The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible to generate SSL Cert for an ip?

Discussion in 'General Discussion' started by zenpig66, Oct 31, 2003.

  1. zenpig66

    zenpig66 Active Member

    Joined:
    Nov 16, 2002
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    I've never run across this before and have a feeling this can't really easily be done if at all. Anyway, I have a customer who is basically transferring their on-line store from one host to my services. The issue that is being run into is that he would like to use an SSL cert generated on his unique ip and not his FQDN...so basically, https://xxx.xxx.xxx.xxx would work. He does have reseller privileges on the server and generated a signing request based on his ip, went to InstantSSL which signed it(it does state on InstantSSL's site that certs must be for FQDN's)and then installed it. It does recognize the cert though the warning we receive is when going to https://xxx.xxx.xxx.xxx is an untrusted cert which is due to the CA Bundle not being installed. I can attempt to install it all day long both thru WHM and manually and it won't recognize it.

    So, the deal is, is this possible and if so, any recommendations on the steps necessary to have an SSL cert for an ip address instead of a FQDN?

    Thanks for any input.

    STeve
     
  2. mickeymouse

    mickeymouse Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    389
    Likes Received:
    0
    Trophy Points:
    16
    Dear zenpig66,

    The certificate is not bound to any specific IP address. It is bound to the fully qualified domain name only. So it is not possible to install it for an specific IP address.

    Regards,
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Correction, it can be if so chosen.

    Check with the cert supplier as to the CA_Bundle, they should a bundle file for you to install which is required for apache installations. (As noted on their site)

    P.S. Mickey, investigate properly before answering off the cuff.
     
  4. Tina

    Tina Well-Known Member

    Joined:
    Jan 27, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    HI,

    Just to be clear, because I am having a similar issue with an untrusted cert which is due to the CA Bundle not being installed. I do install the *CA.crt that came with the domain crts. Is this a separate installation? Do cpanel admins have to get the CA_Bundle and install it? This is not included already on the cpanel servers? Sorry for the confusion.


    Thank you. T.
     
    #4 Tina, Nov 24, 2003
    Last edited: Nov 24, 2003
  5. zenpig66

    zenpig66 Active Member

    Joined:
    Nov 16, 2002
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    What I found was that dgbaker was correct....what had occured in my situation was that the customer had sent a garbled CA_bundle file and on top of that, the SSL installation via WHM was not including the proper lines in the httpd.conf. The CA_bundle for this cert, which was instantssl, is just a generic one which I went to their site for and copied...it does need to go into the 3rd(last box) when installing though can be added later after the cert and key are installed. I'm thinking that since the CA_bundle was not installed initially with the cert, it was having issues. One thing to make sure of is that in the <IfDefine SSL> section for that domain, that you see this...
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/yourdomain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/yourdomain.com.key
    SSLCACertificateFile /usr/share/ssl/certs/yourdomain.com.cabundle
    SSLLogFile /var/log/yourdomain.com


    The line which repeatedly failed to insert was the SSLCACertificateFile which I just added manually and all good from there.
     
  6. RaveKnights

    RaveKnights Well-Known Member

    Joined:
    Nov 5, 2003
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Some Where Out There!
    You can even use the servers main IP if you have an SSL for it such as:

    https://main.server.ip./~username

    I give this to my customers and they love it....

    Have a happy Turkey Day Folks!

    goble goble goble!
     
Loading...

Share This Page