The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL and Self Certificate advice

Discussion in 'Security' started by fullfatdesigns, Sep 15, 2015.

  1. fullfatdesigns

    Joined:
    Aug 1, 2014
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi

    I'm after a bit of advice for our dedicated server (running CENTOS 6.7 WHM 11.50.0) and SSL / Self signed.

    I've currently got self-signed certificates, but run into expired messages when either logging into WHM or when trying to setup smtp mailservers with SSL.

    The self-signed don't expire until 2016.

    So, are self-signed not enough for trying to use SSL authentication on a mailserver? Or am I doing something wrong?

    Plus, should I look at getting a proper SSL Certificate for the actual server? and if so, should I get it for the domain that the nameservers use

    Any help/advice would be greatly received to help me get my head around this.

    Thanks
    Wayne
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you let us know the specific messages that you see or attach an image of the message? You should not receive expired notifications if the certificates are not scheduled to expire until 2016.

    Thank you.
     
  3. fullfatdesigns

    Joined:
    Aug 1, 2014
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi Michael

    Thank you for your reply. I've attached two screenshots when logging into WHM and sending an email. Looking at the error messages, it doesn't say expired, like I though it did, but invalid instead.

    screen1.jpg

    screen2.jpg
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Those messages are normal when using self-signed certificates. You can purchase a commercial trusted SSL certificate for the server's hostname and install it via:

    "WHM >> Service Configuration >> Manage Service SSL Certificates"

    Then, simply ensure your customers utilize the SSL certificate name when accessing those services.

    Thank you.
     
  5. fullfatdesigns

    Joined:
    Aug 1, 2014
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Thanks for your help Michael.

    To confirm, if I buy a commercial SSL for the domain name I use for the nameservers... is this correct to be able to do what you mention above.

    Edit: Plus if existing customers currently have email set with us, will making the domain SSL cause any issues?

    Thanks
    Wayne
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You should actually purchase it for the hostname of the server, as that's what most users will connect to. It won't result in any issues, but you may need to have your customers update the mail server name in their email clients if they want to utilize a signed certificate in cases where they don't have their own SSL certificate.

    Thank you.
     
  7. fullfatdesigns

    Joined:
    Aug 1, 2014
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi Michael

    Thank you for your help so far. I've purchased a commercial SSL through WHM and used my hostname or the server which was serverXX-XX-XX-XX.live-servers.net which is a combination of our server name made from our IP (X'ed out) and the live-servers.net which is assigned to us by fasthosts who we have the server with.

    It went through, but the company have emailed me to say they need to verify the SSL to the domain... which we don't own (as fasthosts do)... have I done this in-correctly?

    They have said I can upload a cert.html file with details in to the root of the server as an alternative. But I'm not sure how I get to the root of the entire server?

    If you have any advice on this, it would be greatly received.

    Thanks
    Wayne
     
    #7 fullfatdesigns, Sep 17, 2015
    Last edited by a moderator: Sep 17, 2015
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Have you considered using a domain name you own as the hostname of the server? Typically, most companies will use some variation of "hostname.myserver.com". This is the name that customers will see when accessing the certificate.

    Thank you.
     
Loading...

Share This Page