cPanel redirects, SSL, SNI and Wildcard Certs
This may be a PICNIC (Problem in Chair, Not in Cpanel) but I would appreciate the help.
I have a reseller account (example1.org) with a valid wildcard SSL -> *.example1.org.
I have created another account (example2.org) and it too has a valid wildcard SSL -> *.example2.org.
I do want SSL turned on automagically when the administrator of example2.org goes to Cpanel but I'm triggering a cert error because I get a mismatch of the SSL cert with the hostname.
I have a newly installed WHM 11.42 and it's bone stock.
Is this expected behavior?
I would prefer the folks administering example2.org could stay within their SSL environment and assumed SNI would take care of this.
I have played around with example1.org and example2.org being owned by root, example1 or example2 accounts and receive the same error.
I'm running: CENTOS 6.5 x86_64 xenpv " srv WHM 11.42.0 (build 1)
There are zero issues of I go to example1.org/cpanel but if I go to example2.org/cpanel I trigger the SSL cert error.
From Installed SSL Hosts:
Domains: *.example1.org
IP Address: xxx.xxx.xxx.xxx
IP Address Type: Shared
Is primary Website on IP address?: Yes
Needs SNI?: No
Owner: Nobody
Issuer: Comodo
Domains: *.example2.org
IP Address: xxx.xxx.xxx.xxx (same as above)
Ip Address Type: Shared
Is Primary Website on IP Address: No
Needs SNI?: Yes
Issuer: GeoTrust
Many thanks in advance.
-
Okay, definitely a PICNIC for one part. I installed the wrong CA bundle when installing the SSL cert. So, good news I don't get a mismatch with the CERT and hostname. But, now, I have a new issue. When I go to example2.org/cpanel I end up at example1.org/cpanel. In the big scheme of things this isn't an issue as the admin of example2 would log in with their credentials and would administer there environment. However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org. I know SNI is supported by apache but we're talking about Cpanel on port 2083. Am I stuck with this scenario? 0 -
[quote="rellis, post: 1561521">However, I would prefer the admins of example2.org would remain (as shown in the browser address bar) in example2.org and not rooted in example1.org.
Hello :) You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home " Server Configuration " Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache. Thank you.0 -
[quote="cPanelMichael, post: 1562432">Hello :) You can modify the redirection settings for access attempts to cPanel/WHM/Webmail by editing the values under the "Redirection" tab in "WHM Home " Server Configuration " Tweak Settings". Select "Origin Domain Name" to ensure the domain name remains in the browser tab. However, keep in mind cPanel/WHM/Webmail will use the SSL certificate installed for the service, not the SSL certificate installed for the domain name with Apache. Thank you.
I was afraid of that. Thanks for the confirmation. Hopefully, this will be an enhancement in the future. Virtual hosting and SNI provide much in the way of a seemingly dedicated environment for all things except use of the cPanel/WHM/Webmail services...0 -
I encourage you to vote and add your input to the existing feature request for this at: [url=http://features.cpanel.net/responses/ssl-certificate-per-domain-on-all-services]SSL certificate per domain on all services | cPanel Feature Requests Thank you. 0
Please sign in to leave a comment.
Comments
4 comments