hostyouridea

Member
May 29, 2012
7
0
51
cPanel Access Level
Root Administrator
Hello,
I have a VPS with a small handful of hosting clients.
I purchased some SSL certificates, but have not been able to get them working on the server.

It would be great someone can explain which SSL I should be using, when and how. I have read all the tutorials and even have an SSL installed? but it does not seem to be working, or maybe its working but not the way I need.

Users who go to domain.com/cpanel get a scary warning depending on which browser they use. (Chrome being the scariest for users and Firefox being the most complicated)

After the browser warnings the domain.com/cpanel redirects to the FQDN server1.domain.com:2083

I have a certificate installed but still gives the warning and my users are freaked out.

I bought the SSL certificate just for the FQDN; I have 2 dedicated IPs Do I need to get another SSL for the www.domain.com as well and get another IP for that?

Why does the self-signed cPanel SSL not prevent the browser scare?

It seems I can solve this with a SAN SSL for all the domains and of course I guess each domain would need their own dedicated IPs, but thats an expensive way to give a few users webmail.

Can someone please demystify the various SSLs and tell me if I can use this SSL to achieve no warnings and get my few webmail users happy without warning messages. e.g. If I have a standard SSL does that only cover the FQDN or include www.domain.com and ftp.domain.com etc? Would it mean the users cannot get their email through their own domain mail.usersdomain.com? Presently I have it set to POP from port 110, but I would prefer port 587 if possible.

While I am on that subject, the email client gives a warning when I use port 587 to POP mail. SHould I be using the VPS mail server address for POP?

It seems this is quite a good way to get users paranoid when there is nothing wrong and make SSL sellers rich.

Will the browser URL entry field show a green or secured symbol when SSL is properly installed.

Finally I looked at a mail log see it show the SSL as Unknown, Unknown, Unkown and self-signed by [email protected]

Can someone give me a 101 on SSL for new web hosts on VPS.

Thanks
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
There should be a SSL certificate installed for the host name of your server.
Home » SSL/TLS » Install an SSL Certificate and Setup the Domain

That certificate should be configured as the shared SSL certificate for the server.
Home » SSL/TLS » Manage SSL Hosts

That certificate should be installed for cPanel's services.
Home » Service Configuration » Manage Service SSL Certificates

In Home » Server Configuration » Tweak Settings » Redirection
Always redirect to SSL should be ON

In Home » Server Configuration » Tweak Settings » Security
Require SSL should be ON

and finally, you tell your customers' that if they want to use secure connection with their email client they must use your server's host name, instead of mail.theirdomain.com