Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Enabling SNI support for Addon domains using Include Editor

Discussion in 'General Discussion' started by tdubs, May 7, 2013.

  1. tdubs

    tdubs Registered

    Joined:
    May 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi CPanel/WHM community,

    I have a quick question. I'm trying to secure multiple addon domains that are pointing to one server and one IP address using SNI. While it's not yet supported by CPanel, it is supported by the version of Apache that I am running.

    Is it possible to add virtual hosts using the Include Editor for Apache?

    I found this guide, Using Multiple SSL Certificates in Apache with One IP Address, but I'm not sure if its as easy as typing...

    Code:
    <NameVirtualHost *:443>

<VirtualHost *:443>
ServerName www.yoursite.com
DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile /path/to/www_yoursite_com.crt
SSLCertificateKeyFile /path/to/www_yoursite_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>

<VirtualHost *:443>
ServerName www.yoursite2.com
DocumentRoot /var/www/site2
SSLEngine on
SSLCertificateFile /path/to/www_yoursite2_com.crt
SSLCertificateKeyFile /path/to/www_yoursite2_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>
    ...for my domains.

    Is securing multiple domains through SNI even possible using the Include Editor?

    - - - Updated - - -

    And I should have said:

    "I'm not sure if its as easy as typing into the Include Editor box"...
     
    #1 tdubs, May 7, 2013
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Which one are you running?

    The docs might be helpful to you:
    Include Editor - cPanel Documentation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Infopro, May 7, 2013
  3. tdubs

    tdubs Registered

    Joined:
    May 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'm running WHM 11.36.1 build 5 and cPanel 11 that is optimized for a VPS. My hosting provider said that my version of cPanel does not yet support SNI.

    - - - Updated - - -

    I've read the docs. Is it as simple as entering the following text into either the Pre or Post VirtualHost? These are just example domains.

    Code:
    <NameVirtualHost *:443>

<VirtualHost *:443>
 ServerName www.yoursite.com
 DocumentRoot /var/www/site
 SSLEngine on
 SSLCertificateFile /path/to/www_yoursite_com.crt
 SSLCertificateKeyFile /path/to/www_yoursite_com.key
 SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>

<VirtualHost *:443>
 ServerName www.yoursite2.com
 DocumentRoot /var/www/site2
 SSLEngine on
 SSLCertificateFile /path/to/www_yoursite2_com.crt
 SSLCertificateKeyFile /path/to/www_yoursite2_com.key
 SSLCertificateChainFile /path/to/DigiCertCA.crt
</Virtual Host>
     
    #3 tdubs, May 7, 2013
  4. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 robb3369, May 7, 2013
  5. tdubs

    tdubs Registered

    Joined:
    May 7, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    I'm not a server administrator, so excuse my naivete, but if Apache supports SNI and WHM + cPanel does not support SNI, then I can still run SNI on the server, I just can't configure and control it from WHM or cPanel, correct?
     
    #5 tdubs, May 7, 2013
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    You are correct that you can do things manually to get SNI working. If you have access to the Apache configuration file, that tells me you have root access to the server. I strongly encourage you to upgrade to cPanel & WHM 11.38 to get SNI support. This way you can get SNI working in a method that is compatible with cPanel & WHM, and can be managed using the SSL Management interfaces we provide.

    Whether you do this manually, or upgrade to cPanel & WHM 11.38, you will also need to be using CentOS 6, RHEL 6, or CloudLinux 6 for SNI to function. While Apache has long supported SNI, the OpenSSL library has not. The version of the OpenSSL library provided on older versions of CentOS, CloudLinux, and RHEL, do not support SNI.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelKenneth, May 10, 2013
  7. rogerw

    rogerw Member

    Joined:
    Feb 21, 2012
    Messages:
    22
    Likes Received:
    3
    Trophy Points:
    53
    cPanel Access Level:
    Website Owner
    I am on WHM 11.38.7 right now and SNI is NOT supported

    Error message says:

    "Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate."

