SSL certificate for SFTP connections on all hosted accounts

trucmuche

Well-Known Member
Nov 20, 2014
98
4
58
cPanel Access Level
Root Administrator
Hello,

I got a free SSL certificate from StartCom and installed it in WHM. It works for getting HTTPS to work for administration (https://www.mydomain.com:2087 and https://www.mydomain.com:2083). But it shows a warning message about incorrect hostname when I try to access https://www.hosteddomain.com:2083 (hosteddomain.com is a client's domain hosted by my vps). Same thing when I try to access FTPS to ftp.hosteddomain.com of course : the certificate does not match the domain name and a warning appears.

I understand the problem, but I wonder if there is a way to get this working "normally" (without paying an expensive certificate). I think that there is no solution (but getting and installing a SSL certificate separately for each hosted domain) but... maybe something I ?

Could you advise me ?

Best regards,

Trucmuche
 

trucmuche

Well-Known Member
Nov 20, 2014
98
4
58
cPanel Access Level
Root Administrator
Hmmm. Well... I don't understand, for sure... The actual settings are :
Always redirect to SSL : OFF
Non-SSL redirect destination : Origin Domain Name (this setting doesn't matter for my problem, right ?)
SSL redirect destination : SSL Certificate Name (this seems correct, isn't it ???)
Logout redirection URL : No redirection. (I don't care about logout, here)
And these settings does not apply to FTPS, I think...

So ? What's the solution you're thinking about, @Infopro ?
 

kdean

Well-Known Member
Oct 19, 2012
392
70
78
Orlando, FL
cPanel Access Level
Root Administrator
As you saw, a regular SSL certificate for you server hostname will not work when using the other domains hosted on the server.

If you always want them to connect securely, you can redirect them to your hostname by setting "Always redirect to SSL" to On.

Clients can use an http connection to go to domain.com/cpanel and domain.com/webmail and it will redirect to the https connection for your hostname and port of the service.

If you still want to allow both secure and non-secure connections then you would set:

Always redirect to SSL: Off
Non-SSL redirect destination: (can be hostname or origin domain Name)
SSL redirect destination: Hostname (since that is the certificate installed)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463