Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

Forums
Forums

Quick Links
- Search Forums
- New Posts
Search titles only

Posted by Member:

Separate names with a comma.

Newer Than:

Search this thread only

Search this forum only

Display results as threads

More...

Useful Searches

Recent Posts
Resources
Resources

Quick Links
Feature Requests
Defects
Menu

Installing SSL SAN certificate

Discussion in 'Security' started by shacker23, Sep 21, 2011.

shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

We have the following setup:

Account "foo" with a primary domain and an "intranet." subdomain, both on the same IP (obviously, since that's a cPanel limitation). We have been issued an SSL SAN certificate which should cover both the domain and the subdomain (both will need https protection in places). Since they're both on the same IP, the certificate should cover both just fine.

We temporarily installed a self-signed cert on the intranet subdomain. Now we want to install the real cert so that it covers both domains.

What is the correct procedure for this?

Thanks.

#1 shacker23, Sep 21, 2011
cPanelTristan Quality Assurance Analyst Staff Member

Joined:

Oct 2, 2010

Messages:

7,608

Likes Received:

33

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator

Is an SSL SAN certificate the same as a wildcard certificate or a UCC certificate?

cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

#2 cPanelTristan, Sep 22, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Hi Tristan - Essentially, yes, though I'm no expert on this. From the FAQ:

Does this system have the capability to do Subject Alternative Name (SAN) certificates where we can use one certificate with multiple DNS hostnames per IP address?

Yes, the following types of certificates are supported [note: EV certs coming March 3, 2011]: Comodo EV SGC SSL (EV/SAN), Comodo EV Multi Domain SSL, InCommon Wildcard SSL Certificate, InCommon SSL, InCommon Intranet SSL (secure internal servers using either a full server name or a private IP address), InCommon Unified Communications Certificate (UCC/SAN), InCommon Multi Domain SSL, Corporate Secure Email Certificate.
Click to expand...

https://wikihub.berkeley.edu/display/calnet/CalNet+InCommon-Comodo+Certificate+Service

#3 shacker23, Sep 22, 2011
cPanelTristan Quality Assurance Analyst Staff Member

Joined:

Oct 2, 2010

Messages:

7,608

Likes Received:

33

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator
Does the account have a dedicated IP or it is using the shared IP? If it is a dedicated IP, simply install that new certificate in WHM > SSL/TLS > Install a SSL Certificate and Setup the Domain area.

If you wish to remove the prior certificate, you could remove it in WHM > SSL/TLS > Manage SSL Hosts area. Please ensure to have the CSR, key, crt and cabundle files before removing the existing certificate.

After installation, ensure to copy the /var/cpanel/userdata/username/domain.com_SSL file to /var/cpanel/userdata/username/intranet.domain.com_SSL location and revise as appropriate for the home directory path. After revising, you would then rebuild Apache and restart it:

Code:

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak110922 /scripts/rebuildhttpdconf /etc/init.d/httpd restart
cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

#4 cPanelTristan, Sep 22, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Thanks for this response Tristan. What I'm seeing when running rebuildhttpdconf is this:

warn [rebuildhttpdconf] Failed to resolve duplicate SSL VirtualHosts: intranet.domain.edu_SSL and domain.edu_SSL
Built /usr/local/apache/conf/httpd.conf OK

After restarting apache, the site is not available. I modified the documentroot, the homediar, the serveralias and the servername.

Any ideas there? Thanks.

#5 shacker23, Sep 22, 2011
cPanelTristan Quality Assurance Analyst Staff Member

Joined:

Oct 2, 2010

Messages:

7,608

Likes Received:

33

Trophy Points:

238

Location:

somewhere over the rainbow

cPanel Access Level:

Root Administrator

Which site is not available? Both sites or just one of them, and by not available do you mean on http or https or both? Also, do they have entries in /usr/local/apache/conf/httpd.conf for the 443?

Also, you should compare the settings in intranet.domain.edu to what you put into intranet.domain.edu_SSL to ensure they match for those options. If they do not match, revise the intranet.domain.edu_SSL to match those of intranet.domain.edu rather than what you previously used.

cPResources: Support Options | More Support Options | Forums Search | cPanel.net Site Search | Mailing Lists(Alt) | Docs
-- Tristan, Technical Analyst III, Forums Specialist, cPanel Tech Support

Submit a ticket | Check an existing ticket

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

#6 cPanelTristan, Sep 22, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Ah, I didn't look at the file intranet.domain.edu. Will follow up on this tomorrow. Thanks.

#7 shacker23, Sep 22, 2011
shacker23 Well-Known Member

Joined:

Feb 20, 2005

Messages:

263

Likes Received:

1

Trophy Points:

168

Thanks Tristan! That did the trick - had to modify both files to have unique homedirs and other identifying data, while leaving the path to the cert and key files identical. Wonderful - one cert covering two domains on the same IP, like magic.

Note for others: the rebuild step still issues the warning:

warn [rebuildhttpdconf] Failed to resolve duplicate SSL VirtualHosts: intanet.domain.edu_SSL and domain.edu_SSL

but after restarting apache, it does work just fine.

Would be nice to see WHM make this a bit easier to configure, though it's probably not a very common use case.

I appreciate your help.

./s

#8 shacker23, Sep 23, 2011
Last edited: Sep 23, 2011

(You must log in or sign up to post here.)

Loading...

Similar Threads - Installing certificate

Installing new SSL certificate

PatrickVeenstra, Feb 8, 2019, in forum: Security

Replies:

7

Views:

155

PatrickVeenstra

Feb 12, 2019
SSL redirecting after installing certificate?

Scott.gao, Oct 22, 2018, in forum: Security

Replies:

2

Views:

151

cPanelLauren

Oct 24, 2018
Problem installing SSL certificate

starofnight, Sep 28, 2018, in forum: Security

Replies:

1

Views:

725

cPanelLauren

Oct 3, 2018
Installing SSL certificates error

Nicolas2018, Jun 21, 2018, in forum: Security

Replies:

2

Views:

238

cPanelMichael

Jun 21, 2018
Confused about installing new certificate for hostname

Tearabite, Apr 12, 2018, in forum: Security

Replies:

13

Views:

479

cPanelLauren

Apr 12, 2018

Share This Page

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...

Dismiss Notice