The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to: install chained SSL to work WHM/Cpanel, exim, courier.

Discussion in 'General Discussion' started by hekri, Jan 31, 2007.

  1. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    Hello

    I read many topics on the forum but i dont find all on one thread.

    If you buy low cost SSL that have cabundle file you can install it propertly to work with WHM, cPanel, smtp-ssl, pop3-ssl, imap-ssl and it will work od 99% explorers and email clients.

    You should have key, SSL cert and cabundle.

    First step go to the WHM/SSL/TLS/Change Server Certificates and install it.

    Next go to the SSH root login:

    cd /usr/local/cpanel/etc/
    vi mycpanel.pem and delete key, cert and put manually key, certificate, cabundle
    vi cpanel.pem and delete key, cert and put manually key, certificate, cabundle
    vi mycpanel.cabundle delete cabundle and put it manually

    service cpanel restart

    cd /usr/lib/courier-imap/etc
    vi pop3d-ssl

    And change:
    TLS_CERTFILE=/usr/lib/courier-imap/share/pop3d.pem

    to:
    TLS_CERTFILE=/usr/local/cpanel/etc/cpanel.pem
    TLS_TRUSTCERTS=/usr/local/cpanel/etc/mycpanel.cabundle

    the same change in imapd-ssl

    service courier-imap restart

    copy cpanel.pem to the /etc/ssl/private/pure-ftpd.pem and restart pure-ftpd

    next go to the /etc

    vi exim.crt, delete cert and put manualy certificate and cabundle
    vi exim.key delete key and put manually key

    service exim restart


    And you hav fully working low cost SSL certificate :)


    key words:
    cpanel ssl
    ssl exim
    ssl courier
    chained ssl
    ssl install whm
    install ssl
     
  2. cyo

    cyo Active Member

    Joined:
    Oct 26, 2001
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thank you this is what I was looking for.
     
  3. camay123

    camay123 Registered

    Joined:
    Jan 23, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Is that what needs to be donbe if you want to have /whm , /cpanel url access using https ?

    Im trying to find on which of my domain should I install a certificate in order for :

    https://mydomain.com/whm or /cpanel to login using ssl.

    Thanks
     
  4. gitlca

    gitlca Registered

    Joined:
    Dec 10, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Thanks! This worked for me after spending countless hours figuring out why my WHM cert would work fine in IE but Firefox wouldnt follow the CA bundle and kept giving validation errors.

    Appreciate the post!
     
  5. PeteC

    PeteC Well-Known Member

    Joined:
    May 8, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    This is a helpful post. However, in my experience, there is no longer any need to do this in recent versions of cPanel:

    vi mycpanel.pem and delete key, cert and put manually key, certificate, cabundle
    vi mycpanel.cabundle delete cabundle and put it manually

    Someone please correct me if I'm wrong, but I do not think cPanel uses mycpanel.pem and mycpanel.cabundle files any longer.
     
  6. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    This is all handled for you now in WHM's service certificate manager in whm. (in EDGE & CURRENT)
     
  7. norelidd

    norelidd Well-Known Member

    Joined:
    Jan 15, 2007
    Messages:
    173
    Likes Received:
    1
    Trophy Points:
    18
    So in order to secure, /whm, /cpanel, and email for ALL of my domains, I only need to buy one ssl cert for server.mainhostdomain.com?
     
  8. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    You can buy just one.

    They will still be secure without the cert though. You will just get a warning that the crt is not trusted.
     
  9. norelidd

    norelidd Well-Known Member

    Joined:
    Jan 15, 2007
    Messages:
    173
    Likes Received:
    1
    Trophy Points:
    18
    I understand that it's still secure, I'm just looking to get outlook to stop bothering me and my clients every time we check our mail :)

    I have never worked with SSL before. Would I purchase the cert for the main domain (serverdomain.com) or the server's hostname (server.serverdomain.com)?
     
  10. orware

    orware Member

    Joined:
    Jul 27, 2005
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Hostname I believe

    I believe it would be the Hostname, since that's the actual name of the server, but I've never done this before so I think somebody who has should reply with a confirmation :).

    -Omar
     
  11. PeteC

    PeteC Well-Known Member

    Joined:
    May 8, 2003
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    Yes, purchase it for the server's hostname.
     
  12. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    I'm trying to get all this setup, but I don't have this file? My cert seem fine and I did not get a cabundle with it.
    What to use for the TLS_TRUSTCERTS=?
    TLS_TRUSTCERTS=/usr/local/cpanel/etc/mycpanel.cabundle

    I'm getting this in Outlook
    The server you are connecting to is using a security cert that cannot be verified.
    The certificate's CN name does not match the passed value

    This cert seems fine on cpanel and whm.
     
    #12 bornonline, May 6, 2007
    Last edited: May 6, 2007
  13. orware

    orware Member

    Joined:
    Jul 27, 2005
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Where to buy?

    Hi, I was just wondering...where would I buy an SSL certificate that comes with a CA Bundle?

    Or they all come with one?

    I've only done the SSL stuff a few times and I always wondered about that SSL issue with cPanel and IE (especially IE7 which really makes it look like the page did not load unless you read the words).

    Thanks!

    -Omar
     
  14. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    As far as I know, they all do. I know GoDaddy SSL certs come with a CA bundle.
     
  15. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    I can tell you that the rapid ssl cert I got through namecheap from Geotrust does not come with the bundle. That is why I asked the question above. Everything seems fine I think...lol
     
  16. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    --> First step go to the WHM/SSL/TLS/Change Server Certificates and install it.


    My version of WHM does not have this option...
     
  17. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth

    I have none of those files at that location
     
  18. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    cPanel 11 series
    /var/cpanel/ssl
     
  19. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    Thanks... I will look there however when I ran locate *.pem I get no files found still.
     
  20. PCZero

    PCZero Well-Known Member

    Joined:
    Dec 13, 2003
    Messages:
    526
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Earth
    OK folks I got this all done by figuring out the correct files and paths in cPanel11. Works great now. However I did NOT do anything with the FTP part...


    #
    # copy cpanel.pem to the /etc/ssl/private/pure-ftpd.pem and restart pure-ftpd
    #


    When I went to that location, ls returned this...


    #
    #ftpd-rsa-key.pem -> /var/cpanel/ssl/ftp/ftpd-rsa-key.pem
    #ftpd-rsa.pem -> /var/cpanel/ssl/ftp/ftpd-rsa.pem
    #pure-ftpd.pem -> /var/cpanel/ssl/ftp/pure-ftpd.pem
    #


    I can make the change to the /var/cpanel/ssl/ftp/pure-ftpd.pem file but do I need to do anything with the rsa files as well?


    Thanks...
     
Loading...

Share This Page