The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using SSL for secure cpanel login??

Discussion in 'General Discussion' started by nsdesign, Mar 10, 2004.

  1. nsdesign

    nsdesign Active Member

    Joined:
    Jul 22, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Using SSL for secure cpanel login - BROKEN?

    I'd like to tell all customers to use the secure Cpanel login (to improve security), but i cannot get it working without an annoying "SSL certificate warning"... This is despite having 2 "proper" SSL certificates installed on the server.

    I have https://secure.mydomain.com and https://anotherdomain.com both working fine, but when I do for example:
    https://secure.mydomain.com/cpanel I get a security warning....

    This warning is because the SSL Cert that is tring to be used is called https://servername.domain.com (the actual name of the server) which is NOT actually installed as a cert.

    I cannot get it to use one of the installed certs....
    Please can anyone advise.
     
    #1 nsdesign, Mar 10, 2004
    Last edited: Mar 10, 2004
  2. nsdesign

    nsdesign Active Member

    Joined:
    Jul 22, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    bump
     
  3. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Why bump on the last post?


    Please if any one has this information, I would truly appreciate it!

    Thanks!
     
  4. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Have you tried the "Change cPanel/WHM Certificate" option in WHM? Have not tested it but it sounds like what you're looking for.
     
  5. ddeans

    ddeans Well-Known Member

    Joined:
    Feb 13, 2004
    Messages:
    296
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Maryland
  6. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    There is no how to. isnt 2083 and 2097 the ports for SSL to cpanel and WHM? WHile https://hostname/~user works the following ports do not. I get page not found.

    After changing the tweak settins to use SSL on redirect, no one can get into there control panel due to page not found errors.

    This is my system:
    WHM 9.1.0 cPanel 9.1.0-R52
    RedHat 7.3 - WHM X v2.1.2

    -John
     
  7. ddeans

    ddeans Well-Known Member

    Joined:
    Feb 13, 2004
    Messages:
    296
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Maryland
    Using that you can block out the unsecure ports through a firewall. But that wasn't the tread I thought it was. There is a really good thread on this, and when i find it i'll post it here agaain
     
  8. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Thanks!

    Yeah, the firewall issue wasnt what i needed. Ive searched for that thread myself and I only get info about turning it on in tweak settings. But no info why it doesnt work for me. Or how to resolve that problem.

    Thanks!
     
  9. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    This tutorial will show you how to accomplish https connections when going to servername/whm or /cpanel for those who may still be using the insecure ways to login to WHM and CPanel forcing a secure connection for all users.

    Step 1: Backup files
    cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.insecure

    Step 2: Edit the file
    pico /etc/httpd/conf/httpd.conf

    Step 3: Search for the line:
    Ctrl+W then ScriptAlias /cpanel /usr/local/cpanel/base/redirect.cgi

    Step 4: Edit the line to show the following: ScriptAlias /cpanel /usr/local/cpanel/base/sredirect.cgi (simply change the redirect.cgi to sredirect.cgi)

    Step 5: Search for the line:
    Ctrl+W then ScriptAlias /whm /usr/local/cpanel/base/whmredirect.cgi

    Step 6: Edit the line to show the following:
    ScriptAlias /whm /usr/local/cpanel/base/swhmredirect.cgi (simply change the whmredirect.cgi to swhmredirect.cgi)

    Step 7: Save and exit using the following: Ctrl+X then press Y

    Step 8: Restart Apache to have changes take effect:
    service httpd restart

    Hope this helps
     
    #9 electron33, Mar 12, 2004
    Last edited: Mar 12, 2004
  10. ddeans

    ddeans Well-Known Member

    Joined:
    Feb 13, 2004
    Messages:
    296
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Maryland
    That's the thread I was looking for!

    However you weren't the one to originally post it :rolleyes:
     
  11. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    Thank you for pointing that out. It's good to see someone keeping an eye on the "originality" of threads as well as searching for them.:eek:
     
    #11 electron33, Mar 12, 2004
    Last edited: Mar 12, 2004
  12. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    i got looking at the httpd.conf file and there is alias for securewhm and securecontrolpanel which go to the srwhmredirect.cgi and sredirect.cgi already. But it doesnt work. I get page not found.

    https://host.domain.com/~user works using server shared cert.

    but https://host.domain.com/securewhm does not work.

    says connection was refused and lists the url with 2087 port.

    any ideas?

    thanks!

    -John
     
  13. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    Assuming that your ssl certificate for the server is set up correctly you could verfiy that the stunnel directory for cpanel exist with the correct ownership:

    login to your server via ssh and issue the following command:


    First see if stunnel exists:
    ls /usr/local/cpanel/var/run/stunnel
    1. If you don't get "No such file or directory":
    chown cpanel:cpanel /usr/local/cpanel/var/run/stunnel
    /usr/local/cpanel/startstunnel
    And then see if https://host.domain/securewhm works

    2. If you DO get "No such file or directory":
    mkdir /usr/local/cpanel/var/run/stunnel
    chown cpanel:cpanel /usr/local/cpanel/var/run/stunnel
    /usr/local/cpanel/startstunnel

    That's all I can think of
    Good luck
     
  14. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    Thanks! well they were already chown to cpanel:cpanel except startstunnel which was root:cpanel i changed this to cpanel:cpanel but still same result. Cheetaweb says its probably pem key issue. So im gonna look into that when i get a chance and will update this thread.
     
  15. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I do not think forcing secure logins was what the thread creator was looking for.

    They were looking for a way to alleviate the host mismatch (or other) warnings that popup when using SSL logins.

    I would be interested in knowing how to avoid this problem also.

    There are a few threads that touch on this issue but I do not recall seeing a solution. If I remember correctly, it has something to do with the order of redirection within the logon process.
     
  16. nsdesign

    nsdesign Active Member

    Joined:
    Jul 22, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    SarcNBit - that's correct - I originally started the thread because of the ssl host mismatch.

    I've just resolved this by actually buying a "proper" SSL cert for the server "servername.domain.com" and installing it via WHM. Best $50 spent in a while since I can now tell customers to login at https://servername.domain.com/cpanal and have them login securely (without any warning on the certificate!)...

    They still get a warning when using https://www.theirdomain.com/cpanel but that's to be expected....

    So - I'm happy - and thanks to all those who tried to help.

    Gary
     
  17. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    What certificate authority did you get your cert from? Currently I installed mine purchased from the WHM SSL feature which is an instantSSL.

    Would geotrust do?
     
  18. nsdesign

    nsdesign Active Member

    Joined:
    Jul 22, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
  19. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    I get my certificates from http://www.freessl.com. The good thing about them is that everything is done online and using an automated phone confirmation system. This is handy if you're buynig for companies which most certificate providers need some form of paper identity.
     
  20. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Yeah I usually get mine at rackshack too. But when i got this cpanel for first time I noticed that you could purchase the cert via WHM so I thought that being that cpanel and company suggested this was best cert. Oh well... Will be getting a geotrust. I just got a kernel OOPS error from my machine this morning... Must deal with that first i guess before the crap hits the fan!
     
Loading...

Share This Page