Using site ssl cert for VPS management interfaces

Discussion in 'Security' started by Ichiban, Aug 14, 2013.

  1. Ichiban

    Ichiban Member

    I'm looking to pick up a cheap Comodo PositiveSSL cert from Namecheap to enable secure logins for my main site on a VPS-2. I think that cert would also be used to secure cPanel sessions if accessed via the hostname in the cert would not be used for PowerPanel sessions. Is that correct?
     
  2. KH-Jared

    KH-Jared Jr. Sysadmin Staff Member

    Hello,

    The SSL certificate can be used for cPanel, however you have to install it in an extra place.
    You can install it in WHM>>Service Configuration>>Manage Service SSL Certificates for various services.

    After it is installed, if you try to access cPanel via the domain the certificate was for and the secure cPanel port, 2083, you won't get either the wrong domain or self-signed warnings.

    As for Power Panel, it is correct that you cannot change the certificate it uses.
     
  3. zombie

    zombie Member

    If you're referring to webmail, admin panel, etc. you can use self-signed certificates for that.
    They are no less secure than 'browser-recognized' certificates, except, unless you whitelist them you'll always get the "potentially insecure" notice.

    With that said, if it's just you and your employees that will be hitting the secure logins, use a (free) self-signed cert.

    If customers / the public will be hitting the cert, than go with a paid/browser-recognized certificate from Namecheap or whomever you buy one from.
     
  4. Dave G

    Dave G Member

    Just a note.
    The last time I purchased a cert from Comodo (2 years ago) I started to get crap mail from them telling me all about there other products, now I wouldn't have minded but it was 2-3 times a day EVERY day I ended up having to block there email as they refused to remove me from there list after repeated requests. I also found complaints about this on there forum.
    I would go with GeoTrust, just my 2 cent.

    Dave G
     
  5. zombie

    zombie Member

    Have to agree with Dave, I've heard similar reviews of the bigger SSL companies.

    Plus, I was with one of the bigger companies for my first SSL and I got newsletters throughout the year and whatnot.... everything except the email telling me my SSL was expiring and how to renew! For a noob, that would have certainly been helpful instead of having to keep an eye on it myself.

    Nowadays, I use http://www.clickssl.com - my SSL cert ends up being $24 for a 2-year term (RapidSSL). Their coupons are on the right-side of the checkout process.. if you don't see one, search for one, they're always out there.

    ClickSSL also sends email updates when your certificate is a few months from expiring. I just renewed mine.
    With ClickSSL's instructions, I was able to install it on my own via cpanel without bugging Knownhost for help.
     
  6. Dave G

    Dave G Member

  7. zombie

    zombie Member

    Dave,

    Namecheap was the SSL company I've worked with in years past that didn't send a proper renewal notice.
    They billed me for the renewal, yet offered no help how to get a renewed cert onto the site. Even when I politely explained I had no clue what I was doing, I was more or less told I was on my own.

    I ended up dumping the cert and getting one through The Planet.

    That was several years ago so they may be better now, so I didn't want to give a totally biased review of their service. It was roughly 2006-2007.
    Though with that experience in mind, assuredly, I'd never buy from them (myself) again.
     
  8. Dave G

    Dave G Member

    Fair enough.
     
  9. Ichiban

    Ichiban Member

    Thanks for the info. I may go with RapidSSL instead. The price and features of that and the low-end Comodo cert are nearly identical.

    My real question is, can I use a purchased cert to secure the Virtuozzo Power Panel and, if so, how do I go about doing that? Since Power Panel manages the container, I'm just assuming the cert used to secure my SSL connection to that interface isn't installed inside the container.
     
  10. Dan

    Dan Moderator

    Hi Ichiban,

    As Jared said in his post you cannot change the cert for the power panel. To be honest I'm not sure why you would want to as you shouldn't ever really need to go into it.
     
  11. Ichiban

    Ichiban Member

    Sorry about that. I must have jumped to the comment just after Jared's from an email link and completely missed his response. Thanks Jared & Dan.

    More than likely, I won't be going to the Power Panel. I just noted in my exploration of the VPS that it was using a self-signed cert and thought I might be able to 'correct' that with something I was planning on buying anyway. So not as much a need as an opportunity.
     
  12. Ichiban

    Ichiban Member

    Well, due to my own stupidity, that was a lot more adventurous than it should have been, but everything worked out fine in the end.

    Somehow I mixed up the cert submitted with the CSR for the signed cert received back from the CA. Then, while trying to figure out the problem (why does it keep saying I'm using a self-signed cert!!??), I almost deleted the RSA key for the CA signed cert. In the end, the server gods were kind. Both the main (currently empty) website and the WHM interface for the VPS are working as expected over SSL. I've also got both the cert and key filed safely away inside a KeePass repository to avoid any future...unpleasantness.

    Thanks again for the help!
     
  13. zombie

    zombie Member

    I've been down that road. :)
    Always a good idea to make backups of the keys every step of the way.
     
  14. hawks

    hawks New Member

    Hello
    Which ssl cert is the cheapest single-root ssl?
    It is said that single-root ssl is better for web-speed, right?
    Thanks.
     
    Last edited: Feb 7, 2014

Share This Page