The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL defaults to hosted domain, instead of server domain.

Discussion in 'Security' started by jols, Feb 27, 2015.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Hi,

    This is a serious concern to some of our hosted customers. For some reason it seems to come up periodically.

    We have a number of SSL certs installed on our server, three of which use the non-dedicated, server IP. Everything in this regard runs fine. However, when someone happens to try an https address for their own domain, without having gone thought he process to install their own certs, self-signed or otherwise, they get a reference to one of the other domains on the server, rather than the server domain, or their own. This upsets our customers because they believe their web site is being hijacked.

    Case in point:

    When using:
    https://www.domainA.org/

    They will get, the "This connection untrusted..." as is expected. However, when clicking on the certificate details link, they will see this:

    ----------------------------
    Technical Details:

    http://www.domainA.org uses an invalid security certificate. The certificate is only valid for the following names: www.SomeOther.com, SomeOther.com (Error code: ssl_error_bad_cert_domain)

    ----------------------------

    And again, SomeOther.com IS located on the same server, they just use the server IP as opposed to a dedicated IP for their cert installation.

    Other accesses, to other accounts with no cert, pull up the same "Technical Details" result.

    So the question, is, how can we put a stop to this behavior, that is, how can we have the technical details reflect ourServerDomain.com rather than one of our customer's domains (SomeOther.com) as the default/fallback domain for SSL access?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    If the account is assigned a shared IP address, and a SSL certificate is installed on that IP address, then any secure request to a domain name on that IP address will load the contents of the domain name the certificate is installed for. This is by design. You will need to assign a dedicated IP address to the account that uses the SSL certificate if you don't want that certificate applied to the other domain names on it's IP address. Or, you could generate/install a self-signed certificate for each domain name on the server (Assuming your server supports SNI). You could also make one alternate SSL certificate the primary certificate for an IP address via the "Make Primary" option in "WHM Home » SSL/TLS » Manage SSL Hosts".

    Thank you.
     
Loading...

Share This Page