The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Certs on a Reseller's primary domain

Discussion in 'General Discussion' started by itzhero, Mar 23, 2010.

  1. itzhero

    itzhero Active Member

    Joined:
    Nov 16, 2008
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hello again cPanel forums!

    I've got a reseller who has purchased a SSL certificate and I have set his domain to an extra IP I have on the box. However, when I set the IP Address to his domain, it applies to all of his clients as well even tho he is set to use the main shared IP.

    http://reseller.com works as normal, however https://reseller.com does not connect.

    Any thoughts?

    -itzhero
     
  2. itzhero

    itzhero Active Member

    Joined:
    Nov 16, 2008
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    It should be noted that the type of cert he purchased was a 5-domain UCC cert, if that matters.
     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To form a more accurate diagnosis it will help greatly to know some additional information:
    1. What is the precise symptom being seen on the non-reseller accounts; what aspect of the non-reseller (client) accounts is affected and in what way has it changed from the expected behavior?
    2. Is each client under the reseller setup as a separate cPanel account, or are they setup only as add-on domains?
    3. What is the output of the following command via root SSH access?
      Code:
      # grep -H '' /etc/*release /usr/local/cpanel/version /var/cpanel/envtype
     
  4. itzhero

    itzhero Active Member

    Joined:
    Nov 16, 2008
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    1. Client accounts have not changed at all. IP still remains the shared IP. I applied my new IP Address to the reseller.tld and it affected all of his addon domains. Should I have left it as the shared and set up the cert on the new IP? For some reason this was the only way I could set up a cert before if I recall correctly.

    2. He has four or five addon domains and a few clients with their own cPanel logins.

    3. Below:
    Code:
    /etc/redhat-release:CentOS release 5.2 (Final)
    /usr/local/cpanel/version:11.25.0-RELEASE_43473
    /var/cpanel/envtype:virtuozzo
    Thank you for your assistance :)

    -itzhero
     
  5. itzhero

    itzhero Active Member

    Joined:
    Nov 16, 2008
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    After we do the CSR and set up the domain, we are getting a mismatch error between the cert (provided by godaddy.com) and the private key.

    Code:
    Modulus mismatch, key file does not match certificate. Please use the correct key file
     
    #5 itzhero, Mar 24, 2010
    Last edited: Mar 24, 2010
  6. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    When stating to "shared" and "shared IP" are both of these only referring to a specific IP address set as the reseller's shared IP (via WHM: Main >> Resellers >> Reseller Center), the main server shared IP address of the server, or is this also referring to having setup a shared SSL certificate for the entire server (via WHM: Main >> SSL/TLS >> Manage SSL Hosts)?

    For reference, the shared IP address defined for a reseller may be different from the dedicated IP address assigned to the reseller's main cPanel account.

    If the SSL certificate is needed to apply only for the reseller's primary cPanel account (that would include any parked or add-on domains), then the reseller's cPanel account should have its own dedicated IP, separate from any shared IPs, and then the desired SSL certificate should be installed. In order to have the SSL certificate not affect other cPanel accounts the SSL host should be setup on its own dedicated IP address and not on a shared IP address.

    The SSL certificate and RSA private key (CRT and KEY) are a unique pair and must match. I recommend using WHM to perform the SSL installation. Please note that in some cases if there are multiple certificate and key pairs this may inadvertently cause a different key to be detected; to avoid this, simply ensure the KEY entered is the same one that matches the CSR and generated CRT from the issuing vendor.

    Existing SSL certificates, RSA private keys, CA bundles (where applicable), and CSRs, may be found in the following directory paths:
    Code:
    /etc/ssl/certs/
    /etc/ssl/private/
    /home/$username/ssl/certs/
    /home/$username/ssl/private/
    In addition to the above, certain older OS installations may also use the following directory paths, such as in RHEL4 and CentOS4:
    Code:
    /usr/share/ssl/certs/
    /usr/share/ssl/private/
    Within "/etc/ssl/" here are a few example paths for a CA bundle, CRT, CSR, and KEY:
    Code:
    /etc/ssl/certs/domain.tld.cabundle
    /etc/ssl/certs/domain.tld.crt
    /etc/ssl/certs/domain.tld.csr
    /etc/ssl/private/domain.tld.key
     
Loading...

Share This Page