question about "self-signed certificate"

ljwhite

Well-Known Member
Jun 20, 2005
363
0
166
I want to assign self-signed certificate for our hosted domain using whm. How could i do this? Many thanks in advance!
 

shashank

Well-Known Member
PartnerNOC
Apr 12, 2003
159
1
168
cPanel Access Level
Root Administrator
Generate a CSR for the domain in whm. It should give you a key, csr and a crt. Then from the ssl install form use the key and crt you got from the csr generation and assign it to your domain. make sure the domain had a dedicated Ip and once the crt and key are installed it should have a self-signed cert.
 

ljwhite

Well-Known Member
Jun 20, 2005
363
0
166
Thanks for your help. I have installed self-signed ssl. Now i have two questions:
1. When i open the site with self-signed ssl, i will get a "security alert" which is said:"The secrity certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.
Why do i get this "security alert"? Is there a way to avoid it?
2. how to delete self-signed ssl?
 

elliotcooper

Well-Known Member
PartnerNOC
May 18, 2005
56
0
156
The reason that you get the security alert is that secure certificates are setup to do two things:

1. Encrypt the traffic between browser and server
2. Authenticate the identity of the site you are looking at.

2. is achieved by the certificate listing who signed or verified the information listed in the certificate. In order to work without getting the error the certificate muxt be signed by a Signing Authority that the browser is configured to recognise. When the signing authority signs the certificate they are verifying the identity of the certificate holder.

There are a small number of these inluding Verisign and Comodo. These companies will not sign a certificate unless documentation is submitted verifying the identity of the certificate holder. For this reason you can trust a site with a secure certificate because you know that the signing authority has performed checks to ensure the certificate holder is who they say they are.

When you self sign the certificate no independant authority checks you are who you say you are which is the reason that the browser warns when it encounters a self signed cert.

To delete the certificate you should use the function in WHM. Also you will need to log into your server on the command line and delete the files you created in these directories:

/usr/share/ssl/certs/
/usr/share/ssl/private/

The files you need to delete will contain the domain name that you used for the cert.