SSL Certificate

SRQWebHost

New Member
I apologize if this is a common question. I searched and couldn't find an answer. If I want to purchase an SSL certificate for my VPS server, do I use the Purchase and Install an SSL Certificate option in WHM or is there a better option?

Thanks!
 

KH-Jared

Sysadmin
Staff member
Hi,

That option would certainly work but it seems most people like to either shop around or use the registrar they bought the domain from, if the registrar also sells SSL certificates. If you want to do this, you'd used 'WHM >> SSL/TLS >> Generate an SSL Certificate and Signing Request.' What you can do here is generate the Certificate Signing Request (CSR) which you can provide to a signing authority to get a Signed SSL certificate.

That would be your two options here. Let us know if you have any other questions about it.
 

SRQWebHost

New Member
I have another question and figured I'd reuse this thread. Can anyone tell me whether it is better to use cPanel's SNI functionality and add multiple certificates on a shared IP or to request/use a dedicated IP? I am hosting a number of sites on a single VPS instance and would like to enable SSL for several of them. Thanks in advance to anyone who can shed some light on this.
 

KH-Jonathan

Director of Managed Services
Staff member
I have another question and figured I'd reuse this thread. Can anyone tell me whether it is better to use cPanel's SNI functionality and add multiple certificates on a shared IP or to request/use a dedicated IP? I am hosting a number of sites on a single VPS instance and would like to enable SSL for several of them. Thanks in advance to anyone who can shed some light on this.
The only downside of SNI is that any domains on the same IP which don't use SSL will serve the content of the first SSL vhost when visiting https://domain.com on a domain that doesn't use SSL.

Let me know if that makes sense. Other than that, there's no downside to SNI.
 

SRQWebHost

New Member
So if I understand correctly, if domain1.com is the first vhost and domain2.com doesn't have its own SSL Cert, when someone tries to access HTTPS for domain2.com they will get an error that the cert doesn't match? If so, I'm not too worried about it. I can always just add another cert if it became an issue.
 

KH-Jonathan

Director of Managed Services
Staff member
No they wouldn't get an error, they'd just be served the content from domain1.com.

Your logic for fixing it is correct though by adding a cert to the domain having the issue.
 

SRQWebHost

New Member
Oh, wow. Now that could be a problem. Is a reasonable strategy for mitigating this to move SSL-enabled sites to one IP and have non-SSL on the other? I believe I have 2 available as part of my VPS plan.
 

KH-Jonathan

Director of Managed Services
Staff member
Oh, wow. Now that could be a problem. Is a reasonable strategy for mitigating this to move SSL-enabled sites to one IP and have non-SSL on the other? I believe I have 2 available as part of my VPS plan.
Well unless you're using reseller accounts to "share" several IPs, WHM only allows a single IP to be set as a shared IP.
 
Top