,247
363
Hello @Angel Castro,

Have you tried reinstalling the certificates using WHM >> Install an SSL Certificate on a Domain? It's important to use cPanel, WHM, or one of the available API functions to install a certificate so that it's configured in the correct locations.

Thank you.
 

Angel Castro

Active Member
Jul 16, 2018
37
4
8
Aguascalientes, México
cPanel Access Level
Root Administrator
Hello @Angel Castro,

Have you tried reinstalling the certificates using WHM >> Install an SSL Certificate on a Domain? It's important to use cPanel, WHM, or one of the available API functions to install a certificate so that it's configured in the correct locations.

Thank you.
We tried that, but it does't work for what we need, in the certificate of the website it appears that it belongs to us, but any computer or from a cellphone can access to the website.
As i was saying, previously to access to website from a computer or device that want do it, they needed the self signed certificate of us installed in the computer o device, and now anybody can do it, is a risk.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,247
363
As i was saying, previously to access to website from a computer or device that want do it, they needed the self signed certificate of us installed in the computer o device, and now anybody can do it, is a risk.
Can you provide some more information about how you are restricting access in this way?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,247
363
In the server I add the certificates files and in the client (desktop, laptop, etc.) I install the certificate (self signed certificate) to browser for they can access my website.
Hello @Angel Castro,

Those steps won't restrict access. It might prevent web browsers from presenting a warning about the certificate's trust level on the workstations you install it on, but there's no aspect of those steps that will prevent access to the website.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,247
363
It's correct, but is possible implement with WHM or I can't do it anymore?
Hello,

If you'd like to restrict access to your website, you should consider using the Directory Privacy feature to restrict access to only those that know the username and password:

Directory Privacy - Version 74 Documentation - cPanel Documentation

Or, you could restrict access by IP address per the examples on the following post:

Disable access to compromised website

Thank you.