The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installing a SSL Cert

Discussion in 'General Discussion' started by mixx941, Jan 29, 2004.

  1. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Hello everyone....

    I have a user who wants me to make a CSR and then install their cert.

    I've heard that I need to get the account on a dedicated IP address, and change it to an "ip based" account for the cert to work.

    I know how to change the site's IP to a dedicated one....but not the rest.

    I'm wondering how I can do all this correctly with no downtime for the user.

    Also, if there's anything else I need to do for a cheap SSL to work, please let me know. I believe they will be ordering from Freessl....

    Thanks in advance.
     
    #1 mixx941, Jan 29, 2004
    Last edited: Jan 29, 2004
  2. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    I'm no expert but I found this post while attempting to learn how to clean up all my extra crt/keys on my server

    I searched for clean+SSL

    http://forums.cpanel.net/showthread.php?s=&threadid=8889&highlight=clean+ssl

    It's what I used to install my certificate and it worked great for me :)

    I bought a FreeSSL cert myself - was very pleased at how quick it was to get (but I was buying it for a domain I own - sounds like you'll be buying it on their behalf)

    I'd suggest one of two things for you:
    1. Let them buy it and send you the information or
    2. have them list you as their tech contact for their domain in order that you can purchase it (all SSL sellers check to ensure you are authorized to purchase the SSL certificate on behalf of the domain it's being purchased for)

    One word of caution here - once you've generated the signing request in WHM - STOP - Don't do anything else until you have the certificate to install! I ended up with 40 crt and key combos and couldn't remember which one was which
    (When you Generate an SSL certificate and signing request in WHM, it sets up the KEY that matches the CERTIFICATE REQUEST you give to the seller of the certificate - that KEY will only work with that certificate - learned the hard way)

    Hope all this helps and doesn't just confuse you... ;)
     
    #2 osfdeath, Jan 29, 2004
    Last edited: Jan 29, 2004
  3. cortices

    cortices Well-Known Member

    Joined:
    Mar 10, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Dallas, TX
    Well, basically you are right. The site must be on a dedicated IP. There's no easy way to avoid the downtime, but it should be pretty minimal. You'll just have to wait for other DNS servers' cache to expire before the updated IP is available.

    Other than that, you just have to generate the CSR, then the customer can submit it to the SSL provider and purchase the certificate. You will generally have to approve the SSL certificate before it is issued. After that, just install it with WHM and that should be it.
     
  4. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for your replies. Just a few questions based on your replies:

    1) Does the option in WHM "Change A Site's IP Address" make it a "dedicated" ip address, or is there something else I need to do?

    2) I should change the IP address before I generate the CSR correct?

    3) They will be purchasing it themselves, so how would I "Confirm" it?

    4) When you say "STOP - DONT DO ANYTHING ELSE" you mean related to SSL certs, or ANY other WHM functions?

    Thanks
     
  5. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    1. You will have to assign them a free IP. In WHM goto Add DNS Zone and enter the IP and the domain they are going to secure (Note: if their domain is domain.com and they want to secure sercure.domain.com - that's what you have to enter)
    It will take a little time for it to propogate through but once it does, you should be able to get to it by http://secure.domain.com or http://domain.com/secure
    Once the certificate is installed, using https://secure.domain.com

    2. If the IP is already setup when you get the certificate, it'll be ready for SSL connnections - so I would set it up soonest.

    3. You won't need to confirm it. If you look at the whois for the domain, they would be listed as Admin, Tech, Billing contacts - so you really have nothing to do with it if they're getting it themselves - just have them forward you the information once they get it.

    4. No not in whm - just don't generate any more requests or do anything else with the SSL stuff ;)
     
  6. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Regarding #1:

    Is "Add DNS Zone" just like "Change IP address of a site"? Would that work as well?

    Also, they want to secure "www.domain.com". I would enter "www.domain.com" in the domain area of the DNS Zone correct? That will secure "https://www.domain.com/anything" right?

    The IPs are already setup...although now I guess I"ll have to order more since this is using up an unplanned one :D.

