SSL Error

Discussion in 'Linux VPS/Dedicated - cPanel' started by quantumottle, May 21, 2014.

  1. quantumottle

    quantumottle New Member

    I've purchased and installed an SSL cert on my primary domain however, I get the following error when I visit the URL via hhtps://

    The site's security certificate is not trusted!

    I know the cert is good since I installed it, and it's my domain, but is there a way to prevent this error from popping up or should I just ignore it? I am primarily using the cert for secure CPanel login.
     
  2. KH-DanielP

    KH-DanielP KH-COO Staff Member

    It sounds like you need to install the "CA" Bundle for this certificate.

    In WHM when you're adding a certificate there will be a entry box below the key and crt entry fields for a CA bundle. This helps browsers direct to the right certificate authorities to show that the cert is trusted.
     
  3. quantumottle

    quantumottle New Member

    Wow, that took less than a minute for your reply Daniel. I think maybe I made the right decision leaving BlueHost, just maybe...

    Unfortunately, I left off a very important part of the original question... When I go to my domain via https:// it does work properly, the problem is when I add :2083 to the end of it so I can log in to cPanel.

    So it works for https://mydomain.com
    but I get the error posted above if I try to go to https://mydomain.com:2083

    I'm unsure how to check if I included the CA Bundle when I installed the cert or not. I'm Googling the process to check this now...

    EDIT:
    You are correct Daniel, I did not include the CA Bundle upon installation.
     
  4. KH-DanielP

    KH-DanielP KH-COO Staff Member

    Ahh, This does change things a bit.

    Since your using https to directly access cPanel it poses several options.

    The reason you get the error is it's actually loading a different certificate installed for the cPanel services, and not the certificate you installed on your website.

    Unlike apache, which can have multiple domains and multiple certificates, cPanel only supports a single certificate. The default cert installed with cPanel is self signed, so you will get a warning that you have to accept, but it is safe to use.

    Alternatively you can either get a certificate just for host.yourdomain.com (what ever your server name is) or you 'can' install your domains certificate onto cPanel but I would not recommend this as cPanel is designed to work based off your VPS hostname more so than an individual cPanel accounts domain.
     
  5. quantumottle

    quantumottle New Member

    Thanks for the explanation Daniel. I'm obviously new to VPS with very much still to learn.

    So it sounds like I should probably abandon the idea of SSL cPanel login and maybe go with SSH, would you agree with that? Or would you recommend I generate a self signed cert for secure cPanel access?
     
  6. KH-DanielP

    KH-DanielP KH-COO Staff Member

    You can actually still use SSL access to cPanel, even though your browser gives you the message that the certificate is not trusted. When you get that message, it should give you an option to either accept the certificate or bypass the error message.

    It's not telling you that SSL isn't working, but it's more or less saying, "Hey, there is a SSL here but they didn't pay money to one of the trusted authorities so I can't tell you its valid"
     
    adev likes this.
  7. quantumottle

    quantumottle New Member

    Perfect! Thanks for the very helpful (and speedy) replies.
     
  8. Terry Frazier

    Terry Frazier New Member

    I have purchased and successfully installed (well, KH support installed) certificates for my server - both the host.domain and the web domain. I can now make secure connections to WHM without a certificate mismatch/invalid error.

    I would now like to enforce secure connection requirements for all cPanel/WHM/webmail pages for all accounts on the server, so I have a few questions.
    1. How do I enforce this? I suspect it has something to do with 301 redirects or .htaccess files or somesuch, but I don't know. I didn't see any obvious way to set it in WHM.

    2. Is this a good idea? It seems like a good idea to me, but maybe there are some issues that I don't know about.

    Thanks.
    - twf
     
  9. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    1) You can enable the following option under the "Security" tab in "WHM Home » Server Configuration » Tweak Settings": "Require SSL"

    2) Absolutely!
     
  10. Terry Frazier

    Terry Frazier New Member

    Fantastic. Thanks Jonathon!
     
  11. Terry Frazier

    Terry Frazier New Member

    A secondary question regarding mail. Within Service Configuration » Mailserver Configuration there is an option for Allow Plaintext Authentication (from remote clients). This is set to Yes by default. From the explanatory text for the option I take it that No is the better setting and that No is in line with setting the Require SSL option noted above.

    Is there any reason I should not set Allow Plaintext Authentication to No?

    Thanks.
     

Share This Page