Dynamic Subdomain SSL Issue

[trwdesigns]

So, it happened. I've been using WHM and CPanel for years like everyone else, and someone has finally blown my damn mind. Here are the bullet points -- sweet jesus do I hope there are some creative souls out there!

• User has a WP site at example.com. That site is informational and needs no SSL.
• User requested a separate CPanel account at my.example.com because the WP redirection of example.com was interfering with the PHP system he was creating in terms of subdomains (see below).
  
• User's site at my.example.com hosts a multi-account php system.
• User's PHP system, when creating a new account, uses CPanel API to log into example.com and add a CNAME record, creating user1.example.com, user2.example.com, user3.example.com.
• Each of these dynamically created subdomains simply loads my.example.com but with a custom subdomain for his web app's users. I can see how the custom name could be a selling point for his customers.
• Now, the fun part. Are you ready? User buys a wildcard SSL cert from Comodo and tries to install it on two different CPanel accounts, citing that the cert was intended for *.example.com.

Obviously, we all know that you can't install one certificate on two different accounts.

He installed the wildcard cert on example.com, and I thought that it would at least allow his users to use https at user1.example.com and user2.example.com. But it doesn't.

Is that because the CNAME records are pointing to a different CPanel account??

Anyone every tried to wildcard SSL a dynamically created set of subdomains?

Thanks!

*Mind Blown* (smoke)

 

[cPanelMichael]

Hello

The following document answers this question:

SSL FAQ and Troubleshooting - Documentation - cPanel Documentation

In particular:

A wildcard certificate allows you to install the same certificate on any number of subdomains if they share an IP address. You can apply a wildcard certificate to services in WHM’s Manage Service SSL Certificates interface(Home >> Service Configuration >> Manage Service SSL Certificates).

• For example, you can use a wildcard certificate for *.example.com to securely connect to mail.example.com and www.example.com, but not to example.com.
• The root user may install a wildcard certificate on a collection of subdomains that are associated with a single root domain on multiple IP addresses. If this configuration uses multiple IP addresses, a user on the server must not own the root domain.

What is the difference between a wildcard and a webserver certificate?
Webserver certificates only allow you to secure a single domain. Wildcard certificates allow you to secure a domain and an unlimited number of subdomains. For example, if you wish to secure store.example.com and blog.example.com, you can use a single wildcard certificate to do so. However, each subdomain requires its own dedicated IP address.

Does this help to answer your question?

Thank you.

 

[Bradley Greenwood]

Is the documentation implying that this is simply not possible with cPanel / WHM?

@trwdesigns How did you get around this in the end?

 

[storminternet]

Have you assigned different IP address to subdomain on which you need separate ssl.
If you have assigned different IP address to each subdomain in virtual host and change it's IP in dns zone editor
then it should be accessible at it's own ssl.

 

[cPanelMichael]

He installed the wildcard cert on example.com, and I thought that it would at least allow his users to use https at user1.example.com and user2.example.com. But it doesn't.

Could you verify if the user has tried installing the wildcard SSL certificate for each individual subdomain (using the same certificate)?

Thank you.