The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installing SSL Cert for cPanel/WHM Itself

Discussion in 'General Discussion' started by jonwatson, Apr 27, 2007.

  1. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    Hello,

    I am attempting to install a proper cert for WHM and cPanel. I ordered a cert in the name of server.mydomain.com and plunked it into WHM. However, browsers are still coming up with the original self-signed cert that WHM generates upon install.

    I notice that if I go to https://server.mydomain.com there are no warnings and the cert behaves as expected. However, as soon as I try to go to https://server.mydomain.com:2087 or https://server.mydomain.com/whm, the self-signed certificate warning shows up again.

    I assume from this that WHM is running on a different instance of Apache than my accounts. Is this true? And if so, how do I go about installing a certificate for WHM itself?

    Thanks!

    Jon
     
    Jeffrey Fisher likes this.
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Yes, this is true. But it isn't so much a separate instance of Apache so much as a completely separate web server.

    User installed cert and cabundle are stored in:
    /usr/local/cpanel/etc/mycpanel.pem
    /usr/local/cpanel/etc/mycpanel.cabundle


    While you will likely see the default cpanel.pem file, I would recommend you not overwrite it with your own. Just upload/copy the cert as mycpanel.pem

    Edit: in cpanel 11 they are in /var/cpanel/ssl/cpanel
     
  3. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    Hi David,

    Thanks for the quick response.

    When I create a mycpanel.pem file and paste my crt into it, I can no longer get at cPanel or WHM. Attempting to do so results in an 'unexpected error'.

    Is there anything else I need to do?

    Thanks!
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    If you purchased your license directly from us, at this time I would recommend you submit a support ticket into our ticket system so our techs can look into it for you.
     
  5. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    No, it's not yours. Didn't even know you sold them.

    OK, well, I have a 7-day return policy on it so I will return it and then buy one from you :)

    Edit: Ergh..how do I buy a cert from you?
     
    #5 jonwatson, Apr 27, 2007
    Last edited: Apr 27, 2007
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I meant the cPanel License, not the cert. Sorry for the confusion.

    You should contact whoever you purchased your cPanel license from. At the worst case, your provider's techs can talk to our techs to resolve the issue.

    If you purchased your license directly from us then you can talk directly to our techs. Just login to your account on cPanel.net and submit a support ticket.

    I don't know the instructions for the various other cPanel license providers, so if you need assistance on how to submit a tsupport icket with them, you may want to drop them an e-mail.
     
  7. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    Ah, OK. Thanks!
     
  8. jonwatson

    jonwatson Well-Known Member

    Joined:
    Apr 1, 2007
    Messages:
    101
    Likes Received:
    1
    Trophy Points:
    16
    Turns out that both the crt and key have to be in that pem file. Further, it's not necessary to do it from the shell. WHM -> SSL/TLS -> Change Server Certificates.

    Neat-O easy-O.
     
  9. vmann

    vmann Member
    PartnerNOC

    Joined:
    Jun 17, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    This option appears to have been removed from WHM 11.2.0... what is the new location to change the WHM server certificates in WHM 11?
     
  10. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Its under Service Configuration => Manage Service Certificates
     
  11. holodyn

    holodyn Registered

    Joined:
    Feb 6, 2008
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    1
    Fix SSL Cert Error WHM 2087

    I've spent days finding this solution so here is the result - thanks to this thread!!

    How to Setup WHM and CPANL so clients will be redirected to a valid SSL Certificate when logging in.

    Instructions based on WHM v11.15.0

    1) Purchase / Install the Certificate for your fully qualified domain (ie: server.domain.com)

    SSL / TLS >> Install a SSL Certificate and Setup the Domain

    2) Test your new CERT

    https://server.domain.com/
    should resolve and the cert should function properly before moving forward.

    https://server.domain.com:2087/
    should be giving you an invalid certificate error

    3) Install the CERT for the WHM and CPANEL Service (this is the step you don't think about!!)

    Service Configuration >> Manage Service SSL Certificates
    > Select "Install New Certificate" for the "cPanel/WHM/Webmail Service"
    > Select Domain this CRT is for "Browse"
    > Pick the full server cert you installed "server.domain.com"
    > Press "Submit" to install

    4) Test your Service Certificate

    https://server.domain.com:2087/
    should now be working !! WHOOOO

    ** Once your done, you may choose to install the same cert for your SMTP, POP, and FTP accounts so that the option is available and functioning properly

    !! DONE - CONGRATS - You are the Winner !!

    Error with SSL and Port 2087
    Error with SSL and Port 2083
    Error with WHM SSL
    Error with CPANEL SSL
     
    Jeffrey Fisher likes this.
  12. bradandersen

    bradandersen Active Member

    Joined:
    Oct 6, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    CPanel/WHM SSL Certificate (valid trusted)

    Okay,

    So you have a server and you want to put a valid SSL certificate on it so when users go to /cpanel or /whm they don't get an annoying warning. Here are two methods depending on how big your server farm is:

    *You only have one server (e.g. www.domain.com & server.domain.com and they are the same box)
    -First & foremost Generate a SSL Certificate & Signing Request
    -Enter all of the info and press Create
    -Copy they CSR (Certificate Signing Request) and paste it into the request in the next step.
    -Get your SSL certificate (www.godaddy.com is the cheapest by far)
    -Install it on your regular webhosting domain (www.domain.com)
    -SSL/TLS -> Install a SSL Certificate and Setup the Domain -> Type your domain (make sure it is www.domain.com)
    -Paste your .crt file and CA Bundle that you received from your SSL certificate provider
    -Now install it on your various services (Service Configuration -> Manage Service Certificates)
    -Install the new certificate for each service (simply enter the domain www.domain.com (tab) and it will auto load the certificate that is already on the server)

    -Now for the magic (Networking Setup -> Hostname)
    -Change this to www.domain.com (not server.domain.com)
    -Now when you got to /cpanel or /whm you will be redirected to www.domain.com:xxxx instead of server.domain.com/xxxx and the certificate will be valid.
    -Reboot the server


    *If you have multiple servers then you will need a global certificate (e.g. *.domain.com) or a cert that allows multiple server names (e.g. www1.domain.com, www2.domain.com, www3.domain.com).
    -Simply follow the rules above but each server cannot have the same hostname and you must match the proper certificate to the proper hostname.
    -If you have multiple servers I will assume that you are intelligent enough to understand that last statement - if not, please contact me.

    Good luck,
    Brad
     
  13. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Reboot was required...

    I followed holodyn's advice and it didn't work until the server was rebooted... Not sure why, but it worked after a full reboot.

    Now to get rid of the port numbers... and go straight port 443... :eek:
     
  14. natong

    natong Well-Known Member

    Joined:
    May 17, 2008
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    I faced the same problem. I spent 20 hrs. to fix and found this article is very usefull.

    It does work!!!!

    - Go to Service Configuration >> Manage Service SSL Certificates


    WHM not allow to change to www.domain.com
     
    #14 natong, May 30, 2008
    Last edited: May 30, 2008
  15. atechstl

    atechstl Registered

    Joined:
    Jun 18, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Festus, MO
    Great instructions. They worked as intended. My question is if I apply this to POP3, SMTP, IMAP, and FTP, it will only apply for server.domain.com. What about all the hosts on this server? They use these protocols but they use mail.theirdomain.com as an example. If they enabled SSL for to POP3 and SMTP, this wouldn't work would it?
     
Loading...

Share This Page