    Does anyone have a fix? (Or did WHM 11.38.7 not yet include SNI support?)
    Thanks
     
    #7 rogerw, Sep 26, 2013
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    What OS are you using? You can check this with a command such as:

    Code:
    cat /etc/redhat-release
    Keep in mind that CentOS 6, RHEL 6, or Cloud Linux 6 is required for native SNI support.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelMichael, Sep 26, 2013
  9. Metro2

    Metro2 Well-Known Member

    Joined:
    May 24, 2006
    Messages:
    408
    Likes Received:
    20
    Trophy Points:
    168
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Just ran across this thread as I received a request from a client to add SSL cert to a subdomain for him and I'm checking into options.

    I'm running cPanel 11.40.1.8 on Red Hat Enterprise Linux Server release 5.10 (Tikanga) 64 bit and I get the same message as rogerw.

    "Your server does not support SNI, so all of your SSL websites must use the same SSL certificate. An update to the certificate on an existing SSL website will affect all of your SSL websites, and new SSL websites must use the currently installed certificate."

    Surprisingly I've never been asked about SSL on a subdomain before so I'm just checking into this today and this was the first thread I turned up that looked relevant.

    Would SNI make it possible to use the same certificate for a subdomain that is used on the main domain (for instance - if "example.com" has an SSL cert installed, would SNI make it possible for me to use that same cert for "newfolder.example.com" ? )
     
    #9 Metro2, Jan 7, 2014
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    No, SNI would allow you to install multiple certificates on a single IP address. RHEL 5 does not support SNI, so you would have to upgrade to RHEL 6 or CentOS 6. You would still need a separate certificate for the subdomain, or a certificate that works for multiple domain names.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 cPanelMichael, Jan 7, 2014
  11. Mangoose

    Mangoose Active Member

    Joined:
    Aug 5, 2014
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I think if I may the question is " How do you enable SNI support..." . I for instance am not at all helped with this answer. I would like to know HOW TO if you already have WHM 11.444.1 (build 19) running on CENTOS 6.6 x86_64 as your VPS. HOW TO... install multiple SSL's on one IP.
    That is what I want to know. The prerequisites are already familiar to me an others by now. Where in WHM / cPanel should I be to make SNI work for me ? What files should I amend and how do I amend them in WHM / cPanel or via SSH terminal command prompt.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 Mangoose, Nov 4, 2014
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You do not have to enable it, as it's natively supported. You can simply install a SSL certificate for multiple domain names on the same IP address the same way you normally install SSL certificates.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelMichael, Nov 4, 2014
  13. phillbooth

    phillbooth Active Member

    Joined:
    Sep 9, 2013
    Messages:
    41
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hello were you able to do this as I have the exact same problem? thx
     
    #13 phillbooth, Nov 6, 2014
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,367
    Likes Received:
    1,857
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Feel free to let us know if you encounter any problems when attempting to install the certificates.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #14 cPanelMichael, Nov 6, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Enabling support Addon
  1. bouvrie

    SOLVED Enabling IPv6 support on subdomains?

    bouvrie, Aug 31, 2017, in forum: Bind/DNS/Nameserver
    Replies:
    2
    Views:
    511
    bouvrie
    Sep 4, 2017
  2. srikanthnavaneetam

    Enabling SMTP for individual cPanel account

    srikanthnavaneetam, Jul 25, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    93
    cPanelMichael
    Jul 26, 2018
  3. the_Dsigner

    Enabling SSH for cPanel Account Not Working

    the_Dsigner, Jun 6, 2018, in forum: General Discussion
    Replies:
    10
    Views:
    135
    cPanelMichael
    Jun 8, 2018
  4. meeven

    Questions about enabling mod_security

    meeven, May 22, 2018, in forum: Security
    Replies:
    4
    Views:
    182
    cPanelMichael
    Jul 26, 2018
  5. Railander

    Enabling DKIM for root account

    Railander, Apr 24, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    166
    Railander
    Apr 24, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice