The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Whm ssl

Discussion in 'General Discussion' started by TFF, Aug 21, 2012.

  1. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hello.

    I've recently got a whm reseller account for cpanel (non-root), but we (me and my host) are having problems configuring the SSL stuff. We've already acquired the certificate and the dedicated ip, but i don't think it was setup in the right place.

    I would like my reseller account to have a ssl certificate that is shared with my cpanel clients, and that the certificate is used not only in the webserver port, but also in the cpanel services (email, webmail and cpanel).

    I would like to know if that's possible, and if so, what are the instructions for the whm root user.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The SSL certificate can only be used for services if full root access is available. The option can be found at:

    "WHM >> Service Configuration >> Manage Service SSL Certificates"

    If the SSL certificate is installed for Apache, it can be shared via:

    "WHM >> SSL/TLS >> Manage SSL Hosts"

    Thank you.
     
  3. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for your answer, but i'm still confused...

    My Manage SSL Hosts page is still empty, and has no buttons do add a new one. So, maybe we're lacking some feature from the Feature Manager?

    Regarding the service ssl certificates, you said that the root user can't add a service ssl certificate to my new reseller ip, is that right? I find it awkward to sell a service that shows a third-person certificate when using services like mail and cpanel, that's why i would like to change it.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You have to install a SSL certificate before it can be shared. You can install a certificate via:

    "WHM >> SSL/TLS >> Install a SSL Certificate and Setup the Domain"

    Please note this is for Apache only, not the other services on your system.

    Correct, it's not possible to have multiple certificates for services such as cPanel/WHM or Exim at this time. There is an open feature request for this at:

    SSL Certificates Per-Domain For All Services

    Feel free to add your input to the above feature request.

    Thank you.
     
  5. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Ok...

    However, i thought i had a dedicated ip already but when I try to insert the certificate for my user i get this error:
    - SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: myuser! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

    If i try to install the certificate for the user nobody:
    - Root privileges are required to install a certificate for an account that you do not own.

    I've already asked my host to add it, since i want to share it, but what if i wanted to add a certificate just for one of my clients, something seems to be missing right?
     
  6. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Now that i think about it, maybe i can't insert the certificate myself because the ip has been associated with 2 users already.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, a dedicated IP address is required in order to install a SSL certificate on an account. It needs to be an IP address that is not a shared IP, and not assigned to any other accounts.

    Thank you.
     
  8. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    So I asked my host to install the certificate in the dedicated ip as user nobody, so it could be shared with all my clients.

    There happened two issues:
    1) The Manage SSL Hosts page was still empty so I couldn't check if the certificate was shared or not.
    2) When I tried to access both sites with https, the page that was displayed was the main account page in both cases.

    So, maybe I can't install a shared certificate afterall or do you think we forgot something?
     
  9. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot install an SSL onto two domains and have both domains display with https unless you have either a UCC certificate or a wildcard certificate. If you don't have root SSH on the machine, you'll need to see if your hosting provider will allow you to add wildcard or UCC certificates.
     
  10. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I don't need a valid wildcard certificate, i just want to install a shared certificate for my clients backends. Even if it sends the warning about the domain mismatch. My hosting provider doesn't seem to be bothered by that, but they already tried to install it without success, and that's why i've opened this thread.
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You cannot do what you are trying to do. If you access an SSL on a site that is using the same IP, the https page displayed will use the first VirtualHost entry in Apache, which is what is happening. This isn't about an untrusted warning, it's about the content you'll receive afterward. It's going to be the content of the first VirtualHost on that IP.

    You either need a UCC or a wildcard certificate to be able to have different domain content displayed with the same SSL certificate on the same IP. That's just how it works.

    Please let me know if this is still unclear.
     
  12. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Ok. I've just got a UCC certificate but when i try to install it in WHM for my user and main domain, i get this error: "SSL install aborted due to error: ok". The error message doesn't make sense, but i assume it has to be installed by the root user since it's going to be shared as the user nobody.
     
  13. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I stated this in my one post:

    This does need to be installed as the root user provided your hosting provider allows it. You should ask them about this.
     
  14. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Ok. Thank you.
     
  15. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    By the way, UCC Certificates seem a bit annoying to install/ update.

    Why not just let the root user add one certificate to an ip and enable the user folder functionality (and access it like this: https://www.maindomain.com/~username)?

    I mean, that would work for me, as opposed to have no SSL if it comes to that.
     
    #15 TFF, Sep 19, 2012
    Last edited: Sep 19, 2012
  16. TFF

    TFF Member

    Joined:
    Mar 30, 2009
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Actually it was only after some trial and error that i found out that the share certificate function seems to be meant for this feature. The feature is documented somewhere so i'm assuming it should work and treat it as a bug if not.

    Thanks for your help so far.
     
Loading...

Share This Page