Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL defaults to hosted domain, instead of server domain.

Discussion in 'Security' started by jols, Feb 27, 2015.

  1. jols

    jols Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:

    This is a serious concern to some of our hosted customers. For some reason it seems to come up periodically.

    We have a number of SSL certs installed on our server, three of which use the non-dedicated, server IP. Everything in this regard runs fine. However, when someone happens to try an https address for their own domain, without having gone thought he process to install their own certs, self-signed or otherwise, they get a reference to one of the other domains on the server, rather than the server domain, or their own. This upsets our customers because they believe their web site is being hijacked.

    Case in point:

    When using:

    They will get, the "This connection untrusted..." as is expected. However, when clicking on the certificate details link, they will see this:

    Technical Details: uses an invalid security certificate. The certificate is only valid for the following names:, (Error code: ssl_error_bad_cert_domain)


    And again, IS located on the same server, they just use the server IP as opposed to a dedicated IP for their cert installation.

    Other accesses, to other accounts with no cert, pull up the same "Technical Details" result.

    So the question, is, how can we put a stop to this behavior, that is, how can we have the technical details reflect rather than one of our customer's domains ( as the default/fallback domain for SSL access?
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    If the account is assigned a shared IP address, and a SSL certificate is installed on that IP address, then any secure request to a domain name on that IP address will load the contents of the domain name the certificate is installed for. This is by design. You will need to assign a dedicated IP address to the account that uses the SSL certificate if you don't want that certificate applied to the other domain names on it's IP address. Or, you could generate/install a self-signed certificate for each domain name on the server (Assuming your server supports SNI). You could also make one alternate SSL certificate the primary certificate for an IP address via the "Make Primary" option in "WHM Home » SSL/TLS » Manage SSL Hosts".

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice