disabled autoSSL and set new certificates to access website

[Angel Castro]

Hi!

Recently I updated to EasyApache4 and I had a certificate for each website, example:

• azul.example.com.mx
• rojo.example.com.mx
• verde.example.com.mx

That self signed certificate the I have was served to access from each computer that have installed my certificate of the sucursal.

Example:

• computer1 have installed the certificate to access into azul.example.com.mx
• computer2 have installed 2 certificates to access into azul.example.com.mx and verde.example.com.mx
• computer3 have installed 3 certificates to acess into azul.example.com.mx, verde.example.com.mx and rojo.example.com.mx

But the update make my certificate unable to work anymore, that means that the computer1 have access to all websites like computer3 and I don't want it.

What I can do?

I hope someone can help me.
Thanks in advance.

 

[24x7server]

Hi,

The example is a bit confusing.. How exactly you were restricting the website based on certificate?

 

[Angel Castro]

We had self signed certificates created using OpenSSL, so basically in order to access the website you will need a cetificate installed on you local computer, so the server side certificate will give access. I can provide you the commands used to generate these certificates:

• openssl req -newkey rsa:4096 -nodes -keyform PEM -keyout camysite.key -x509 -days 365 -outform PEM -out camysite.cer
• openssl genrsa -out servermysite.key 4096
• openssl req -new -key servermysite.key -out servermysite.req
• openssl x509 -req -in servermysite.req -CA camysite.cer -CAkey camysite.key -set_serial 100 -days 365 -outform PEM -out servermysite.cer
• openssl genrsa -out clientemysite.key 4096
• openssl req -new -key clientemysite.key -out clientemysite.req
• openssl x509 -req -in clientemysite.req -CA camysite.cer -CAkey camysite.key -set_serial 101 -days 365 -outform PEM -out clientemysite.cer
• openssl pkcs12 -export -inkey clientemysite.key -in clientemysite.cer -out clientemysite.p12

 

[cPanelMichael]

Hello @Angel Castro,

Have you tried reinstalling the certificates using WHM >> Install an SSL Certificate on a Domain? It's important to use cPanel, WHM, or one of the available API functions to install a certificate so that it's configured in the correct locations.

Thank you.

 

[Angel Castro]

Hello @Angel Castro,

Have you tried reinstalling the certificates using WHM >> Install an SSL Certificate on a Domain? It's important to use cPanel, WHM, or one of the available API functions to install a certificate so that it's configured in the correct locations.

Thank you.

We tried that, but it does't work for what we need, in the certificate of the website it appears that it belongs to us, but any computer or from a cellphone can access to the website.
As i was saying, previously to access to website from a computer or device that want do it, they needed the self signed certificate of us installed in the computer o device, and now anybody can do it, is a risk.

 

[cPanelMichael]

As i was saying, previously to access to website from a computer or device that want do it, they needed the self signed certificate of us installed in the computer o device, and now anybody can do it, is a risk.

Can you provide some more information about how you are restricting access in this way?

Thank you.

 

[Angel Castro]

Can you provide some more information about how you are restricting access in this way?

Thank you.

In the server I add the certificates files and in the client (desktop, laptop, etc.) I install the certificate (self signed certificate) to browser for they can access my website.

 

[cPanelMichael]

In the server I add the certificates files and in the client (desktop, laptop, etc.) I install the certificate (self signed certificate) to browser for they can access my website.

Hello @Angel Castro,

Those steps won't restrict access. It might prevent web browsers from presenting a warning about the certificate's trust level on the workstations you install it on, but there's no aspect of those steps that will prevent access to the website.

Thank you.

 

[Angel Castro]

It's correct, but is possible implement with WHM or I can't do it anymore?

 

[cPanelMichael]

It's correct, but is possible implement with WHM or I can't do it anymore?

Hello,

If you'd like to restrict access to your website, you should consider using the Directory Privacy feature to restrict access to only those that know the username and password:

Directory Privacy - Version 74 Documentation - cPanel Documentation

Or, you could restrict access by IP address per the examples on the following post:

Disable access to compromised website

Thank you.

 

[Angel Castro]

Well, thanks for answer.