• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SSL whm login

NeoCHI

Active member
#1
So I've been procrastinating on this. Basically, I have a dedicated server where my forum runs and whenever I go to the whm login page it shows:

The site's security certificate is not trusted!
blah blah blah

I don't fully understand the scope of this warning and have googled about it. Basically, my question is, is it important to setup a SSL certificate for my whm login? If so can someone point me in the direction of how to get this done?
 

woei

Well-known member
#3
Self Signed certificates are not accepted by most browsers. You can try to import it on your system, but it's only accepted by default on your system then. It's not really important to have a certificate but it does give an extra layer of security, you know for sure you are connecting to the server and not some other server. If you want a cheap good and well accepted like Positive SSL certificate I can recommend https://www.namecheap.com/security/ssl-certificates.aspx for as low a 8$ . I have done so for my cPanel server and planning to make my current forum also available in SSL :)
 

NeoCHI

Active member
#4
Buy a cert, verify the domain name in use, and install the cert in WHM for the services
What should I use as my domain name? My IP? When I go to my WHM it's basically my server's IP:2087

Self Signed certificates are not accepted by most browsers. You can try to import it on your system, but it's only accepted by default on your system then. It's not really important to have a certificate but it does give an extra layer of security, you know for sure you are connecting to the server and not some other server. If you want a cheap good and well accepted like Positive SSL certificate I can recommend https://www.namecheap.com/security/ssl-certificates.aspx for as low a 8$ . I have done so for my cPanel server and planning to make my current forum also available in SSL :)
Which certificate should I use? I don't see one for 8$
 

Sheratan

Well-known member
#7
Be careful. If you install SSL for single domain, you might see SSL error if you access cpanel.yourdomain.com

You need wildcard if you want SSL for your domain and subdomain.
 

woei

Well-known member
#10
Indeed. In my situation I only need 2 certificates. So it's cheaper to buy 2 single domain certificates than 1 wildcard certificate for the whole domain.
 

woei

Well-known member
#13
You are familiar with the expression if you are not paying for it then you are the customer? StartSSL has been hacked in the past. It's ok to use for securing your link to cPanel, but I rather use a bigger company such as Comodo of GeoTrust. Also I think the TS will need some serious support for installing his certificate...
 

WSWD

Well-known member
#14
Or you could just not do anything and deal with the error. Assuming you don't have clients on your server, you don't need an SSL certificate. The connection is still secure...the error is just saying that your browser doesn't recognize the certificate. In fact not only is the connection still secure, it's just as secure as it would be if you had a recognized certificate.

So to answer your second question, no, it's not important to set up an SSL certificate for your login.
 

NeoCHI

Active member
#15
Or you could just not do anything and deal with the error. Assuming you don't have clients on your server, you don't need an SSL certificate. The connection is still secure...the error is just saying that your browser doesn't recognize the certificate. In fact not only is the connection still secure, it's just as secure as it would be if you had a recognized certificate.

So to answer your second question, no, it's not important to set up an SSL certificate for your login.

How is it just as secure? Doesn't SSL make sure your logging into your server and not like a made up server someone makes you see to get your password... I dunno read something like that online. Also something about packet sniffing...
 

WSWD

Well-known member
#16
How is it just as secure? Doesn't SSL make sure your logging into your server and not like a made up server someone makes you see to get your password... I dunno read something like that online. Also something about packet sniffing...
That's the thing...you're still using SSL. If you go to www.yoursite.com:2087 (or /whm), the connection is still secure. All the traffic is going over the SSL connection, regardless of what type of certificate you use.

You just happen to be using a self-signed certificate, which is why your browser has a fit and gives you all the notifications. The certificate is not from a trusted authority. Of course not...it's from your server. :)

That's why I asked about other people/clients using your server. If it's just you, and you don't mind getting the error messages, it is just as secure for you to use that self-signed certificate as it is to use one you purchased. The actual SSL connection does not change.

We run purchased certificates on our hosting servers, for example, because clients get a little worried by the errors and notifications otherwise. They don't understand that it's just as secure either way.
 

NeoCHI

Active member
#17
That's the thing...you're still using SSL. If you go to www.yoursite.com:2087 (or /whm), the connection is still secure. All the traffic is going over the SSL connection, regardless of what type of certificate you use.

You just happen to be using a self-signed certificate, which is why your browser has a fit and gives you all the notifications. The certificate is not from a trusted authority. Of course not...it's from your server. :)

That's why I asked about other people/clients using your server. If it's just you, and you don't mind getting the error messages, it is just as secure for you to use that self-signed certificate as it is to use one you purchased. The actual SSL connection does not change.

We run purchased certificates on our hosting servers, for example, because clients get a little worried by the errors and notifications otherwise. They don't understand that it's just as secure either way.
So even though the url shows up with https://serverip with the https: part strikethroughed, it still means it's going over a SSL connection?
 

WSWD

Well-known member
#18
So even though the url shows up with https://serverip with the https: part strikethroughed, it still means it's going over a SSL connection?
You mean like this? ;)

ssl.png



The important part shows up if you click on the lock (I'm guessing you're using Chrome). Shows all the encryption information. The https is shown crossed out because the server certificate is not trusted, as I explained in previous posts. But yes, the connection is 100% secure, over an SSL connection.
 

NeoCHI

Active member
#19
You mean like this? ;)

View attachment 69157



The important part shows up if you click on the lock (I'm guessing you're using Chrome). Shows all the encryption information. The https is shown crossed out because the server certificate is not trusted, as I explained in previous posts. But yes, the connection is 100% secure, over an SSL connection.
ahh ic, great thanks!