Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Separate SSL certificates for Main & Add-on Domain

Discussion in 'Security' started by Lemmy1, Oct 26, 2016.

Tags:
  1. Lemmy1

    Lemmy1 Registered

    Joined:
    Oct 20, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Dubai
    cPanel Access Level:
    Root Administrator
    I have a main domain and 2 add-on domains on a dedicated IP address. I installed a Let's Encrypt certificate with the AutoSSL plugin, and it installed a certificate that included all the domains attached to the user (main, 2 add-on, 2 sub). So when you look at the certificate for the main domain, it lists all the other domains that are under it.

    How do I go about installing separate certificates for the main domain and the 2 add-on domains? Do I need to create other cPanel users and transfer the add-on domains to them?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This is normal behavior, as addon domain names are essentially configured as subdomains in their respective Virtual Hosts, with an alias to to the actual domain name.

    To note, a recent support inquiry was submitted regarding order of the names as they appear in the certificate. To summarize, it was explained that "CA/Browser Forum Baseline Requirements" mandate the use of subjectAltName (SAN), so unless you're using an SSL or TLS client that doesn't support subjectAltName (in which case it's probably insecure), the CN value is completely ignored and has no effect on the validity of the certificate.

    You can convert your addon domain names to their own accounts using the following option if you prefer to not have the certificates listed together:

    Convert Addon Domain to Account - Documentation - cPanel Documentation

    Thank you.
     
  3. did-vmonroig

    did-vmonroig Active Member

    Joined:
    Feb 6, 2012
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    56
    cPanel Access Level:
    Root Administrator
    Hello,

    And what about multidomain sites, as Magento with different storefronts? They cannot be separated in different accounts, but still need more than one SSL per account.

    Regards,
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @did-vmonroig,

    Addon domain names and subdomains are still assigned SSL Certificates with the AutoSSL feature. The previous response relates to the inclusion of other domain names when someone reviews the certificate information.

    Thank you.
     
Loading...

Share This Page