Jump to content

SSL activation


ElGaton

Recommended Posts

Dear djbob,

would you be so kind to enable SSL on my website? Since I have got a reserved area, I would like to use that functionality in order to let users login in a secure manner (that is, without their passwords being sent in clear text over the Internet).

My website address is http://the1stclass.heliohost.org and my cPanel login name is "elgaton".

Thanks in advance.

Link to comment
Share on other sites

Not quite. You have to pay for a certified certificate. You can just use SSL to secure a connection - that doesn't mean people will trust you, but hackers won't be able to intercept packets.

 

Anyways, I'm surprised that cPanel doesn't show this feature, as it is enabled. Go ahead and try going to http://yoursitehere.com:2082/frontend/x3/ssl/ and see if that helps you.

Link to comment
Share on other sites

djbob,

the SSL option was not shown in the "Security" section of the main panel, but the direct link does work.

However, after having generated a private key and a certificate on my computer and having uploaded them to the server, I do not see the link "Setup a SSL certificate to work with your site" which I have to click in order to enable SSL on Apache (see the cPanel manual at http://www.cpanel.net/docs/cpanel/cp11/Sec...TLS_Manager.htm, step 5).

Link to comment
Share on other sites

I accessed the page, selected my domain (the1stclass.heliohost.org) from the list and clicked on "Install Certificate", but cPanel says "Sorry, you must have a dedicated ip to use this feature!"

I've got a private Apache server on my machine (I actually use it to test my web site before uploading changes to the production server), therefore I know very well I don't need a dedicated IP to enable SSL. In fact, you may enable SSL on single virtual hosts selectively with the <VirtualHost> directive... is cPanel broken?

Link to comment
Share on other sites

Maybe it is... you could check at the cPanel forums at their site. This is a weird problem... maybe there are security risks involved in this.

I've found some interesting posts in the cPanel forums:

http://forums.cpanel.net/showthread.php?t=75062

http://forums.cpanel.net/showthread.php?t=50467

 

I don't think there are security risks involved in using SSL without having a dedicated IP. It seems strange that cPanel does NOT allow that...

Link to comment
Share on other sites

No.

 

It seems strange that cPanel does NOT allow that...
Looks like they aren't allowing unsigned SSL certificates. Signed certificates do require dedicated IP's... however, I'm not sure what's wrong with unsigned SSL certificates.
Link to comment
Share on other sites

I've found another interesting post in the cPanel Forums:

http://forums.cpanel.net/showthread.php?t=69598

After a little browsing, I found the only solution seems to be editing the httpd.conf file by hand or to use dedicated IPs.

 

Looks like they aren't allowing unsigned SSL certificates. Signed certificates do require dedicated IP's... however, I'm not sure what's wrong with unsigned SSL certificates.

Nothing should be wrong with unsigned SSL certificates. Anyway, when I tried to import my certificate I put the CA certificate in the "CA certificate bundle" section.

 

EDIT: after many tries and searches, I've found that it is not possible to use SSL on Virtual Hosts. That happens because SSL session initialization requires to know the right host name in order to present the client the right certificate. Unfortunately, the only way to know the host name if the server is using the "virtual hosts" feature is to look for the "Host" header in the HTTP session, which starts AFTER the SSL session is initialized. It is a chicken-and-egg-problem.

Look at the Apache SSL FAQ for more information: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...