Hi,
This might be a dumb question, but I could not find any tutorial on how to do this.
I am running a Cpanel System and want to set up https access for one of my virtual domains, mainly in order to get secure access to my cgi scripts. I only need this for myself, not for any visitors, so I do not need a "real" certificate. It's just the SSL encryption I am after.
The problem is that when I visit https://mydomain.com , I get a connection refused error, and I could not find any switches in WHM or CPanel to turn on a https daemon or something like that , only very confusing stuff about certificates, etc...
Is there any tutorial on how to set this up?
Thanks! Smile
Full Version: Quick and easy https for private purposes - How?
I am no SSL expert, but here is how I got it done in WHM:
1) Under SSL/TSL, choose Generate an SSL Certificate and Signing Request. Complete all the fields and click Create
2) Next do Install an SSL Certificate and Setup the Domain. Once you have entered the domain name (of an existing account), the certificate info is fetched automatically. Click Do It.
When I tried it just now, the response from WHM indicated that the certificate could be validated, but that Apache gave an error. The actual error was however not shown. So I went and edited the httpd.conf file manually and added the following:
You obviously need to replace the IP address, domain name and username with the relevant data. After editing httpd.conf, restart Apache.
When browsing your website via https you will get a warning that the certificate is not signed by a trusted party (because it was self-signed). You can simply accept and choose to import the certificate into your browser.
Hope this helps
1) Under SSL/TSL, choose Generate an SSL Certificate and Signing Request. Complete all the fields and click Create
2) Next do Install an SSL Certificate and Setup the Domain. Once you have entered the domain name (of an existing account), the certificate info is fetched automatically. Click Do It.
When I tried it just now, the response from WHM indicated that the certificate could be validated, but that Apache gave an error. The actual error was however not shown. So I went and edited the httpd.conf file manually and added the following:
CODE
<IfDefine SSL>
<VirtualHost 12.34.56.78:443>
ServerAlias www.mydomain.com mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot /home/forum/public_html
BytesLog domlogs/mydomain.com-bytes_log
ServerName www.mydomain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled myuser
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/forum:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User myuser
Group myuser
SSLEngine on
SSLCertificateFile /usr/share/ssl/certs/mydomain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/mydomain.com.key
CustomLog domlogs/mydomain.com combined
ScriptAlias /cgi-bin/ /home/theuser/public_html/cgi-bin/
</VirtualHost>
</IfDefine>
<VirtualHost 12.34.56.78:443>
ServerAlias www.mydomain.com mydomain.com
ServerAdmin webmaster@mydomain.com
DocumentRoot /home/forum/public_html
BytesLog domlogs/mydomain.com-bytes_log
ServerName www.mydomain.com
<IfModule mod_userdir.c>
Userdir disabled
Userdir enabled myuser
</IfModule>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/forum:/usr/lib/php:/usr/local/lib/php:/tmp"
</IfModule>
User myuser
Group myuser
SSLEngine on
SSLCertificateFile /usr/share/ssl/certs/mydomain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/mydomain.com.key
CustomLog domlogs/mydomain.com combined
ScriptAlias /cgi-bin/ /home/theuser/public_html/cgi-bin/
</VirtualHost>
</IfDefine>
You obviously need to replace the IP address, domain name and username with the relevant data. After editing httpd.conf, restart Apache.
When browsing your website via https you will get a warning that the certificate is not signed by a trusted party (because it was self-signed). You can simply accept and choose to import the certificate into your browser.
Hope this helps
I have found that normally sites using ssl - either self-signed or legit - must be on their own IP
The only exception would be the shared ssl for the server -
We offer clients the ability to get the shared ssl from us - but ... thats a different topic.
If this is just a thing you need to do for a month or so - use a test cert for up to 30 days...
:-)
Still stuck PM me.
The only exception would be the shared ssl for the server -
We offer clients the ability to get the shared ssl from us - but ... thats a different topic.
If this is just a thing you need to do for a month or so - use a test cert for up to 30 days...
:-)
Still stuck PM me.
There is no problem having other sites on the same IP as the SSL site. It is rather a case that an IP can have only one certificate installed to it.
yup -- your right - thought thats what I typed - but @ 1AM - who knows. . .
Thanks for your help, Stefaans! It worked perfectly :-)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.