The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The site's security certificate is not trusted!

Discussion in 'Security' started by alehut, May 14, 2012.

  1. alehut

    alehut Registered

    Joined:
    May 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Everyone

    I am new to this forum and to cPanel so please forgive my ignorance and I am sorry if I have put this thread in the wrong place.

    I have a dedicated server that uses WHM and cPanel with a small number of hosting accounts on it.
    All has been going well with it until recently when I spoke to my supplier about how I could get Parked Domains to work on my accounts.
    The supplier talked me through the process which was basically to go to tweaks and change a setting.
    After doing this the issue with Parked Domains was solved and all was well and good.
    I then noticed that any time myself or one of my clients tried to log into cPanel or Webmail we now got a warning screen with "The site's security certificate is not trusted!".

    Now my supplier is telling me I will need to buy a SSL certificate to stop the warning message.

    My questions are these:
    Why would a small change to WHM cause such an issue?
    How could I have had a https connection before and now I don't, is there some sort of certificate provided with new installs of WHM? Sorry I am pretty ignorant on certificates as you can probably tell.
    Is it unreasonable of me to ask for the system to be put back to how it was without buying a certificate? Can that even be done?

    I am not trying to be mean or anything and I am happy to buy a certificate if I need one but it is more the issue that it did work and now it does not and I just hate not knowing what caused a problem or how it was working before the simple change.

    Any advice or guidance on this is greatly appreciated

    Alex
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You were probably accessing WHM / CPANEL in the past via its non-SSL ports. (i.e. you were probably using http://servername:2082 for cPanel access and http://servername:2086 for WHM access).

    Now you are likely using SSL ports. (i.e. you're probably accessing via httpS://servername:2083 for cPanel and httpS://servername:2087).

    If you were previously using non-SSL connections to WHM / cPANEL, you'd never see those certificate warnings.

    The default SSL certificates used on a cPanel server are self-signed, so they will always throw a warning. To get around that, either accept the certificates and tell your browser to ignore the warnings, or purchase an SSL certificate that is mapped to your main server hostname and then assign that certificate to all of the cPanel services.

    Mike
     
  3. alehut

    alehut Registered

    Joined:
    May 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Mike

    Thanks so much for taking the time to reply, I really appreciate it.
    You have shone a light for me and I better understand what is going on.
    Could I ask one thing though, do you think the change in Tweaks for allowing Parking Domains could cause the change from non-SSL to SSL ports?

    Thanks again for your answer

    Alex
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're welcome, Alex.

    Changing the options for parking domains in Tweak Settings _shouldnt_ cause the change in non-SSL to SSL ports. However, the settings that control whether non-SSL users are redirected to SSL ports are indeed in Tweak Settings as well. So maybe during the process of you adjusting the parking domains options, you may have inadvertently changed / saved some settings related to SSL.

    The bottom line though is that you / your customers should actually be happy if you are now using SSL ports for WHM / cPanel. Everyone should. The use of SSL allows for the traffic between the client browser and the server to be encrypted.

    I know the warning is ugly, and you can get around that by purchasing an SSL cert for the main hostname of the machine, installing the SSL certificate to use on the cPanel services, and then adjusting a few Tweak Settings. But, even if you don't do that, the warning is just that -- a warning to say that the certificate is not secure. That doesn't mean it isn't secure though. Depending on the message [and I"m guessing the message is the typical one], it's just indicating that the certificate is a self-signed certificate and hasn't been signed by a certificate authority [such as Geotrust, Thawte, etc].

    You can use the non-SSL ports if you want. You can turn off the redirection in Tweak Settings if you want.

    Oh, another thing -- You _could_ have been using SSL all along, but even the self-signed certificates provided by cPanel will expire every year or few years. And when that happens, you have to generate new self-signed certificates [or maybe it does it automatically]. And each time you'd generate new ones, somebody would get the warning unless they accepted / stored the certificate.

    Mike
     
    #4 mtindor, May 14, 2012
    Last edited: May 14, 2012
  5. alehut

    alehut Registered

    Joined:
    May 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    That's fantastic Mike, you have completely cleared up the issue for me.
    I really appreciate your help and feed back.

    I will follow your advice and get an SSL certificate today.

