The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems with SSL Cert

Discussion in 'Security' started by Chriz1977, Feb 4, 2010.

  1. Chriz1977

    Chriz1977 Well-Known Member

    Sep 18, 2006
    Likes Received:
    Trophy Points:

    Im having problems installing my SSL cert that I purchased from GoDaddy.

    The problem is this. I have installed it with no problem annd its showing as NOT self signed, however, when anyone logs into whm/cpanel it says its untrusted.

    I setup the domain as but the server name is Should I have setup the cert for Its not a wilcard SSL cert so I was worried that using might cause problems. Have I got this backwards by any chance?

    Also, How should I setup whm.Tweak settings When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to: SSL Certificate Name,Hostname or Origin Domain Name?

    Another thing, If I use can I install the cert for ftp,smtp,pop3,etc? The mail server uses and the ftp uses so would this cause a problem? Should I use a self cert SSL cert for those services?

    Any help would be apreciated

    #1 Chriz1977, Feb 4, 2010
    Last edited: Feb 4, 2010
  2. mtindor

    mtindor Well-Known Member

    Sep 14, 2004
    Likes Received:
    Trophy Points:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    1. If you're server's primary IP address is associated with, then yes you want a certificate cut specifically for or at least that is how I prefer it.

    2. Tweak Settings

    I prefer to have all non-SSL requests directed to the CA-signed certificate associated with the hostname of the server.

    Example: My server primary hostname is I purchased a certificate from a CA (Geotrust, etc.) for If my users go to (or /whm or /webmail) I want them to be redirected to (the SSL port for that service on the primary hostname, so they get a CA-signed certificate and do not get certificate warnings). if my users decide to go to (i.e. the primary hostname but with no SSL) I also want them redirected to for the particular service.

    Under Security:

    "Require SSL for all remote logins to cPanel, WHM and Webmail. This setting is recommended."
    - checkmark this

    Under Redirection:

    Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
    - checkmark this

    When visiting /cpanel or /whm or /webmail WITHOUT SSL, you can choose to redirect to:
    - select Hostname

    When visiting /cpanel or /whm or /webmail with SSL, you can choose to redirect to:
    - select SSL Certificate Name

    3. I can't comment with regard to SSL on mail.*, ftp.* other than to say that a certificate for would not be valid for ftp.* or mail.* but certainly would be usable. The client would have to accept that certificate regardless of warnings.

    4. Certainly you can use self-signed certificates for any/all services. It all depends on whether or not you want the clients who acccess the site to be presented with warnings because the certificate on the server is self-signed. Certainly nothing wrong with that for services such as imap / smtp / ftp. But for /whm, /cpanel and /webmail I think you may prefer to have a signed certificate. However, if you aren't forcing your customers to redirect to the SSL ports, then they will rarely think to use the SSL ports -- and when they do they probably won't care that it is a self-signed certificate. If you ARE forcing your customers to visit the SSL ports for webmail, WHM and Cpanel, then I'd certainly recommend having a signed certificate for that at the very least.

    cPanelDon likes this.
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Nov 5, 2008
    Likes Received:
    Trophy Points:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    I concur with what mtindor has posted; following the suggestions regarding redirection options in WHM Tweak Settings, clients could simply use the available redirects to be forwarded to the server hostname with SSL/https included and provided the installed SSL certificate is properly signed and trusted there should be no SSL-related warnings.

    If a user does not use the available redirects and instead attempts to access cPanel directly via SSL/https while specifying the appropriate port number (e.g., 2083, 2087, 2096), if the domain entered does not match the SSL certificate then the user's browser may display a warning indicting it is not "trusted" because of a domain name mismatch; this is normal and to be expected in this specific situation. For this scenario I recommend advising users they may either manually trust the certificate in their browser configuration (or other configurations for mail and FTP client applications) or that they may also use the server hostname to avoid SSL-related warnings (assuming the installed SSL certificate is properly signed and trusted). The following are a few example URLs in reference to accessing cPanel, WHM, and Webmail, via SSL (with the applicable port numbers):
  4. Registered

    Sep 8, 2009
    Likes Received:
    Trophy Points:
    Please note, you have to install for services your cert's too:

    Service Configuration > Manage Service SSL Certificates

Share This Page