The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL & subdomain confusion

Discussion in 'General Discussion' started by katsbits, Apr 14, 2012.

  1. katsbits

    katsbits Registered

    Joined:
    Dec 5, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm having trouble understanding how SSL should be configured so that when someone carries out a 'secure action', like logging into a store, the user stays within the realms of a primary domain. As an example; http://domain.com has a subdomain called http://store.domain.com. When someone logs into the store or wants to purchase an item they get automagically routed through https://secure.domain.com/ and once done said same user is then routed back to http://store.domain.com/. Behind the scenes then, everything is effectively running from the same 'User' account so all session data and so on is just passed through the SSL connection and once done the user is returned back to the standard store URL subdomain.

    From what I understand for the SSL to work it needs two things (1) a 'domain' to associate with it, and (2) a unique IP. OK, got those. Now the bit I'm confused over is, in order to enable the above situation where secure actions are routed through the SSL and then returned to the originating URL, how should the SSL be set up in relation to the primary and sub domains? It seems there are two ways to do this (1) you need to set up the SSL and IP as a separate 'User' account in WHM/cPanel, or (2) you reference the SSL IP through a DNS record and some Apache config file changes.

    If I'm understanding this correctly, (1) would mean anything that needs to be secured has to be hosted on what is now an entirely separate User account, meaning that any future requests/actions done via http://store.domain.com are actually redirected in their entirety to https://secure.domain.com/ - http://store is now simply a 'forwarding' address, the (store) application itself now being hosted and run from a separate 'secure' User account. And that (2) means making a number of changes to httpd.conf file [1] [2] and DNS records so the Apache and Domain related data knows where it's supposed to send secure requests?

    So my question is which is the most appropriate option to use in relation to the scenario in the first paragraph? Can this actually be done with WHM/cPanel or do I need to take a different approach to the problem of wanting to secure only necessary actions as described?

    Thanks in advanced for your replies.
     
  2. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    I too am looking forward to a solution to this question as I am interested in a very similar setup for one of my domains.
     
  3. NetMantis

    NetMantis BANNED

    Joined:
    Apr 22, 2012
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Utah
    cPanel Access Level:
    DataCenter Provider
    Unless you have a wildcard certificate (expensive), you cannot have SSL with subdomains.

    SSL will normally only work with the base primary domain on the account.

    So if you wanted to have say "http://pizza.mydomain.com" and assuming "mydomain.com" is the
    root main domain on the account then the correct way to call that address in SSL mode would be
    to use the base domain like this "https://mydomain.com/pizza/".

    Don't use subdomain while using SSL, use the subfolders. When non-SSL can use the subdomain names

    If you want subdomain for both SSL and NON-SSL, you either have to get a wildcard certificate or you will
    have to put each subdomain on it's own Cpanel account and it's own distinct IP and get a unique SSL certificate
    for each subdomain that you use so you options are either expensive or complicated.

    Myself, I'd just use the subfolder addresses in SSL verses the subdomain names.
     
  4. LeadDogGraphics

    LeadDogGraphics Well-Known Member

    Joined:
    Feb 25, 2012
    Messages:
    97
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    West Palm Beach, FL
    cPanel Access Level:
    Root Administrator
    I very much appreciate your reply. I am completely new to this, but in my search earlier I found this page on the cPanel info:

    Assigning Dedicated IPs to Subdomains

    Am I incorrect in thinking that it is possible to follow the instructions listed there for the above purpose.

    Also if I did not want to use the subfolder option, I guess I could just get a different domain for example if I had domain.com first, I could then just register securedomain.com and use the SSL there and then add it on my server as an addon domain using it's own ip correct?
     
Loading...

Share This Page