The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please clarify - subdomain & dedicated IP for SSL

Discussion in 'General Discussion' started by Edward123, Apr 5, 2005.

  1. Edward123

    Edward123 Member

    Joined:
    Jul 13, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I have a client that wants to add ssl for a subdomain, resulting in https://secure.domainname.com. (I already have them hosted, http://www.domainname.com, with active content).

    I understand that I need to set up a subdomain (secure.domainname.com) for them, and that it needs its own IP, before I generate the CSR.

    My question is, where and by what method do I do that?

    Some of the many posts on the forums say to apply the subdomain via the account's cPanel (and then modify the DNS via WHM?) - it would seem to me that by using this method, whm would not know that the ip was allocated;

    Others say not to use the above method, but use "create new account" function in whm, entering secure.domainname.com as the "new" account and assigning the IP while there - so does this result in a subdomain under the main hosting account, or is it an entirely separate account?;

    and I also found a post that advocates simply adding the sub diretly via WHM's DNS editor, as an aditional CNAME entry, and then making manual mods to files all over the place(doesn't seem like a good idea at all!!!).

    So, what's the best and/or correct approach to this?

    TIA to all for your help.

    I'm on WHM 10.0.0 cPanel 10.0.0-R85, RedHat 7.3 i686 - WHM X v3.1.0

    Ed
     
  2. DigitalN

    DigitalN Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    420
    Likes Received:
    1
    Trophy Points:
    18
    If you would like to see the existing site via ssl, rather than add a sub domain, that is see all pages in /home/user/public_html when accessing https://secure.domain.com then you don't need to add a sub domain.

    Just install the cert that you get for secure.domain.com using whm and add an A record for secure into the domains dns zone after installing the cert, pointing at the new IP that you set domain.com up on. (change sites IP address, if they didn't have a unique IP to begin with.)
     
  3. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Easiest way is to create a new account in WHM for the subdomain with a dedicated IP, then setup the SSL for it. The only real drawback is that the client will have 2 seperate accounts to log in to.
     
  4. Edward123

    Edward123 Member

    Joined:
    Jul 13, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your help.

    The client would not accept digitalN's solution - they want it so that www.domainname.com has their general content and secure.domainname.com has their commerce and other sensitive content.

    And Squirrel, I can envision them having a problem with there being two accounts - they have a problem with lots of things that most others wouldn't.

    Currently, their www.domainname.com account does have its own IP. If I create a subdomain "secure.domainname.com," do I need another, separate IP for the sub? If so, I'm back to my original question.

    Thanks again.
     
  5. DigitalN

    DigitalN Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    420
    Likes Received:
    1
    Trophy Points:
    18
    No, you don't need another IP address, the unique IP applies to 1 ssl cert installation, per IP. You can still host other VirtualHosts on that IP that don't use ssl.
     
  6. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    If the client wants secure.domain.com then you will have to set them up with a new account.

    In WHM setup a new account using secure.domain.com as the domain name, assign them a dedicated IP address. This is a completely separate account, new username and a separate hosting package. Generate the CSR and order the certificate as normal and install as normal using secure.domain.com as the domain name all the way through.

    The client will need to have all the content they require in the new account, if they try and link to the main account ie. to pull graphics etc.. then visitors will get the message "This page contains secure and not secure content".

    The secure.domain.com will work without any manual hacks to the DNS because domain.com is already setup in the nameservers.
     
  7. DigitalN

    DigitalN Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    420
    Likes Received:
    1
    Trophy Points:
    18
    This isn't correct, you don't need a standalone whm account, however you may have to edit httpd.conf manually and add the full path to the subdomain /home/user/public_html/secure after you install the cert onto the account, as cPanel may add the document root as /home/user/public_html.
     
  8. RAIS2

    RAIS2 Well-Known Member

    Joined:
    Jul 16, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    This Path is correct and the way I have enabled SSL for each of my clients, as well as myself. There does not need to be separate cPanel accounts. Also when editing the httpd.conf, only edit the SSL section for the account. And restart Apache for changes. ;)
     
  9. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    If the main domain has a dedicated IP, you don't need to create the secure subdomain in WHM. Just create the subdomain in cpanel, then get and install the certificate.

    The WHM install should do the job correctly, but sometimes it leaves out the secure subdirectory in the port 443 entry in the httpd.conf file. After installing the certificate, just check the entry to make sure it included secure after the public_html.
     
Loading...

Share This Page