Comments on: Installing an SSL Certificate on a Shared IP

By: Mazlan

Mazlan — Fri, 11 Nov 2011 08:27:03 +0000

Is this tweak is about SNI?

By: Mazlan

Mazlan — Fri, 11 Nov 2011 04:32:13 +0000

Hi,
1 SSL for 1 dedicated IP, yes, but now I know TLS technology offer a better solution by only use one port for unsecure and secure connection (like no need 443) and no need dedicated IP for each SSL. It is offered by SNI extension or subjectAltName based on here http://en.wikipedia.org/wiki/Server_Name_Indication and http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

But this thing seems new to me. I found this can be configure in Apache 2.2.x server as mention here: http://serverfault.com/questions/109766/ssl-site-not-using-the-correct-ip-in-apache-and-ubuntu and http://serverfault.com/questions/109800/multiple-ssl-domains-on-the-same-ip-address-and-same-port/

I wondering if it can be done in cPanel so any of my domains can gat a SSL cert and apply without buying another dedicated IP. I am looking to see this is possible in cPanel/WHM server.

By: paico | Usando SSL no seu VPS + Erro 500 ao usar SSL

paico | Usando SSL no seu VPS + Erro 500 ao usar SSL — Sat, 27 Aug 2011 20:04:24 +0000

[...] Este link ensina a fazer isto, em parte. Antes você deve ativar no seu WHM, em Centro de Segurança, o acesso via SSH (Autorização de senha no SSH). Procure ativar este recurso somente quando necessário e, quando não for fazer mais uso, desative-o. O autor, alias, a autora (Vanessa) pede, para seguir os seguintes passos: [...]

By: Rohit

Rohit — Sun, 23 Jan 2011 14:26:42 +0000

very helpful topics for me…

By: Eric Gillette

Eric Gillette — Thu, 13 Jan 2011 00:47:33 +0000

Yeah, Syed, it’s not that they’re operating on different ports, cPanel/WHM is just configured that way out of the box — even if your SSL was self signed, WHM for example would still answer on port 2086 AND port 2087.

I manage servers for clients who run WHM/cPanel, and I’ve configured their hosts so that the SSL port still answers whether a proper certificate exists or not.

The easiest way would be what Vanessa suggested, buy yourself a wildcard SSL cert, and then you’d be able to share an SSL certificate for all your clients like this:

https://www.yourdomain.com/~client's username]/[client's secure page]/

But your best bet (and most secure) is to simply assign a unique IP for each of your clients, and install an SSL certificate for each domain that has a unique IP.

If you don’t do it this way, then people will simply get a “Unable To Connect” message, rather than the browser still showing the page, but with an insecure/self-signed certificate (I personally prefer the latter case, since the client can still view the site).

Here’s an example:

This is a host that is either misconfigured or doesn’t have proper SSL ports setup:

https://www.rachelwoods.com

So in this example, even trying to connect to WHM results in the same error message:

https://www.rachelwoods.com/whm

While these examples don’t:

http://www.rachelwoods.com:2087

http://www.rachelwoods.com:443 (redirects to Apache’s default page, which leaves this host open to other vulnerabilities that I won’t mention here to protect the owner of that server)

It’s simply because cPanel/WHM is listening on the ports specifically and redirects the user accordingly, but if you’re SSL ports aren’t configured properly, then you end up like the host above.

And there ya have it. . .if you still need help, post again, and we’ll try to help you out.

By: Vanessa

Vanessa — Wed, 29 Dec 2010 02:44:07 +0000

You can install as many SSL certificates as you want – but each technically needs its own IP unless you’re using a wildcard SSL.

By: Syed Haider Hassan

Syed Haider Hassan — Sun, 26 Dec 2010 21:34:22 +0000

Hello every one..
i have never installed a certificate before so dont know much that how to install one..

i have a reseller account..and the hosting i have got for my self its on SSL connection.. but its only appears on cpanel and in whm. with different ports..
like usually cpanel port is 2082
so its port is 2083

and i have shared ip address..
so is it possible that i give hosting to my clients with SSL support that my client when open site it should come like
https://www.domain.com ??

also is it possible that to install the ssl on two ore more clients..

and also they wont recieve any problem on their end..

Looking forward to reply..

please tell is it possible without having any problems or not..

By: Eric Gillette

Eric Gillette — Thu, 15 Jul 2010 21:00:51 +0000

Yeah, I agree with Vanessa. I actually tested this, and exactly what she said would happen is what happened — it simply defaulted to the first entry in httpd.conf =0/

Well, at least cPanel leaves this opportunity available even if it is a work-around — Plesk on the other hand does it in a more ambiguous manner, but that’s a whole ‘nother conversation. . .

By: Vanessa

Vanessa — Sun, 07 Feb 2010 17:49:20 +0000

You actually can’t install an SSL certificate on more than one IP as far as I know…you could probably do it manually by adding a file to /var/cpanel/userdata/$user and rebuilding httpd.conf, but SSL is dependent on an IP, so whatever entry is first in httpd.conf will be the one that is served when a site on that IP is loaded via https.

By: Steve

Steve — Sun, 07 Feb 2010 17:26:34 +0000

Hey, I just tried to add an SSL ceet to one of my customers sites, and this worked a treat, thanks.

Tell me, can this work with MORE than one SSL on a single IP? Or is it just a way or forcing Cpanel to host a single SSL site on the main server IP?

Great article :)