The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssl for subdomain(s)... which route to go?

Discussion in 'Security' started by morrow95, Jul 18, 2013.

  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    I am looking to get an ssl cert for use on one of my sites. I will only be using ssl on subdomain(s). My hosting provides free ssl certs including wildcards so price is not an issue.

    Would it be best to get a cert for a single subdomain like secure.domain.com OR get a wildcard *.domain.com which would cover any subdomains? It is my understanding that the wildcard would also take care of www.domain.com which could possibly be a benefit down the road.

    Background info - my own dedicated server and at the moment all sites hosted share the main ip. I can put this particular domain on its own ip if needed. From some research on here I am reading the wildcard is a pain to setup as there is added configuration you need to do on your own rather than just through whm. I also see there is a warning about it running under user nobody. This I am curious about as I have suphp going and that prevents user nobody - so how does that work?

    Honestly the wildcard sounds better as it would be an all in one (any subdomains including www), but if it is going to be a pain in the *** to setup then perhaps a single domain is better?

    Opinions and advice are appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Actually, cPanel version 11.38 includes improved wildcard and UCC/SAN certificate support, which allows users to use the same certificate for multiple subdomains. You can view the full 11.38 release notes at:

    cPanel 11.38 Release Notes

    Configuring SSL certificates on a shared IP address is now fully supported if you are using an OS that supports SNI (e.g. CentOS 6).

    Thank you.
     
  3. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    On 5.9 here... go figure... since it was free I went ahead and got a wildcard, but whm warns me among some other things when going to install. I held off for the moment.

    From what I can see you need to do a clean install when going to 6... guessing that would be a huge pita.
     
    #3 morrow95, Jul 18, 2013
    Last edited: Jul 18, 2013
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I recommend migrating the accounts to a system that uses CentOS 6 if possible. This may be easier than attempting to use manual workarounds to install multiple certificates on the same IP address.

    Thank you.
     
  5. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Yeah, that is exactly what I was thinking. If the features are built in now better to take advantage of them. I just emailed hosting to see if this is possible and how much will be involved. I always dread setting the server back up.
     
Loading...

Share This Page