Skip to main content

SSL defaults to hosted domain, instead of server domain.

jols
Hi, This is a serious concern to some of our hosted customers. For some reason it seems to come up periodically. We have a number of SSL certs installed on our server, three of which use the non-dedicated, server IP. Everything in this regard runs fine. However, when someone happens to try an https address for their own domain, without having gone thought he process to install their own certs, self-signed or otherwise, they get a reference to one of the other domains on the server, rather than the server domain, or their own. This upsets our customers because they believe their web site is being hijacked. Case in point: When using: https://www.domainA.org/ They will get, the "This connection untrusted..." as is expected. However, when clicking on the certificate details link, they will see this: ---------------------------- Technical Details: http://www.domainA.org uses an invalid security certificate. The certificate is only valid for the following names: www.SomeOther.com, SomeOther.com (Error code: ssl_error_bad_cert_domain) ---------------------------- And again, SomeOther.com IS located on the same server, they just use the server IP as opposed to a dedicated IP for their cert installation. Other accesses, to other accounts with no cert, pull up the same "Technical Details" result. So the question, is, how can we put a stop to this behavior, that is, how can we have the technical details reflect ourServerDomain.com rather than one of our customer's domains (SomeOther.com) as the default/fallback domain for SSL access?

Comments

1 comment

Date Votes
  • cPanelMichael
    Hello :) If the account is assigned a shared IP address, and a SSL certificate is installed on that IP address, then any secure request to a domain name on that IP address will load the contents of the domain name the certificate is installed for. This is by design. You will need to assign a dedicated IP address to the account that uses the SSL certificate if you don't want that certificate applied to the other domain names on it's IP address. Or, you could generate/install a self-signed certificate for each domain name on the server (Assuming your server supports SNI). You could also make one alternate SSL certificate the primary certificate for an IP address via the "Make Primary" option in "WHM Home " SSL/TLS " Manage SSL Hosts". Thank you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post