Dynamic Subdomain SSL Issue

trwdesigns

Registered
Jan 26, 2016
1
0
1
Las Vegas, NV
cPanel Access Level
Root Administrator
So, it happened. I've been using WHM and CPanel for years like everyone else, and someone has finally blown my damn mind. Here are the bullet points -- sweet jesus do I hope there are some creative souls out there! :)

  • User has a WP site at example.com. That site is informational and needs no SSL.
  • User requested a separate CPanel account at my.example.com because the WP redirection of example.com was interfering with the PHP system he was creating in terms of subdomains (see below).
  • User's site at my.example.com hosts a multi-account php system.
  • User's PHP system, when creating a new account, uses CPanel API to log into example.com and add a CNAME record, creating user1.example.com, user2.example.com, user3.example.com.
  • Each of these dynamically created subdomains simply loads my.example.com but with a custom subdomain for his web app's users. I can see how the custom name could be a selling point for his customers.
  • Now, the fun part. Are you ready? User buys a wildcard SSL cert from Comodo and tries to install it on two different CPanel accounts, citing that the cert was intended for *.example.com.
Obviously, we all know that you can't install one certificate on two different accounts.

He installed the wildcard cert on example.com, and I thought that it would at least allow his users to use https at user1.example.com and user2.example.com. But it doesn't.

Is that because the CNAME records are pointing to a different CPanel account??

Anyone every tried to wildcard SSL a dynamically created set of subdomains?

Thanks!

*Mind Blown* (smoke)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

The following document answers this question:

SSL FAQ and Troubleshooting - Documentation - cPanel Documentation

In particular:

A wildcard certificate allows you to install the same certificate on any number of subdomains if they share an IP address. You can apply a wildcard certificate to services in WHM’s Manage Service SSL Certificates interface(Home >> Service Configuration >> Manage Service SSL Certificates).
  • For example, you can use a wildcard certificate for *.example.com to securely connect to mail.example.com and www.example.com, but not to example.com.
  • The root user may install a wildcard certificate on a collection of subdomains that are associated with a single root domain on multiple IP addresses. If this configuration uses multiple IP addresses, a user on the server must not own the root domain.
What is the difference between a wildcard and a webserver certificate?
Webserver certificates only allow you to secure a single domain. Wildcard certificates allow you to secure a domain and an unlimited number of subdomains. For example, if you wish to secure store.example.com and blog.example.com, you can use a single wildcard certificate to do so. However, each subdomain requires its own dedicated IP address.
Does this help to answer your question?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
He installed the wildcard cert on example.com, and I thought that it would at least allow his users to use https at user1.example.com and user2.example.com. But it doesn't.
Could you verify if the user has tried installing the wildcard SSL certificate for each individual subdomain (using the same certificate)?

Thank you.