The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Best Practices

Discussion in 'Security' started by Collin B., Feb 16, 2016.

  1. Collin B.

    Collin B. Registered

    Joined:
    Feb 16, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hello. We have a question regarding some best practices for SSL.

    We have several WHM-powered/Cpanel servers configured so that both SSL and non-SSL users share the same IP address. We are receiving reports from some of our customers that when they try to visit their non-SSLsite over HTTPS, they get sent over to a another website on the server, which seems to be the the first domain alphabetically that has SSL set up.

    We would like to know what the best practice is to avoid non-SSL clients reaching other websites on the server. The client totally freaks out when this happens. We have considered setting up a dummy domain that is first in the list of SSL clients (e.g. 0.example.com) that would catch these non-SSL site requests, but we wanted to double-check to see if there is a more efficient way of handling this, because that seems like a terrible bandaid.

    Please let us know if you have any advice or best practices for this situation.

    Thank you.
     
  2. Collin B.

    Collin B. Registered

    Joined:
    Feb 16, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Root Administrator
    Hello Michael.

    We reviewed the documentation, and it does explain how we ran into this issue, in that SSL is on a separate protocol separate from the Application Layer, but we really need to know if cPanel / WHM has a best practice for handling SSL certificates on a shared IP address.

    We need to know if there is an official solution to this problem. We have an alternative solution, in which we set up a domain with a message to non-SSL clients indicating that SSL is not supported, but before we proceed with this alternative, we need to know if there is a better way to handle this that is officially endorsed by cPanel, or if this is an open-ended procedure due to different servers (and administrators) having different policies and requirements for SSL.

    Please advise on the issue.

    Thank you.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The supported methods of working around this type of configuration include using the steps in the URL referenced in my last response, or installing a self-signed certificate on all domain names under the shared IP address.

    Thank you.
     
Loading...

Share This Page