Jump to content

Recommended Posts

Posted

Dear djbob,

would you be so kind to enable SSL on my website? Since I have got a reserved area, I would like to use that functionality in order to let users login in a secure manner (that is, without their passwords being sent in clear text over the Internet).

My website address is http://the1stclass.heliohost.org and my cPanel login name is "elgaton".

Thanks in advance.

Posted

Not quite. You have to pay for a certified certificate. You can just use SSL to secure a connection - that doesn't mean people will trust you, but hackers won't be able to intercept packets.

 

Anyways, I'm surprised that cPanel doesn't show this feature, as it is enabled. Go ahead and try going to http://yoursitehere.com:2082/frontend/x3/ssl/ and see if that helps you.

Posted

djbob,

the SSL option was not shown in the "Security" section of the main panel, but the direct link does work.

However, after having generated a private key and a certificate on my computer and having uploaded them to the server, I do not see the link "Setup a SSL certificate to work with your site" which I have to click in order to enable SSL on Apache (see the cPanel manual at http://www.cpanel.net/docs/cpanel/cp11/Sec...TLS_Manager.htm, step 5).

Posted

I accessed the page, selected my domain (the1stclass.heliohost.org) from the list and clicked on "Install Certificate", but cPanel says "Sorry, you must have a dedicated ip to use this feature!"

I've got a private Apache server on my machine (I actually use it to test my web site before uploading changes to the production server), therefore I know very well I don't need a dedicated IP to enable SSL. In fact, you may enable SSL on single virtual hosts selectively with the <VirtualHost> directive... is cPanel broken?

Posted

Maybe it is... you could check at the cPanel forums at their site. This is a weird problem... maybe there are security risks involved in this.

Posted
Maybe it is... you could check at the cPanel forums at their site. This is a weird problem... maybe there are security risks involved in this.

I've found some interesting posts in the cPanel forums:

http://forums.cpanel.net/showthread.php?t=75062

http://forums.cpanel.net/showthread.php?t=50467

 

I don't think there are security risks involved in using SSL without having a dedicated IP. It seems strange that cPanel does NOT allow that...

Posted

Arg! I have an ssl certificate, I installed it, but when I go to my site that SHOULD be signed and working (https://destructo.heliohost.org) I get an error page. When should this go away?

EDIT: Never mind, didn't read the topic in whole... Is there any way to trick CPanel into thinking that there is a dedicated IP?

Posted

No.

 

It seems strange that cPanel does NOT allow that...
Looks like they aren't allowing unsigned SSL certificates. Signed certificates do require dedicated IP's... however, I'm not sure what's wrong with unsigned SSL certificates.
Posted

I've found another interesting post in the cPanel Forums:

http://forums.cpanel.net/showthread.php?t=69598

After a little browsing, I found the only solution seems to be editing the httpd.conf file by hand or to use dedicated IPs.

 

Looks like they aren't allowing unsigned SSL certificates. Signed certificates do require dedicated IP's... however, I'm not sure what's wrong with unsigned SSL certificates.

Nothing should be wrong with unsigned SSL certificates. Anyway, when I tried to import my certificate I put the CA certificate in the "CA certificate bundle" section.

 

EDIT: after many tries and searches, I've found that it is not possible to use SSL on Virtual Hosts. That happens because SSL session initialization requires to know the right host name in order to present the client the right certificate. Unfortunately, the only way to know the host name if the server is using the "virtual hosts" feature is to look for the "Host" header in the HTTP session, which starts AFTER the SSL session is initialized. It is a chicken-and-egg-problem.

Look at the Apache SSL FAQ for more information: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...