    Thanks in advance
     
  7. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Ya you have to assign one IP to that certificate

    No you have to use the Add DNS and add the zone

    You want the whole domain to be in the SSL?
    Then you'd have them get the Cert for "domain.com"
    www.domain.com and domain.com ARE NOT the same thing :)

    I'd suggest getting it for domain.com
    Then the URL would be https://domain.com/anything
     
  8. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    If it was ME, I'd get "https://secure.domain.com" but I guess they dont want it like that.

    So I should advise them to get it for https://domain.com instead of https://www.domain.com?

    They mentioned they wanted https://www.domain.com, so as long as that will work, then I think they still want that.

    Thanks for all your help in advance.

    P.S. One more quick question. I'm going to offer a dedicated IP as an addon service for my web hosting. Obviously I would select that as their IP when creating the account, but would I click the "IP" Checkbox when creating the account, and what is the proper method for making someone have their own dedicated IP address after the account is active?
     
  9. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    ya the "www" in a URL is actually a subdomain for a site

    http://www.domain.com isn't the same as http://domain.com
    When you create a virtual account in WHM, it automatically adds the "subdomain" forward for the www part for you.
    That's why they look the same - of course I'm pretty new at all this so I'm speaking the way I see things - I could be wrong and there may be more expert opinions out there.

    For clarification - the Certificate has to have its own dedicated IP - I dont think you can give them an IP for their domain and have the Certificate share the same IP
    You could assign them a dedicated IP for the certificate and let them use your shared IP (default IP for your hosting company kind of thing)
    Again - other opinions may be out there

    I'd tell them that their secure area will be
    https://domain.com/secure files here
    It can be subdirectories or single pages - doesn't matter
    Using https://www.domain.com would still be secure pages but you'll get a Security Warning popup box
    It depends on what you register I guess
    I'd stick with domain.com for ease as the www part is a subdomain (as described above)
    Then again, I don't see why you couldnt register www.domain.com and use https://www.domain.com
    I'm honestly not sure if it'd work - someone else have a say on the subject?
     
  10. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Actually, as long as the site has a dedicated IP you don't need a seperate IP for a certificate.
     
  11. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    So let me clarify before I email my customer back....

    They really want https://www.domain.com/whatever, so could I enter that as the domain for the DNS Entry when giving them their dedicated IP, and www.domain.com for the host to generate the CSR?

    Thanks
     
  12. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Kewl - wasn't sure about that :)

    I'm not sure about the www - I was told NOT to use it
    I know not using it has worked for me - so i can only offer my experience of what's been successful for me - I sugggest you not use it and stick to domain.com/whatever
     
  13. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Okay, so let me clarify finally now.

    I told them that, and they changed their mind, they now want "https://secure.domain.com"

    So in the "Add DNS Zone" I would put in the new IP, and put in "secure.domain.com" for the domain?

    Then, I would wait how long for it to propogate before generating the CSR?

    Thanks in advance.
     
  14. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Correct

    You don't have to wait to generate the request
    Just ensure you copy the the key to a text pad (even though it'll send you emails with the info, i prefer to hold onto it right away)
     
  15. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    And you might decrease the domain's TTL to minimize the possible downtime.
     
  16. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    How can I do that for the individual domain, or set it lower for everything for now?

    Thanks
     
  17. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
  18. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    If I remember correctly, when I initially setup WHM on this server I had an area in WHM where some of those same options are, and remember seeing something about TTL.

    Has that area changed around with updates to cPanel?
     
  19. mixx941

    mixx941 Well-Known Member

    Joined:
    Oct 28, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Also, would the subdomain "secure.domain.com" need to be already created and propogated (I would assume so)?

    And also, since this is just the subomain secure.domain.com, will it cause the whole site to go down until propogation, or just that subdomain?

    Thanks
     
  20. Hawk-Metal

    Hawk-Metal Registered

    Joined:
    May 1, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    Does someone know how to install OpenSSL in WHM? I have a reseller, & my website has a dedicated ip.
     
Loading...

Share This Page