The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please help me with SSL and subdomain. My web host can't be right!

Discussion in 'General Discussion' started by dsatchell, Nov 20, 2004.

  1. dsatchell

    dsatchell Registered

    Joined:
    Nov 20, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I have a reseller account with a company and they are telling me something that I hope is wrong and would appreciate some clarification and instructions.

    1. I have a client that had a 100mb hosting package with a shared IP at christinajs.com. Now my client wants to install osCommerce and get an SSL and have it setup at secure.christinajs.com. I have used up all of my disk space on my reseller account. My host tells me that to setup SSL I have to create a new account with a dedicated IP in addition to the existing account. I thought this was crazy as it meant that I would have to use up more disk space just to provide SSL. What is the situation here and what should I have done?

    2. I need an answer to #1 for future reference but I have already deleted the account and recreated it under a dedicated IP plan. I still would like to have christinajs.com as a non-SSL and secure.christinajs.com as a osCommerce install with SSL. I have already created the SSL from WHM and set it as secure.christinajs.com but I can't figure out the correct way to install osCommerce from cPanel so that the store will install correctly.

    3. If I create the SSL from WHM, is this a true SSL or something else like a shared or self-signed SSL?

    Thanx, Dave.
     
  2. dsatchell

    dsatchell Registered

    Joined:
    Nov 20, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    So is it possible to have christinajs.com without SSL and secure.christinajs.com with SSL under the same account? My hosting service uses WHM 9.9.7, cPanel 9.9.8-R5, on RedHat Enterprise 3.

    I've been told "In WHM, you cannot generate an SSL, if it was that easy, we would all do it."
    But in WHM I'm curious as to why it gives this as an option:
    SSL/TLS
    Generate an SSL Certificate and Signing Request
    Install an SSL Certificate and Setup the Domain.​
    I'm a Windows Admin with 15 years experience so I like to understand why something is the way it is. But now I'm confused because I have played around with this and even though I haven't gotten it 100% correct I do know that I can enable the padlock icon when going to the site and SSL does appear to be enabled. I think that maybe what is in WHM is allowing for a self-signed SSL but I'm not sure.

    Info would be appreciated.

    Also, I would appreciate it if someone has a link to some info on SSL. I have found some info but it is either very abstract info like selling to a customer or very technical like for someone that is administering there own box. I need something in between that will describe in detail why each step is being done.

    Thanx, Dave.
     
  3. PWSowner

    PWSowner Well-Known Member

    Joined:
    Nov 10, 2001
    Messages:
    2,948
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    ON, Canada
    Using "Generate an SSL Certificate and Signing Request" doesn't create a certificate. It just generates the CSR (Certificate and Signing Request) which is needed to send to the certificate issuer when purchasing a certificate.

    You generate a CSR, purchase an SSL certificate from someone, sending them the CSR, and they will then send you the file(s) you need when doing the next step, "Install an SSL Certificate and Setup the Domain".

    Once the SSL certificate is purchased and set up, you would go to https://secure.christinajs.com for secure connections and http://www.christinajs.com for the main site with standard connection. When a certificate is installed, you don't have to use the secure connection, (https), it's just an option for when secure data transfer is needed.
     
  4. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    Can't you just install the certificate and make your subdomain...

    Then access the main site using http://

    Access the subdomain (and redirect) using https://

    That works fine here :confused:
     
  5. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    Hmm... let me see if I can add some to your knowledge here...

    Only one SSL site per IP... that's just the way SSL works (the whole packet is encrypted, so the webserver can't tell which domain it was intended for... only the ip)... but you can have quite a few non SSL sites on one IP and then use the same ip for ONE SSL domain.

    I'm not sure about your reseller setup there... and haven't played with the resellers in WHM, so I'm not sure how you'd organize your sites there.

    Yes, you can create both self-signed and certified (3rd party signed) certificates from WHM. Your reseller permissions may be different than my root permissions though. For self-signed certificates, you can do it all yourself with whm... just do both steps together... otherwise, you'll have to have (and pay) the 3rd party to sign your CSR, then you install the cert they send you. I've self-signed several certificates for personal sites, and control panels where I am the only person accessing it. And installed a 3rd party signed certificate for my servername, for customer's secure webmail, secure control panel, secure email, etc.
     
  6. linux-image

    linux-image Well-Known Member

    Joined:
    Jun 8, 2004
    Messages:
    1,192
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    Root Administrator
    another way is to assign the subdomain with another ip address and install the cert to it. but this i guess will need some manual edit at the conf.
     
  7. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Correct, this will work, we have many sub-domains (wildcard cert) with its own IP address. You will need to edit httpd.conf for each one. ;)
     
Loading...

Share This Page