SSL whm login

N

NeoCHI

Active member
So I've been procrastinating on this. Basically, I have a dedicated server where my forum runs and whenever I go to the whm login page it shows:

The site's security certificate is not trusted!
blah blah blah

I don't fully understand the scope of this warning and have googled about it. Basically, my question is, is it important to setup a SSL certificate for my whm login? If so can someone point me in the direction of how to get this done?
 
Buy a cert, verify the domain name in use, and install the cert in WHM for the services

upload_2014-3-9_11-49-37.webp
 
Self Signed certificates are not accepted by most browsers. You can try to import it on your system, but it's only accepted by default on your system then. It's not really important to have a certificate but it does give an extra layer of security, you know for sure you are connecting to the server and not some other server. If you want a cheap good and well accepted like Positive SSL certificate I can recommend https://www.namecheap.com/security/ssl-certificates.aspx for as low a 8$ . I have done so for my cPanel server and planning to make my current forum also available in SSL :)
 
MattW said:
Buy a cert, verify the domain name in use, and install the cert in WHM for the services
Click to expand...

What should I use as my domain name? My IP? When I go to my WHM it's basically my server's IP:2087

woei said:
Self Signed certificates are not accepted by most browsers. You can try to import it on your system, but it's only accepted by default on your system then. It's not really important to have a certificate but it does give an extra layer of security, you know for sure you are connecting to the server and not some other server. If you want a cheap good and well accepted like Positive SSL certificate I can recommend https://www.namecheap.com/security/ssl-certificates.aspx for as low a 8$ . I have done so for my cPanel server and planning to make my current forum also available in SSL :)
Click to expand...

Which certificate should I use? I don't see one for 8$
 
Be careful. If you install SSL for single domain, you might see SSL error if you access cpanel.yourdomain.com

You need wildcard if you want SSL for your domain and subdomain.
 
Sheratan said:
Be careful. If you install SSL for single domain, you might see SSL error if you access cpanel.yourdomain.com

You need wildcard if you want SSL for your domain and subdomain.
Click to expand...
Not if you by a cert for each domain + subdomain
 
Indeed. In my situation I only need 2 certificates. So it's cheaper to buy 2 single domain certificates than 1 wildcard certificate for the whole domain.
 
You are familiar with the expression if you are not paying for it then you are the customer? StartSSL has been hacked in the past. It's ok to use for securing your link to cPanel, but I rather use a bigger company such as Comodo of GeoTrust. Also I think the TS will need some serious support for installing his certificate...
 
Or you could just not do anything and deal with the error. Assuming you don't have clients on your server, you don't need an SSL certificate. The connection is still secure...the error is just saying that your browser doesn't recognize the certificate. In fact not only is the connection still secure, it's just as secure as it would be if you had a recognized certificate.

So to answer your second question, no, it's not important to set up an SSL certificate for your login.
 
WSWD said:
Or you could just not do anything and deal with the error. Assuming you don't have clients on your server, you don't need an SSL certificate. The connection is still secure...the error is just saying that your browser doesn't recognize the certificate. In fact not only is the connection still secure, it's just as secure as it would be if you had a recognized certificate.

So to answer your second question, no, it's not important to set up an SSL certificate for your login.
Click to expand...


How is it just as secure? Doesn't SSL make sure your logging into your server and not like a made up server someone makes you see to get your password... I dunno read something like that online. Also something about packet sniffing...
 
NeoCHI said:
How is it just as secure? Doesn't SSL make sure your logging into your server and not like a made up server someone makes you see to get your password... I dunno read something like that online. Also something about packet sniffing...
Click to expand...

That's the thing...you're still using SSL. If you go to www.yoursite.com:2087 (or /whm), the connection is still secure. All the traffic is going over the SSL connection, regardless of what type of certificate you use.

You just happen to be using a self-signed certificate, which is why your browser has a fit and gives you all the notifications. The certificate is not from a trusted authority. Of course not...it's from your server. :)

That's why I asked about other people/clients using your server. If it's just you, and you don't mind getting the error messages, it is just as secure for you to use that self-signed certificate as it is to use one you purchased. The actual SSL connection does not change.

We run purchased certificates on our hosting servers, for example, because clients get a little worried by the errors and notifications otherwise. They don't understand that it's just as secure either way.
 
WSWD said:
That's the thing...you're still using SSL. If you go to www.yoursite.com:2087 (or /whm), the connection is still secure. All the traffic is going over the SSL connection, regardless of what type of certificate you use.

You just happen to be using a self-signed certificate, which is why your browser has a fit and gives you all the notifications. The certificate is not from a trusted authority. Of course not...it's from your server. :)

That's why I asked about other people/clients using your server. If it's just you, and you don't mind getting the error messages, it is just as secure for you to use that self-signed certificate as it is to use one you purchased. The actual SSL connection does not change.

We run purchased certificates on our hosting servers, for example, because clients get a little worried by the errors and notifications otherwise. They don't understand that it's just as secure either way.
Click to expand...

So even though the url shows up with https://serverip with the https: part strikethroughed, it still means it's going over a SSL connection?
 
NeoCHI said:
So even though the url shows up with https://serverip with the https: part strikethroughed, it still means it's going over a SSL connection?
Click to expand...

You mean like this? ;)

ssl.webp



The important part shows up if you click on the lock (I'm guessing you're using Chrome). Shows all the encryption information. The https is shown crossed out because the server certificate is not trusted, as I explained in previous posts. But yes, the connection is 100% secure, over an SSL connection.
 
WSWD said:
You mean like this? ;)

View attachment 69157



The important part shows up if you click on the lock (I'm guessing you're using Chrome). Shows all the encryption information. The https is shown crossed out because the server certificate is not trusted, as I explained in previous posts. But yes, the connection is 100% secure, over an SSL connection.
Click to expand...

ahh ic, great thanks!
 
You must log in or register to reply here.

Similar threads

S
  • Question Question
Vbulletin 4.2.5 to XenForo upgrade + WHM / Cpanel server setup
Replies
7
Views
104
ForumDevs
ForumDevs
R
WSL, SSL, Certs for xenforo.dev?
2
Replies
25
Views
286
Robert9
R
O
  • Question Question
XF 2.2 How to automatically log out when there is a new login?
Replies
2
Views
33
onkyo
O
P
Protect non-XenForo directory with XenForo login
Replies
8
Views
163
philmckrackon
philmckrackon
Steffen
Adding a Passkey implicitly enables 2FA which effectively disables password-based login and unexpectedly makes account recovery impossible
Replies
0
Views
36
Steffen
Steffen
Back
Top Bottom