The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Manager within cPanel

Discussion in 'General Discussion' started by df66, Jun 23, 2005.

  1. df66

    df66 Member

    Joined:
    May 29, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I'd like to be able to offer SSL to our clients and, if possible, allow them to install the certificate themselves via cPanel rather than doing this myself using WHM.

    To test this, I've created a site on a dedicated IP address, created a self-signed certificate on a local box, logged into cPanel and uploaded the certificate & private key using the SSL Manager in pretty much the same way as I would expect our clients to do.

    However, if I go to https://<ip address> in Firefox, I get "The connection to <ip address> has terminated unexpectedly. Some data may have been transferred." In the apache error log I see "Invalid method in request \\x80g\\x01\\x03" and the access log shows a 501 error.

    Any idea where I'm going wrong?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    What about other browsers including: Communicator, IE, and Opera?
     
  3. df66

    df66 Member

    Joined:
    May 29, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    IE 6
    error_log: Invalid method in request \\x80L\\x01\\x03
    The browser displays a "cannot find server" error as the title with "The page cannot be displayed".

    Opera v6.04
    error_log: Invalid method in request \\x80F\\x01\\x03\\x01
    No error message displayed in the browser. Previous page still shown.

    Netscape v7.
    error_log: Invalid method in request \\x80F\\x01\\x03
    Again, the browser shows no error message. It just shows previous page.

    All the browsers will happily load WHM or cPanel via SSL.
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is possible that the key and certificate were not created properly. I suggest you delete both, regenerate, reinstall, and try one more time. You also need to make sure that the SSL entries are intact in the httpd.conf:

    Code:
    <IfDefine SSL>
    <VirtualHost xx.xx.xx.xx:443>
    ServerAdmin webmaster@domain.com
    DocumentRoot /home/username/public_html
    BytesLog domlogs/domain.com-bytes_log
    ServerName domain.com
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    CustomLog /usr/local/apache/domlogs/domain.com-ssl_log "%t %{version}c %{cipher}c %{clientcert}c"
    User username
    Group username
    SSLEnable
    SSLCertificateFile /path/to/domain.com.crt
    SSLCertificateKeyFile /path/to/domain.com.key
    SSLLogFile /var/log/domain.com
    UserDir public_html
    </VirtualHost>
    If none of these work, then your SSL/TLS client is getting a clear-text ("bad request") response from the server and trying to interpret it as SSL/TLS handshake data.

    Make sure the IP is valid/active; domain name is valid/active; SSL entries are in httpd.conf; key and cert generated properly (Sometimes, the CPanel adds extra weird text to the key/cert);
     
  5. df66

    df66 Member

    Joined:
    May 29, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for that. It seems that the SSL section within httpd.conf hadn't been created.

    I'm a little confused as this would defeat the object of allowing clients to install their own SSL certs if they need to be manually entered into the httpd.conf file :confused:. Unless this is just an issue with this particular server.
     
  6. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    I have not heard of one person who has been successfull installing a certificate using it yet, if anyone has let me know.

    You still have to set the domain up on its own dedicated IP address and changes still have to be made to httpd.conf to install a certificate, do you really want end users making changes to this file and destabilising the server?

    Personally I think this is one feature that should be left under the control of the host.
     
  7. df66

    df66 Member

    Joined:
    May 29, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Do you use WHM for installing certificates for your clients?

    I have no problems with adding certificates using WHM. The only issue is that if a client already has a certificate, then they will need to email both the key and crt file in order for us to install them. Unless of course, we provide our own secure interface for users to send us certificates.

    I had hoped that offering the feature within cPanel would have reduced some of the setup work involved but at present, it looks like there's more work involved than using WHM.
     
  8. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Yes always, WHM is the only way and I have not had a problem so far.

    The options in cPanel are supposed to allow clients to manage things once you set them up with the dedicated IP but they seem more problems than they are worth with files being saved in incorrect locations and the job only half done from the testing I have done and the various posts on this forum.

    Even experienced hosts get a little confused with the process required to order and install ssl certificates, having different products with different requirements from multiple suppliers I am sure just adds to the confusion. So giving that over to the end user is asking for something to go wrong.

    If you find you are installing certificates for customers anyway (most hosts are just doing it now to save the trouble of trying to fix things up later) add SSL certs to your product line. You already have to setup the IP address which you will generally charge your customer a monthly/annual fee for why not go the extra distance and offer to order the certificates for them and install it, for a fee of course. As you ordered it you will know how to install it and after you have done one or two you will be an "Expert" :cool:

    For those customers who want to do everything thing themselves well they will want a reseller account anyway so they will have WHM and they can install it themselves after you assign them an IP.
     
  9. df66

    df66 Member

    Joined:
    May 29, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for that advice. I'll use WHM for SSL (with an appropriate installation fee for our clients) and leave cPanel's SSL manager disabled :)
     
  10. Curious Too

    Curious Too Well-Known Member

    Joined:
    Aug 31, 2001
    Messages:
    427
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I have been meaning to ask this question of other hosts for some time. I have never, ever under any circumstances gotten the SSL Manager/Installer to work and this after submitting multiple tickets to cPanel regarding issues with the installer. I was always curious if anyone else was able to get it to work.
     
  11. wineo

    wineo Active Member

    Joined:
    Aug 30, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Perth, Australia
    I have a slightly different problem... I have generated a key and then a CSR and the subdomain that I was generating the SSL for now redirects to the main domain all the time and I can't reverse this. Now if I go to http:// sub.domain.com it goes to http:// domain.com but it still displays http:// sub.domain.com in the address bar.

    Can anyone help?

    Ta
     
Loading...

Share This Page