    Thank you again

    Best regards

    Alex
     
  6. alehut

    alehut Registered

    Joined:
    May 14, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Mike or anyone else that may be browsing this thread.

    Although Mike's answer to this question has cleared up a lot in my mind (for which I am grateful) as to what the problem was the company that run my dedicated server do not completely agree.

    I am fairly certain that this is all down to my general ignorance on this topic but I am the type of person that needs to understand what could have caused the problems I am experiencing.

    A little bit of history here:
    When the server was first set up an SSL certificate was apparently provided as standard upon installation.
    When I first logged into WHM I did not get any obvious warnings about self certificates and I was connected via port 2087.
    My clients who use the server have never seen any obvious certificate errors and would always access their cPanel via www.domain.com/cpanel which uses port 2083 and they would have an https connection and the same for webmail www.domain.com/webmail via port 2096.
    My provider says that the certificate has not changed since the day it was installed and is still valid and their is nothing with cPanel that could have caused the changes.
    They also tell me that a single SSL certificate will not be suitable to put the server back the way I think it was and that I would need a certificate for each domain on the server, so far that's about 25 domains.
    They say that it is a coincidence that the certificate issue arose after the Tweak settings had been changed.
    They say it could be my browser causing problems but I use a whole cross section of them and so do my clients who have all told me of the error messages they are now getting
    The server has recently been updated to 11.32.2 (prior to the Tweak setting being changed).


    So this all being said I guess my questions are:
    Are my suppliers statements correct? Do I need multiple SSL certificates to enable my clients to connect to their cPanel and webmail without warnings?
    Is it all just coincidence that the Tweak and this issue arose around the same time?
    Were the errors always there and I had just missed them but the Tweak did something.

    As ever any help or advice is greatly appreciated.

    Alex
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I can't comment on your Hosting Providers statements.

    In WHM > Service Configuration > Manage Service SSL Certificates, you find the certs for the server's host.name.com
    IMHO, these should work fine under most normal circumstances for all users. You'll note there are dates on these. Each year you'll have to come by here and click Reset Certificate to update each one. Your server will contact you about them expiring before they do.

    WHM > Server Configuration > Tweak Settings > Redirection tab is where you'd set your redirects for your users.
    And
    SSL Certificate Name

    So, when a user goes to hisdomain.com/cpanel, or, hisdomain.com/webmail he will be redirected to the proper URL, the hostname URL to be exact: your.server.com:2083

    Once he gets there, he'd need to accept the cert from your server, into his browser to stop getting the warning. The process to do that varies across different browsers.

    In doing so you spent no money on additional certificates, and got rid of the warnings.

    If you have an account with an ecommerce site on a dedicated IP, you would probably want to purchase a cert for that accounts domain, yes.
     
  8. fergalfrog

    fergalfrog Registered

    Joined:
    Jun 5, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I just want to mention one theing for those that stumble accross this thread.

    If you go into tweak settings for the first time and save it affects your SSL settings even though you may not have changed anything related to that.

    Twice now this has happened and reading the above:
    I believe this to be a cPanel bug. This morning I made one small change in relation to mail. I am 100% sure I did not accidently click anything to do with SSL - once saved however SSL errors started appearing - they never had before.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you save, it displays what changes it made. I take it you saw no message?

    What errors started appearing if I might ask, untrusted cert?
     
  10. tukaa

    tukaa Registered

    Joined:
    Oct 2, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I know this post is a bit old but I had the same issue which I over looked due to it being just being a display error which I knew you could just bypass by continuing. I noticed there are no instructions or clue to where you should go to fixing this issue so here is what I did to fix the issue.

    WHM » Service Configuration » Manage Service SSL Certificates

    Look for " cPanel/WHM/Webmail Service " and where it says " Reset Certificate " click it and your SSL should get replaced with a brand new Certificate.

    This fixed my issue today and I'm much happier.
     
  11. arunsv84

    arunsv84 Well-Known Member

    Joined:
    Oct 20, 2008
    Messages:
    373
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    127.0.0.1
    cPanel Access Level:
    Root Administrator
    Hi,

    You can always install a self signed certificate for cPanel/WHM/Webmail service. I believe its valid for a year. As tukaa mentioned you need to reset certificate once its expired. Normally you will get an alert to your contact email address that the certificate is going to expire.

    Cheers!!!
     
Loading...

Share This Page