The Domain TLS system works in storing and managing the server’s verified certificates in a domain-indexed repository. This system also works faster and more efficient in managing SNI services for a user’s domains. It looks up the domain, finds the necessary certificate and retrieves that certificate, key, and CA bundle for that domain name.
The system copies the certificate into the Domain TLS for each domain of the Apache virtual host when a user installs a certificate for Apache. It is secured by the certificate. If it is secured with five domains, then the Domain TLS will contain five copies of the certificate.
Domain TLS handles the following services, like:
cpsrvd — handles cPanel, WHM, and Webmail logins and interfaces.
cpdavd — handles Calendar, Contacts, and Web Disk services.
exim — handles Mail transfer and receiving services.
dovecot — handles Mailbox service.
This certificate storage groups domains into virtual hosts, that the cPanel interface refers it to as websites.
Domain TLS handles the domain name as a key and the certificate as a value.
Most of cPanel & WHM analyses the www. subdomain as functionally parallel to its parent domain, like, the cPanel Store issues certificates for example.com that naturally includes the www.example.com subdomain. Domain TLS analyses the www. subdomain and parent domain as separate items as because TLS analyse each and every domain as a separate entity. It results in Domain TLS to store each as a separate entry on the index.
And last but not the least, Domain TLS do not have any expired or invalid certificates that the Apache SSL certificate storage has in it.
When the cPanel & WHM version 60 was being upgraded, servers naturally copied current and valid certificates from the Apache SSL certificate storage to Domain TLS storage. Domain TLS however, do not copy expired or invalid certificates from Apache’s SSL storage. Remember that when you install it, try to manage and delete certificates through cPanel & WHM user interfaces or API calls. The system naturally will perform the updates as a mandatory part to the Domain TLS index and certificate storage.
It is to note that currently a user interface is not provided to manage Domain TLS. But, as more services are using this feature for SNI, soon there may be an addition of such interface for better working.
All information on how to work on the domain TLS system is outlined in this review.