The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

https login instead of http?

Discussion in 'General Discussion' started by roax66, May 24, 2004.

  1. roax66

    roax66 Well-Known Member

    Joined:
    Jan 21, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
  2. sford999

    sford999 Member

    Joined:
    Apr 20, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
  3. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    Hi,

    Usually I'll ask clients to use this links:
    https://IPADDRESS:2083 for secure login to cPanel

    https://IPADDRESS:2087 for secure WHM (Reseller)

    https://IPADDRESS:2096 for secure WebMail Access.

    You can also replace the IPADDRESS with the real domain name too.

    Rgds,
    Vincent Kam
    http://www.eazistore.com
     
  4. roax66

    roax66 Well-Known Member

    Joined:
    Jan 21, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
    Many thanks for your help. Using :2083 & :2087 for secure cPanel & WHM respectively works fine for me.

    But when I login into WHM using secure mode and click "List accounts" link, the links to the respective accounts are using nonsecure :2082. Is it possible to configure these links to use secure :2083?
     
  5. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    List Account Links

    Hi again roax66,

    When you access to WHM and click List Account, the clickable DOMAIN will point you directly to their website and not to their cPanel.

    If you want to access to your clients cPanel, you can type:
    USER ID: their ID
    PASSWORD: your root password

    I am not too sure if I answer your answer correctly.

    Rgds,
    Vincent Kam
    http://www.eazistore.com/
     
  6. roax66

    roax66 Well-Known Member

    Joined:
    Jan 21, 2004
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    6
  7. dgaussin

    dgaussin Registered

    Joined:
    Mar 22, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Re: Re: https login instead of http?

    But if I use IPADDRESS in https link I have an secure alert because I don't use the domain name..

    I have a reseller account, and I can't use any other domain name without to have this alert about security. I ask to my host if I can use my SSL cert but they said WHM can use only one SSL cert... Right ?

    Thanks,
    David.
     
  8. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    If you have root access to WHM go to Tweak Settings page and select (down at the bottom of the list):

    "When users access /cpanel or /whm or /webmail on their domain redirect them to the https(ssl) port instead of the insecure one".

    If no root access then ask your provider to set this setting for you and all their clients. This really should be made the default by cPanel.

    Then there is no need to have to tell clients to use secure login it should redirect them to the respective secure port for login. Give it a try.

    http://domain.tld/whm redirects to https://domain.tld/whm

    http://domainip/whm redirects to https://domainip/whm

    http://domain.tld:2086 does not redirect to https://domain.tld:2087
    These port defined urls are a manual form of sending the address and have no need for a redirection.

    The search feature of this forum is truly your friend.
    HTH
     
  9. alex042

    alex042 Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    I don't think making secure port a standard is a good idea. We've had more problems with using the secure port than standard port. For one, all cpanel secure ports are blocked by the corporate firewall I sit behind, and for another, the annoying ssl popup window got to be annoying for some people, so it was easier to disable forcing ssl and let customers choose which one to use.
     
  10. dgaussin

    dgaussin Registered

    Joined:
    Mar 22, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    "The annoying ssl popup window got to be annoying for some people" is a real problem indeed. It's because that I would like to use my own SSL cert. I'm afraid to ask my customers to login a control panel with http, it's too easy to catch the pwd..

    David.
     
  11. alex042

    alex042 Well-Known Member

    Joined:
    Sep 13, 2003
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    Typically its easier to have people login to theirdomain.com, but unless they have a cert, they're going to get that popup. About the only way around that is to sent them to another domain on the server with a cert, like the server.doman.com which can be confusing to some people. Without using ssl, they can log into their own domain without the popups.
     
  12. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    I agree with you here alex042,

    Most of corporate clients have a firewall within their server.
    They cannot access to https://domain.com:2087

    Unless they user is allow to use a TELNET to open their port to allow access to port 2087 or 2083 and even 8443

    Rgds,
    Vincent Kam
    http://www.eazistore.com/
     
  13. poppyq

    poppyq Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austin, TX
    What it should do when SSL only is enabled is to redirect to your server domain (with the valid certificate) and have them login with their info. They'll still login to their account and everything, but it'll accept the SSL cert by default since the domain will match across the board. Should be an option when enabling forced ssl to redirect to server domain.
     
Loading...

Share This Page