SSL and DDOS Question

secretply

New Member
I have a question regarding SSL. I recently purchased a SSL certificate and tried to apply it on my website. I used the installation tool on WHM and it shows up on my cPanel account. I read on some other posts that you need a dedicated IP address to do this. How would I go about getting one and once I do, what would I have to do to apply the SSL on that IP?

Another question I have is with DDOS. I've heard somewhere that if you move a DNS off the server that it can help reduce DDOS attacks that I can receive on my website. I just want to know if that's recommendable and if so, how would I be going about it or if there's an alternative solution, then I can consider that as well.

Thanks for the help.
 

KH-Jonathan

Director of Managed Services
Staff member
I have a question regarding SSL. I recently purchased a SSL certificate and tried to apply it on my website. I used the installation tool on WHM and it shows up on my cPanel account. I read on some other posts that you need a dedicated IP address to do this. How would I go about getting one and once I do, what would I have to do to apply the SSL on that IP?
With cPanel, dedicated IPs are no longer required for SSL certificates so no worries there :)

Another question I have is with DDOS. I've heard somewhere that if you move a DNS off the server that it can help reduce DDOS attacks that I can receive on my website. I just want to know if that's recommendable and if so, how would I be going about it or if there's an alternative solution, then I can consider that as well.
The added hassle of this would not significantly reduce the risk of getting attacked unless you masked your IP behind cloudflare or something. As long as DNS is still just pushing out a normal A record with the IP of your server, it doesn't matter where DNS is hosted - the attacker will likely still hit your server directly.

Now if you're talking Cloudflare DNS where they handle all traffic and hide the IP of your server, then yes, that could reduce the risk as if done properly the attacker wouldn't be able to gain the real IP of your server, so as long as Cloudflare could handle filtering the large attack you'd be in much better shape. (There are very few attacks that CF for example can't handle). There are also similar DDoS protection services out there that will filter all of your traffic before it hits your server.
 

secretply

New Member
Thank you for the reply.

I'll look at DDOS later but thanks for the information.

For SSL, I can't access the https part of my website otherwise it throws the following error in Chrome: The site's security certificate is not trusted! I checked the Manage SSL Hosts on cPanel and it says it is installed but there's a yellow note that says that I'm not on a dedicated IP address and may cause false security warnings when accessing my SSL website. I have received the information I need via email for my certificate, key, and bundle but the bundle certificate says it is invalid. However, it wasn't necessary to add it to install the certificate. My certificate is self-signed though so I'm not sure if that is the reason why the error occurs. I need help determining what causes the error and how to fix it because I do not know how to do it after going through the support center from the certificate issuer website.
 

KH-Jonathan

Director of Managed Services
Staff member
My certificate is self-signed though so I'm not sure if that is the reason why the error occurs.
This warning will be displayed anytime you use a self-signed certificate. It doesn't mean that your site isn't using a secure connection - it is, there's just no certificate to act as an identity verification thus the warning.

The only way to remove this warning is to purchase a certificate from a signing authority.
 

Dan

Moderator
Hi secretply,

What do you mean the certificate is self signed? If you purchased it from a trusted SSL vendor then it should be signed by them. That is what would cause that error message to not be there, having a certificate that is signed by a trusted agency. Is the place got your certificate from a trusted agency?

Otherwise it's no different than, say, the certificates generated by a cPanel machine that it creates and signs itself for secure access to cPanel, WHM, and webmail.

When you access the secured area of your site you can examine the certificate to make sure that it's actually the one you've installed too.
 

secretply

New Member
What do you mean the certificate is self signed? If you purchased it from a trusted SSL vendor then it should be signed by them. That is what would cause that error message to not be there, having a certificate that is signed by a trusted agency. Is the place got your certificate from a trusted agency?
I think it is but I'm not sure. The certificate type is PositiveSSL and the vendor is Comodo. I would contact support but I think it's more of a hassle than it's supposed to be.
 

KH-Jonathan

Director of Managed Services
Staff member
@secretply

I'd recommend at this point to open a support ticket so we can help you get the certificate installed properly. Sounds like something isn't quite right.

I would contact support but I think it's more of a hassle than it's supposed to be.
This is very concerning. Are you referring to the process of opening a support ticket?
 

secretply

New Member
Sorry that I was unclear about the support. I meant I didn't want to bother them because I didn't think this was an issue that they needed to be bothered about, meaning I should be able to do this myself. Let me work on other stuff on my website first then I'll come back to this issue. Thanks. :)
 

KH-Jonathan

Director of Managed Services
Staff member
Ah ok that makes me feel much better.

We're here to support you, so don't pull your hair out - there's no need. Pop open a ticket and we'll get it worked out for you :)
 

secretply

New Member
Thanks for everyone's help, the issue is resolved. Support informed me that a self-signed certificate was generated, possibly through cPanel, which caused the certificate to be signed incorrectly.
 
Top