ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
Is is important to add SSL certificate for Hostname (server.domain.com) to secure my server?
I know there is a free cPanel-signed SSL certificate for hostname but for some reasons I don't want to use any SSL for my hostname.

A real example: WHOIS company is not using SSL for their hostname
You can check their cpanel to make sure of that (- Removed -)
That is mean their server is not secure?
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
Having an SSL installed on the hostname for services which run off the hostname (cPanel services, Dovecot, Exim and FTP) allows you to access these services securely. There's really no reason not to install a certificate on the hostname that I'm aware of. What are the reasons you'd like to refrain from doing so?
 

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
Having an SSL installed on the hostname for services which run off the hostname (cPanel services, Dovecot, Exim and FTP) allows you to access these services securely. There's really no reason not to install a certificate on the hostname that I'm aware of. What are the reasons you'd like to refrain from doing so?
Because I disabled this option: Tweak Settings >> Security >> Require SSL for cPanel Services >> Off
Because I need all my clients to be redirected to their origin domain when they access their cPanel and if they don't have SSL, I don't want them to see "X" cross off line on their (https)
https cross.png

That's why I don't want to use SSL on my hostname
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
That is unrelated to whether or not the hostname should be secured with a certificate. The full text of the setting makes it more clear how it works:

Require SSL for cPanel Services
This option forces the server to redirect unencrypted cPanel, Webmail, WHM, and DAV requests to secure ports according to the SSL redirection settings. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is enabled, the system will redirect to the best matched certificate for the domain. If “Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs” is disabled, the system will redirect to the https:// URL for the domain, even if no valid certificate exists for the domain.
If this is disabled, regardless of having a certificate when accessing cPanel through non-secure ports they will be not be redirected to SSL and therefore not receive the X you're referencing. If they don't have SSL but attempt to access the server through SSL whether or not you have an SSL installed for the hostname they will receive that red X.
 

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
If this is disabled, regardless of having a certificate when accessing cPanel through non-secure ports they will be not be redirected to SSL and therefore not receive the X you're referencing. If they don't have SSL but attempt to access the server through SSL whether or not you have an SSL installed for the hostname they will receive that red X.
Correct, but if my client doesn't have SSL so when he tries to access his cPanel, he will just type (domain.com/cpanel) and will not type (https://domain.com/cpanel) .. so he will not see the red X
 

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
Whether or not there is a certificate on the hostname this will function like this.
What if I allowed the free cPanel SSL to be installed automatic using the following option
Tweak Settings: Domain >> Replace service SSL certificates that do not match the local hostname >> On
But disabled the redirection to (https): Tweak Settings >> Security >> Require SSL for cPanel Services >> Off

Do you think the server and cPanel services will be secured? :)
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
What if I allowed the free cPanel SSL to be installed automatic using the following option
Tweak Settings: Domain >> Replace service SSL certificates that do not match the local hostname >> On
This has nothing to do with whether or not the free SSL for cPanel services will be installed or provisioned - this setting controls whether or not a new SSL will be provisioned in the event an SSL is installed for cPanel services which does not match the hostname.

But disabled the redirection to (https): Tweak Settings >> Security >> Require SSL for cPanel Services >> Off
This would allow cPanel to be accessed insecurely but would also allow for access over https.
 
  • Like
Reactions: ImperialTrader

ImperialTrader

Well-Known Member
Aug 31, 2014
174
20
68
Egypt
cPanel Access Level
Root Administrator
This has nothing to do with whether or not the free SSL for cPanel services will be installed or provisioned - this setting controls whether or not a new SSL will be provisioned in the event an SSL is installed for cPanel services which does not match the hostname.

This would allow cPanel to be accessed insecurely but would also allow for access over https.
Thank you :)
 
  • Like
Reactions: cPanelLauren