The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Which SSL to use

Discussion in 'Security' started by hostyouridea, Feb 27, 2013.

  1. hostyouridea

    hostyouridea Member

    Joined:
    May 29, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,
    I have a VPS with a small handful of hosting clients.
    I purchased some SSL certificates, but have not been able to get them working on the server.

    It would be great someone can explain which SSL I should be using, when and how. I have read all the tutorials and even have an SSL installed? but it does not seem to be working, or maybe its working but not the way I need.

    Users who go to domain.com/cpanel get a scary warning depending on which browser they use. (Chrome being the scariest for users and Firefox being the most complicated)

    After the browser warnings the domain.com/cpanel redirects to the FQDN server1.domain.com:2083

    I have a certificate installed but still gives the warning and my users are freaked out.

    I bought the SSL certificate just for the FQDN; I have 2 dedicated IPs Do I need to get another SSL for the www.domain.com as well and get another IP for that?

    Why does the self-signed cPanel SSL not prevent the browser scare?

    It seems I can solve this with a SAN SSL for all the domains and of course I guess each domain would need their own dedicated IPs, but thats an expensive way to give a few users webmail.

    Can someone please demystify the various SSLs and tell me if I can use this SSL to achieve no warnings and get my few webmail users happy without warning messages. e.g. If I have a standard SSL does that only cover the FQDN or include www.domain.com and ftp.domain.com etc? Would it mean the users cannot get their email through their own domain mail.usersdomain.com? Presently I have it set to POP from port 110, but I would prefer port 587 if possible.

    While I am on that subject, the email client gives a warning when I use port 587 to POP mail. SHould I be using the VPS mail server address for POP?

    It seems this is quite a good way to get users paranoid when there is nothing wrong and make SSL sellers rich.

    Will the browser URL entry field show a green or secured symbol when SSL is properly installed.

    Finally I looked at a mail log see it show the SSL as Unknown, Unknown, Unkown and self-signed by ssl@domain.com

    Can someone give me a 101 on SSL for new web hosts on VPS.

    Thanks
     
  2. hostyouridea

    hostyouridea Member

    Joined:
    May 29, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Can even a cPanel mod reply and at least point me in the right direction with just a few of the questions.
    I realize its a grab bag of questions.

    Thanks
     
  3. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    There should be a SSL certificate installed for the host name of your server.
    Home » SSL/TLS » Install an SSL Certificate and Setup the Domain

    That certificate should be configured as the shared SSL certificate for the server.
    Home » SSL/TLS » Manage SSL Hosts

    That certificate should be installed for cPanel's services.
    Home » Service Configuration » Manage Service SSL Certificates

    In Home » Server Configuration » Tweak Settings » Redirection
    Always redirect to SSL should be ON

    In Home » Server Configuration » Tweak Settings » Security
    Require SSL should be ON

    and finally, you tell your customers' that if they want to use secure connection with their email client they must use your server's host name, instead of mail.theirdomain.com
     
Loading...

Share This Page