SSL for Newbies

[markb14391]

Wow, my head is spinning. I'm trying to figure out how to enable SSL on my cPanel servers...for the main domain (for example, processing orders in WHMCS), for POP3, IMAP, FTP, webmail, etc.

I've seen lots of details about setting up and using self-signed certificates and purchased certificates, but never a comprehensive, understandable explanation. I think I can get through the process of buying and setting up a certificate for the WHMCS stuff. Can someone explain (in newbie detail) how to set up SSL for my clients to use with e-mail (POP3, IMAP, SMTP), webmail, accessing cPanel, and FTP? I see self-signed certificates in my WHM already for this (apparently generated automatically), but the web browser shows certificate errors when I try to use those services in SSL mode.

Any help would be appreciated.

Thanks!!!

Mark

 

[cPanelDavidG]

Wow, my head is spinning. I'm trying to figure out how to enable SSL on my cPanel servers...for the main domain (for example, processing orders in WHMCS), for POP3, IMAP, FTP, webmail, etc.

I've seen lots of details about setting up and using self-signed certificates and purchased certificates, but never a comprehensive, understandable explanation. I think I can get through the process of buying and setting up a certificate for the WHMCS stuff. Can someone explain (in newbie detail) how to set up SSL for my clients to use with e-mail (POP3, IMAP, SMTP), webmail, accessing cPanel, and FTP? I see self-signed certificates in my WHM already for this (apparently generated automatically), but the web browser shows certificate errors when I try to use those services in SSL mode.

Any help would be appreciated.

Thanks!!!

Mark

For the services (email, cPanel etc.), you can only upload 1 certificate for each service. You cannot install multiple certificates for each of your clients. Instead, you must determine which domain or hostname you want a SSL certificate for, acquire that certificate then install the SSL certificate. You must instruct your users regarding which domain/hostname you desire them to use for connecting (the one on the SSL certificate) as to curb errors from being generated.

If you need help with the actual installation process for SSL certificates, please let me know.

 

[markb14391]

If I want to secure a domain I only use myself (for example, a .net version of my hosting domain, where I may put a CRM system), can I generate a self-signed certificate? (I know I'll get a certificate error message, but I'll know it's secure since I set it up.)

If I can do that, how would I go about it?

Thanks.

 

[cPanelDavidG]

If I want to secure a domain I only use myself (for example, a .net version of my hosting domain, where I may put a CRM system), can I generate a self-signed certificate? (I know I'll get a certificate error message, but I'll know it's secure since I set it up.)

If I can do that, how would I go about it?

Thanks.

Self-signed certificates are automatically generated for all services to ensure the data is encrypted.

 

[McPhil]

Hey great thread. Just want I was looking for.

We have installed a trial SSL cert and decided to use a different SSL cert. We have followed the cert provider's instructions and now we have a CRT, a KEY, and a root CA. When we place this information in the appropriate boxes here:

Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

We get this error:

"
Installing SSL Certificate

Sorry, you must have a dedicated ip to use this feature for the user: mainuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

SSL Install aborted due to error."

We want this to be our mainuser SSL cert. Remember we had installed a trial version of another SSL cert provider. I am wondering do we have to delete this from somewhere? Or can we force our new information to overwrite our old information?

Thanks for the help!

 

[markb14391]

Self-signed certificates are automatically generated for all HTTPS pages as well as all services to ensure the data is encrypted.

Can you elaborate on this? It doesn't seem to work that way for me. For example, I have a CRM system at http://www.mydomain.com/mycrm. I can access it that way, but I get a "page could not be displayed" error if I try to access it as https (https://www.mydomain.com/mycrm).

How can I enable this?

Thanks,

Mark

 

[cPanelDavidG]

Hey great thread. Just want I was looking for.

We have installed a trial SSL cert and decided to use a different SSL cert. We have followed the cert provider's instructions and now we have a CRT, a KEY, and a root CA. When we place this information in the appropriate boxes here:

Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

We get this error:

"
Installing SSL Certificate

Sorry, you must have a dedicated ip to use this feature for the user: mainuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

SSL Install aborted due to error."

We want this to be our mainuser SSL cert. Remember we had installed a trial version of another SSL cert provider. I am wondering do we have to delete this from somewhere? Or can we force our new information to overwrite our old information?

Thanks for the help!

I apologize, it's not often I handle SSL certs. For websites - to access https://example.com - those keys and certificates need to be manually generated via the cPanel interface.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.

 

[markb14391]

NP.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.

Can you clarify how that works? For example, does it compromise anything to set the user to "nobody," and how would another domain on the server utilize that? Will it automatically work for any domain that doesn't have its own dedicated cert?

Does the shared cert have to be linked to the hostname, or can it be for the main domain of the server?

These are all details that are very helpful but vauge...this sounds like a great feature, but some people (including me) seem unclear exactly how to use it.

Thanks,

Mark

 

[McPhil]

I apologize, it's not often I handle SSL certs. For websites - to access https://example.com - those keys and certificates need to be manually generated via the cPanel interface.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.

So if we want to use the new SSL cert as our mainuser SSL cert and not a shared SSL cert, we need to log into the Mainuser Cpanel account and change the SSL/TSL settings there instead of WHM?