The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Self-Signed Certificates?

Discussion in 'General Discussion' started by bvanderw, Feb 21, 2007.

  1. bvanderw

    bvanderw Member

    Joined:
    Mar 5, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Can someone explain to me what a self-signed SSL certificate is? Can these be installed using WHM? Do they require a unique IP address?

    Thanks....
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Someone can probably better offer an explanation than I can, but I'll try.

    A self-signed certificate is just like any other certificate, except it will not be recognized as an authorative certificate by your browser.

    Certificates basically have two purposes. One is to encrypt the data as it passes along a network, which insure that data cannot be read by anyone that may be sniffing the network's traffic. Two, a certificate provides some level of assurance to the client, the end user visiting your website, that you are who you say you are. A self-signed certificate does the first one, but not the second one. An authorative certificate, one that you buy somewhere, will offer both.

    A self-signed certificate is useful in instances where you just want to encrypt data. Perhaps a website that only you and your colleagues visit to enter important information. You may want to have that data encrypted as it is passed through the Internet. In this case, its not all that feasible to put down money and purchase a certificate. The self-signed certificate will do the exact same thing, accept users would have to accept the certificate when they go to the website (some browsers allow you to permanently accept the certificate). The classic case for a self-signed certificate is when you access your control panel or WHM securely, by default it uses a self-signed certificate. In this instance you are just wanting to encrypt the connection, emphasis is not placed on insuring that you are who you say you are.

    A purchases certificate or authorative certificate is necessary in instances where you are advertising your site to unknown visitors, visitors that do not know who you are or who don't necessarily trust you. A common place for an authorative certificate is any place where you are accepting orders and accepting credit card information. You want to encrypt that data, but you also want visitors to know that you are who you say you are. An authorative certificate provides some level of assurance by that visitor that you are who you say you are. The user can check the certificate and trace it back to the certificate maker and find out exactly who placed the order for the certificate.

    The downside to an authorative certificate is that it costs money, but it should be recognized by most any browser. In places where users know to trust you and you just want to encrypt data connections, a self-signed certificate should work just fine.

    Any type of certificate, self-signed or authorative, will require a dedicated IP.

    Hope this helps.
     
    Infopro likes this.
  3. bvanderw

    bvanderw Member

    Joined:
    Mar 5, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Wow...great explanation. Thanks!

    One more thing...what is the process of installing a self-signing certificate (i.e. how does it differ from installing a authorative certificate)?
     
  4. brendanrtg

    brendanrtg Well-Known Member

    Joined:
    Oct 4, 2006
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    There is really not much difference. You can do so under WHM.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Probably the first thing you want to do is assign the account a dedicated IP. An account doesn't really have to have a dedicated IP per say, it just makes things a lot simplier (an attempt an a short explanation -- if you have site1.com and site2.com sharing an IP, if site1.com gets a secure certificate, signed or authorative, without a dedicated IP, then https://site1.com will function correctly. When site2.com accesses, https://site2.com, they will see site1.com securely, albeit with a warning message stating that the hostnames don't match).

    Once you have assigned an IP, click on Generate a SSL Certificate and Signing Request in your WHM. Complete the information as stated. When you click on Create, you will see three items, the Private Key, the Certificate SIgning Request, and the self-signed certificate. Just copy the private key and Self-Signed Certificate information and paste them into a text document momentarily.

    Then click on Install a SSL Certificate and Setup the Domain and paste the Self-Signed Certificate information from the above step into the first large text area. The WHM might pick up the rest of the information. Just double check and fill in the rest of the information appropriately. The private key should be given in the next text area, but if it is not, just paste it from the above step.

    Then click on Submit, and you are done. The domain will now be able to be accessed securely using a self-signed certificate.
     
Loading...

Share This Page