New Cpanel/WHM SSL certificate ?

[monaghan]

I've not got round to it yet, but is there a simple guide to getting a new SSL cert for cPanel/WHM yet ?

Mine still has the host.domain.com cert and Windows bleats about it each time.

I'd like to suggest my customers use the secure connection to their cpanel, but I guess I'd better sort this first.

At the moment I have no need for a paid SSL cert as I do no financial transactions, so all I really need is a self signed one.

 

[turnkey]

To be honest, I think a cert for the server is a complete wast of money. Other then you get those secuity warnings I see no need for a cert for the server control panel because it is not passing credit card info and really does not need crudentials.

However, if you are thinking of a shared SSL for your customers https://yourserver.servername.com/~customerusername then that is a different story.

I have not done it with cPanel but it should not be hard. I've done it before with Ensim back when freessl.com actually had free certificates. Those were the days.

 

[Decker]

I use a free cert from ipsca.com for my main site and will for a couple of other sites I'm developing outside the hosting arena - 6 month cert costs nothing, and you just need to get a new one each time no limit (so far) on renewing

 

[monaghan]

Possible dumb newbie question

To generate a certificate request, I simply complete the form in WHM/Generate an SSL Certificate and Signing Request ?

What should this do ? I'd assumed that it would email me the necessary, but nothing has been delivered :-(

If I try and install a cert, then I'd expect it to return the csr, but it doesn't. ANy suggestions ?

The test site has a unique IP. Is there anything else ?

 

[MikeChristopher]

you need to generate the request this should give you a signing request code ,you give this to a company that sells the certs and they produce the code for the certificate

 

[monaghan]

It wouldn't create a CSR for me

I tried again later and it did that time, so all's underway.

 

[turnkey]

I might play with this next week. Now that I know where to get demenstation "free" certificates again

 

[Leo]

Is it only the hosts that have to get this?
What if my host doesnt have this installed and I want to do transactions through my site?

 

[Vovex Technology]

Leo,

SSL basically encrypts information going through the secure port making it hard for people to steal credit card information and other important data. If you are doing transactions without an SSL cert you may want to think about purchasing one soon. Last thing you want is someone stealing your customers credit card and running up a nice $500+ shopping spree on it.

 

[turnkey]

Leo,

Most hosts will provide you the means to have a secure site. The host will probally charge you a small extra fee to have a dedicated IP (required for SSL) and possibally a setup fee. Then you have to buy a SSL certificate usually about $35 and up. http://www.freessl.com has nice chained certificates and ev1servers.net sells Geo Trust certificates. I think the chained SSL is the same as Geo Trust.

If you do any credit card stuff on your site or even collect sensitive information about your customers it is your responsibility to make sure that information is kept secure and not compromised. Not only are people steeling credit cards off the net but there is a lot of identity theaft going on as well.

 

[Leo]

Oh right thanks for the help

Can I use shared SSL for doing transactions online?

 

[turnkey]

Leo,

If your host has shared SSL setup then yes but honestly it looks more profeshional if you have your own. The SSL cert is there to prove you have crudentials. If you use a shared SSL then you are just using somebody elses crudentials.

The entire point about SSL is:

1. The consumer knows it is safe to place sensitive information in a 128bit encrypted web page.

2. The person who is selling the goods/service is who they say they are.

 

[Leo]

Ah ok thanks turnkey

More costs to run my site then

Good to know anyway!