BuycPanel Blog

BuycPanel Blog

Latest news and updates

Proxy Subdomains Usage of cPanel Service SSL

Posted by Allura on 20 08 2018.

Introduction
There was a connection error shown to the visitors whenever they tried accessing a website using https without an SSL configuration in cPanel and WHM’s 11.40 version.

Later in 11.42 version, Apache’s configuration was modified for proper usage of proxy subdomains with SSL.

 	SSL and non-SSL connections are handled separately by proxy subdomain virtualhosts.
 	All assigned IP addresses on a server is explicitly bounded by each proxy subdomain virtualhost.
 	Some of the SSL virtualhost configurations like cpanel, whm, webdisk, and webmail use the cPanel service SSL certificate.

It is found that in version 62 and after 62 of cPanel and WHM, it enables SNI functionality by default for SSL certificates on proxy subdomains. Here the multiple SSL certificates are allowed by SNI to use a single IP address and port number.

Because of these changes, cPanel’s service SSL certificate is used by Apache in order to secure websites who do not have with…

Introduction

There was a connection error shown to the visitors whenever they tried accessing a website using https without an SSL configuration in cPanel and WHM’s 11.40 version.

Later in 11.42 version, Apache’s configuration was modified for proper usage of proxy subdomains with SSL.

  • SSL and non-SSL connections are handled separately by proxy subdomain virtualhosts.
  • All assigned IP addresses on a server is explicitly bounded by each proxy subdomain virtualhost.
  • Some of the SSL virtualhost configurations like cpanel, whm, webdisk, and webmail use the cPanel service SSL certificate.

It is found that in version 62 and after 62 of cPanel and WHM, it enables SNI functionality by default for SSL certificates on proxy subdomains. Here the multiple SSL certificates are allowed by SNI to use a single IP address and port number.

Because of these changes, cPanel’s service SSL certificate is used by Apache in order to secure websites who do not have with them an SSL certificate. An SSL warning may appear infront of the visitors to sites without an SSL certificate, because Apache already used cPanel’s service SSL certificate in order to secure the site.

How to Bypass the use of Proxy Subdomains and the cPanel Service SSL Certificate

Before going through the steps, one must note that we do not ask anyone to bypass their server’s proxy subdomain configuration.

There are steps that can be put to use in preventing the usage of cPanel service SSL certificate for cpanel, whm, webdisk, and webmail subdomains.

Steps:

  • To begin with, one needs to disable the Proxy Subdomains setting in the Domains section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
  • Then one should use cPanel’s Subdomain interface (cPanel >> Home >> Domain >> Subdomains) to create each service’s subdomain manually (like, for example, cpanel, whm, webdisk, and webmail).
  • Lastly, one needs to redirect each service’s subdomain to the exact secure URL and port as given below:
  • If the service is of cPanel,

Subdomain: cpanel.example.com

Redirection: https://example.com:2083

  • If the service is of WHM,

Subdomain: whm.example.com

Redirection: https://example.com:2087

  • If the service is of WebDisk,

Subdomain: webdisk.example.com

Redirection: https://example.com:2078

  • If the service is of Webmail,

Subdomain: webmail.example.com

Redirection: https://example.com:2096

It is seen that when one navigates to webmail.example.com, the server redirects them to https://example.com:2096 and makes the use of example.com domain’s SSL certificate to secure connection.

Conclusion

Proxy subdomains use the SSL certificate cPanel service. There are technical ways to check this usage and continue with the correct order of work.