SSL for Newbies

markb14391 · Oct 18, 2008

Wow, my head is spinning. I'm trying to figure out how to enable SSL on my cPanel servers...for the main domain (for example, processing orders in WHMCS), for POP3, IMAP, FTP, webmail, etc.

I've seen lots of details about setting up and using self-signed certificates and purchased certificates, but never a comprehensive, understandable explanation. I think I can get through the process of buying and setting up a certificate for the WHMCS stuff. Can someone explain (in newbie detail) how to set up SSL for my clients to use with e-mail (POP3, IMAP, SMTP), webmail, accessing cPanel, and FTP? I see self-signed certificates in my WHM already for this (apparently generated automatically), but the web browser shows certificate errors when I try to use those services in SSL mode.

Any help would be appreciated.

Thanks!!!

Mark

cPanelDavidG · Oct 20, 2008

markb14391 said: ↑

Wow, my head is spinning. I'm trying to figure out how to enable SSL on my cPanel servers...for the main domain (for example, processing orders in WHMCS), for POP3, IMAP, FTP, webmail, etc.

I've seen lots of details about setting up and using self-signed certificates and purchased certificates, but never a comprehensive, understandable explanation. I think I can get through the process of buying and setting up a certificate for the WHMCS stuff. Can someone explain (in newbie detail) how to set up SSL for my clients to use with e-mail (POP3, IMAP, SMTP), webmail, accessing cPanel, and FTP? I see self-signed certificates in my WHM already for this (apparently generated automatically), but the web browser shows certificate errors when I try to use those services in SSL mode.

Any help would be appreciated.

Thanks!!!

Mark
Click to expand...

For the services (email, cPanel etc.), you can only upload 1 certificate for each service. You cannot install multiple certificates for each of your clients. Instead, you must determine which domain or hostname you want a SSL certificate for, acquire that certificate then install the SSL certificate. You must instruct your users regarding which domain/hostname you desire them to use for connecting (the one on the SSL certificate) as to curb errors from being generated.

If you need help with the actual installation process for SSL certificates, please let me know.

markb14391 · Oct 23, 2008

If I want to secure a domain I only use myself (for example, a .net version of my hosting domain, where I may put a CRM system), can I generate a self-signed certificate? (I know I'll get a certificate error message, but I'll know it's secure since I set it up.)

If I can do that, how would I go about it?

Thanks.

cPanelDavidG · Oct 24, 2008

markb14391 said: ↑

If I want to secure a domain I only use myself (for example, a .net version of my hosting domain, where I may put a CRM system), can I generate a self-signed certificate? (I know I'll get a certificate error message, but I'll know it's secure since I set it up.)

If I can do that, how would I go about it?

Thanks.
Click to expand...

Self-signed certificates are automatically generated for all services to ensure the data is encrypted.

McPhil · Oct 24, 2008

Hey great thread. Just want I was looking for.

We have installed a trial SSL cert and decided to use a different SSL cert. We have followed the cert provider's instructions and now we have a CRT, a KEY, and a root CA. When we place this information in the appropriate boxes here:

Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

We get this error:

"
Installing SSL Certificate

Sorry, you must have a dedicated ip to use this feature for the user: mainuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

SSL Install aborted due to error."

We want this to be our mainuser SSL cert. Remember we had installed a trial version of another SSL cert provider. I am wondering do we have to delete this from somewhere? Or can we force our new information to overwrite our old information?

Thanks for the help!

markb14391 · Oct 24, 2008

Self-signed certificates are automatically generated for all HTTPS pages as well as all services to ensure the data is encrypted.
Click to expand...

Can you elaborate on this? It doesn't seem to work that way for me. For example, I have a CRM system at http://www.mydomain.com/mycrm. I can access it that way, but I get a "page could not be displayed" error if I try to access it as https (https://www.mydomain.com/mycrm).

How can I enable this?

Thanks,

Mark

cPanelDavidG · Oct 24, 2008

McPhil said: ↑

Hey great thread. Just want I was looking for.

We have installed a trial SSL cert and decided to use a different SSL cert. We have followed the cert provider's instructions and now we have a CRT, a KEY, and a root CA. When we place this information in the appropriate boxes here:

Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

We get this error:

"
Installing SSL Certificate

Sorry, you must have a dedicated ip to use this feature for the user: mainuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

SSL Install aborted due to error."

We want this to be our mainuser SSL cert. Remember we had installed a trial version of another SSL cert provider. I am wondering do we have to delete this from somewhere? Or can we force our new information to overwrite our old information?

Thanks for the help!
Click to expand...

I apologize, it's not often I handle SSL certs. For websites - to access https://example.com - those keys and certificates need to be manually generated via the cPanel interface.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.

markb14391 · Oct 24, 2008

NP.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.
Click to expand...

Can you clarify how that works? For example, does it compromise anything to set the user to "nobody," and how would another domain on the server utilize that? Will it automatically work for any domain that doesn't have its own dedicated cert?

Does the shared cert have to be linked to the hostname, or can it be for the main domain of the server?

These are all details that are very helpful but vauge...this sounds like a great feature, but some people (including me) seem unclear exactly how to use it.

Thanks,

Mark

McPhil · Oct 25, 2008

cPanelDavidG said: ↑

I apologize, it's not often I handle SSL certs. For websites - to access https://example.com - those keys and certificates need to be manually generated via the cPanel interface.

IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.
Click to expand...

So if we want to use the new SSL cert as our mainuser SSL cert and not a shared SSL cert, we need to log into the Mainuser Cpanel account and change the SSL/TSL settings there instead of WHM?

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL for Newbies

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

McPhil Active Member

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

markb14391 Well-Known Member

McPhil Active Member

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL for Newbies

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

McPhil Active Member

markb14391 Well-Known Member

cPanelDavidG Technical Product Specialist

markb14391 Well-Known Member

McPhil Active Member

Share This Page