SSL Error

quantumottle

New Member
I've purchased and installed an SSL cert on my primary domain however, I get the following error when I visit the URL via hhtps://

The site's security certificate is not trusted!

I know the cert is good since I installed it, and it's my domain, but is there a way to prevent this error from popping up or should I just ignore it? I am primarily using the cert for secure CPanel login.
 

KH-DanielP

KH-COO
Staff member
It sounds like you need to install the "CA" Bundle for this certificate.

In WHM when you're adding a certificate there will be a entry box below the key and crt entry fields for a CA bundle. This helps browsers direct to the right certificate authorities to show that the cert is trusted.
 

quantumottle

New Member
Wow, that took less than a minute for your reply Daniel. I think maybe I made the right decision leaving BlueHost, just maybe...

Unfortunately, I left off a very important part of the original question... When I go to my domain via https:// it does work properly, the problem is when I add :2083 to the end of it so I can log in to cPanel.

So it works for https://mydomain.com
but I get the error posted above if I try to go to https://mydomain.com:2083

I'm unsure how to check if I included the CA Bundle when I installed the cert or not. I'm Googling the process to check this now...

EDIT:
You are correct Daniel, I did not include the CA Bundle upon installation.
 

KH-DanielP

KH-COO
Staff member
Ahh, This does change things a bit.

Since your using https to directly access cPanel it poses several options.

The reason you get the error is it's actually loading a different certificate installed for the cPanel services, and not the certificate you installed on your website.

Unlike apache, which can have multiple domains and multiple certificates, cPanel only supports a single certificate. The default cert installed with cPanel is self signed, so you will get a warning that you have to accept, but it is safe to use.

Alternatively you can either get a certificate just for host.yourdomain.com (what ever your server name is) or you 'can' install your domains certificate onto cPanel but I would not recommend this as cPanel is designed to work based off your VPS hostname more so than an individual cPanel accounts domain.
 

quantumottle

New Member
Thanks for the explanation Daniel. I'm obviously new to VPS with very much still to learn.

So it sounds like I should probably abandon the idea of SSL cPanel login and maybe go with SSH, would you agree with that? Or would you recommend I generate a self signed cert for secure cPanel access?
 

KH-DanielP

KH-COO
Staff member
You can actually still use SSL access to cPanel, even though your browser gives you the message that the certificate is not trusted. When you get that message, it should give you an option to either accept the certificate or bypass the error message.

It's not telling you that SSL isn't working, but it's more or less saying, "Hey, there is a SSL here but they didn't pay money to one of the trusted authorities so I can't tell you its valid"
 

Terry Frazier

New Member
I have purchased and successfully installed (well, KH support installed) certificates for my server - both the host.domain and the web domain. I can now make secure connections to WHM without a certificate mismatch/invalid error.

I would now like to enforce secure connection requirements for all cPanel/WHM/webmail pages for all accounts on the server, so I have a few questions.
1. How do I enforce this? I suspect it has something to do with 301 redirects or .htaccess files or somesuch, but I don't know. I didn't see any obvious way to set it in WHM.

2. Is this a good idea? It seems like a good idea to me, but maybe there are some issues that I don't know about.

Thanks.
- twf
 

KH-Jonathan

Director of Managed Services
Staff member
I have purchased and successfully installed (well, KH support installed) certificates for my server - both the host.domain and the web domain. I can now make secure connections to WHM without a certificate mismatch/invalid error.

I would now like to enforce secure connection requirements for all cPanel/WHM/webmail pages for all accounts on the server, so I have a few questions.
1. How do I enforce this? I suspect it has something to do with 301 redirects or .htaccess files or somesuch, but I don't know. I didn't see any obvious way to set it in WHM.

2. Is this a good idea? It seems like a good idea to me, but maybe there are some issues that I don't know about.

Thanks.
- twf
1) You can enable the following option under the "Security" tab in "WHM Home » Server Configuration » Tweak Settings": "Require SSL"

2) Absolutely!
 

Terry Frazier

New Member
A secondary question regarding mail. Within Service Configuration » Mailserver Configuration there is an option for Allow Plaintext Authentication (from remote clients). This is set to Yes by default. From the explanatory text for the option I take it that No is the better setting and that No is in line with setting the Require SSL option noted above.

Is there any reason I should not set Allow Plaintext Authentication to No?

Thanks.
 
Top