The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL for Newbies

Discussion in 'General Discussion' started by markb14391, Oct 18, 2008.

  1. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Wow, my head is spinning. I'm trying to figure out how to enable SSL on my cPanel servers...for the main domain (for example, processing orders in WHMCS), for POP3, IMAP, FTP, webmail, etc.

    I've seen lots of details about setting up and using self-signed certificates and purchased certificates, but never a comprehensive, understandable explanation. I think I can get through the process of buying and setting up a certificate for the WHMCS stuff. Can someone explain (in newbie detail) how to set up SSL for my clients to use with e-mail (POP3, IMAP, SMTP), webmail, accessing cPanel, and FTP? I see self-signed certificates in my WHM already for this (apparently generated automatically), but the web browser shows certificate errors when I try to use those services in SSL mode.

    Any help would be appreciated.

    Thanks!!!

    Mark
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    For the services (email, cPanel etc.), you can only upload 1 certificate for each service. You cannot install multiple certificates for each of your clients. Instead, you must determine which domain or hostname you want a SSL certificate for, acquire that certificate then install the SSL certificate. You must instruct your users regarding which domain/hostname you desire them to use for connecting (the one on the SSL certificate) as to curb errors from being generated.

    If you need help with the actual installation process for SSL certificates, please let me know.
     
  3. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    If I want to secure a domain I only use myself (for example, a .net version of my hosting domain, where I may put a CRM system), can I generate a self-signed certificate? (I know I'll get a certificate error message, but I'll know it's secure since I set it up.)

    If I can do that, how would I go about it?

    Thanks.
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Self-signed certificates are automatically generated for all services to ensure the data is encrypted.
     
    #4 cPanelDavidG, Oct 24, 2008
    Last edited: Oct 24, 2008
  5. McPhil

    McPhil Active Member

    Joined:
    Sep 20, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Hey great thread. Just want I was looking for.

    We have installed a trial SSL cert and decided to use a different SSL cert. We have followed the cert provider's instructions and now we have a CRT, a KEY, and a root CA. When we place this information in the appropriate boxes here:

    Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain

    We get this error:

    "
    Installing SSL Certificate

    Sorry, you must have a dedicated ip to use this feature for the user: mainuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

    SSL Install aborted due to error."

    We want this to be our mainuser SSL cert. Remember we had installed a trial version of another SSL cert provider. I am wondering do we have to delete this from somewhere? Or can we force our new information to overwrite our old information?

    Thanks for the help!
     
  6. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    Can you elaborate on this? It doesn't seem to work that way for me. For example, I have a CRM system at http://www.mydomain.com/mycrm. I can access it that way, but I get a "page could not be displayed" error if I try to access it as https (https://www.mydomain.com/mycrm).

    How can I enable this?

    Thanks,

    Mark
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I apologize, it's not often I handle SSL certs. For websites - to access https://example.com - those keys and certificates need to be manually generated via the cPanel interface.

    IIRC, a feature has been added in WHM recently to allow the setting of a SSL cert for the main IP of the server by setting it to user nobody.
     
  8. markb14391

    markb14391 Well-Known Member

    Joined:
    Jun 9, 2008
    Messages:
    305
    Likes Received:
    2
    Trophy Points:
    18
    NP.

    Can you clarify how that works? For example, does it compromise anything to set the user to "nobody," and how would another domain on the server utilize that? Will it automatically work for any domain that doesn't have its own dedicated cert?

    Does the shared cert have to be linked to the hostname, or can it be for the main domain of the server?

    These are all details that are very helpful but vauge...this sounds like a great feature, but some people (including me) seem unclear exactly how to use it.

    Thanks,

    Mark
     
  9. McPhil

    McPhil Active Member

    Joined:
    Sep 20, 2007
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    So if we want to use the new SSL cert as our mainuser SSL cert and not a shared SSL cert, we need to log into the Mainuser Cpanel account and change the SSL/TSL settings there instead of WHM?
     
Loading...

Share This Page