The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wrong site given through https

Discussion in 'General Discussion' started by jdatwood, Mar 19, 2004.

  1. jdatwood

    jdatwood Active Member

    Joined:
    May 10, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hopefully someone has a quick fix for this -

    I have many websites sharing one IP, but one of them has an "official" SSL cert (domain1.com)

    https://www.domain1.com resolves properly

    but

    https://www.domain2.com
    https://www.domain3.com
    https://www.domain4.com

    etc


    all resolve to domain1's secure site.

    Is there any way that I can have secure requests for the other domains NOT go to domain1's site? Whether by redirecting to non-secure, or through a 404 error, I don't care - I just need secure requests to the other domains stop going to the domain with the certificate.

    They are all on the same IP... I realize that if I put the one with the cert on its own IP then that would fix the problem, but I am looking for a way to do this without moving any of the sites to their own IPs.

    Thanks in advance!!!
     
  2. whizkid

    whizkid Active Member

    Joined:
    Jun 17, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Any SSL site requires its own dedicated IP because the cert is bound to the IP address.

    So if anyone visits https://someotherdomain.com they will get the SSL page that is bound to the IP.
     
  3. jdatwood

    jdatwood Active Member

    Joined:
    May 10, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the reply...

    Any way to change a domain's IP addy without taking the site down for the 12-48 hour DNS propogation?
     
  4. whizkid

    whizkid Active Member

    Joined:
    Jun 17, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Well, you might be able to tweak the TTL in the zone file...

    In my experience, it does not take 12-24 hours, rather, its about 4 hours for the new IP to propagate fully. I usually do the IP changes late at night so no one notices (advise the customer first).
     
  5. ryno267

    ryno267 Well-Known Member

    Joined:
    Mar 3, 2004
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chandler, AZ
    cPanel Access Level:
    Root Administrator
    you know.. i'm having the same problem...

    What about getting a chained SSL for the main IP on the server? would that resolve the issue?

    Right now I have a GeoTrust TrueBusinessID, which is on my .net domain (the same IP as whole server). I'm assuming I have to get a seperate IP only for the .net domain.
    But i'm wondering if i can get one of those $35.00 chained ssl certs from freessl.com and protect the rest of the servers domains that will all be on one IP together?

    any help would be great!
     
  6. whizkid

    whizkid Active Member

    Joined:
    Jun 17, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Unfortunately that would not work.

    The whole point of SSL is for the CA to verify the identity of the Domain owner. This is why each domain requires its own cert.

    There are *some* certs (VERY! expensive) that will cover all domains on a server, however, each one would have to be verified to be the same owner.
     
  7. ryno267

    ryno267 Well-Known Member

    Joined:
    Mar 3, 2004
    Messages:
    212
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chandler, AZ
    cPanel Access Level:
    Root Administrator
    ya.. they're like $700 bucks... screw that...
     
  8. whizkid

    whizkid Active Member

    Joined:
    Jun 17, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    yes, and unless all domains are registered to you, the cert woudln't work.
     
Loading...

Share This Page