Have you ever faced SSL-related issues? Then you already know how exasperating it can be to deal with such issues. That is the reason we have decided to put together all the relevant information that outlines the most common issues with regard to SSL, along with the ways in which you can troubleshoot and resolve these issues.
Before proceeding, it needs to be mentioned that only TLS (Transport Layer Security) protocol version 1.2 is supported by cPanel & WHM version 68. Only those applications are supported that use TLSv1.2. It is recommended that you enable TLSv1.2 on your server.
What is SSL?
SSL, which is the abbreviation for Secure Sockets Layer, is a protocol that establishes authenticated and encrypted links between networked computers. The SSL protocol was deprecated when TLS (Transport Layer Security) 1.0 was released in the year, 1999, but these related technologies are commonly referred to as “SSL” or “SSL/TLS”.
SSL refers to the standard technology that is used to keep an Internet connection secure and to safeguard the sensitive data, which is exchanged between two systems, a server and a client or server to server. This prevents those with malicious intent from reading and/or modifying any information that is being transferred.
To digress, in the context of servers, VPS (Virtual Private Servers) are a type of server that are highly efficient for hosting purposes and are provided by most of the professional web hosting companies, such as HTS Hosting. HTS Hosting offers Windows Managed VPS, Linux Managed VPS at the most affordable prices while ensuring the highest quality of service for its clients.
Now let us elaborate on the various common issues that have to do with SSL.
Installation Issues
Some common certificate installation issues and the ways to fix those issues are being described here.
Certificate/Key Mismatch
If you receive the error messages, modulus mismatch or key file does not match the certificate, then it means that the private key which you had entered had not generated that certificate which you had wanted to install. The correct private key might be in a different file.
When you try to install a certificate, WHM might automatically complete the text box, Private Key. You need to paste the private key in the text box, Private Key, in WHM’s Install an SSL Certificate on a Domain interface, in order to properly install the certificate.
WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain.
Dedicated IP Addresses
SSL allows only one certificate/IP address, when SNI (Server Name Indication) is disabled. Since each single cPanel account uses a single IP address, it is possible to assign only one certificate/account. If any problem is encountered with a subdomain, a dedicated IP address can be assigned to it, or SNI can be enabled on the server.
Post-Installation Warnings
Now let us provide information on some of the most common post-installation warnings, and the ways in which those can be fixed.
Certificate Mismatch Warnings
In this situation, most probably your web host either uses a self-signed certificate, or a signed certificate which doesn’t match your domain name. This warning is meant to notify that the name which is on the certificate is not an exact match to the name of the domain which you want to visit.
You need to ensure that the SSL certificate matches the domain which belongs to your web hosting company, prior to proceeding and contacting your web hosting service provider with any additional security issues.
Domain Mismatch Warnings
If a warning is displayed to your visitors regarding a domain mismatch, then your SSL certificate most likely doesn’t match your domain name. Domain mismatches are rarely a security issue upon logging in to one’s cPanel account. You should contact your hosting service provider for any additional security issues.
Self-signed Certificates
Most browsers do not trust certificates that are self-signed. That is because such a certificate encrypts only data and doesn’t verify identity. This is reason why most browsers display a warning to the visitors when it comes to a self-signed certificate.
You need to purchase an SSL certificate from an SSL provider if you want to ensure that visitors do not encounter such a warning. Do not remove the installed self-signed certificate when you purchase an SSL certificate. Rather, you should purchase and install the additional certificate in the Install an SSL Certificate on a Domain interface in WHM.
WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain.
Other Issues
Some other common issues pertaining to SSL are mentioned below, along with the ways to fix them.
Inability of Visitors to Access Other Sites on a Shared Certificate
When there are multiple sites which share an IP address but only one of them has an installed SSL certificate, visitors to the other domains on that server might encounter issues.
Apache isn’t able to serve unsecured websites through a secure protocol.
When https:// is entered before a domain name, the secure HTTPS protocol is used by the browser. When http:// is entered before a domain name, the not secure HTTP protocol is used by the browser.
The below-mentioned steps need to be carried out in order to let visitors visit an unsecure domain, regardless of the type of protocol entered by them.
Navigate to Install an SSL Certificate on a Domain interface in WHM.
WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain
Click Browse Certificates.
Select root in the Browse Account menu.
Select the option for the hostname certificate of the server in the Certificate list.
Click Use certificate.
Select the shared IP address of the server in the IP Address (non-user domains only) menu.
Click Install.
Navigate to Manage SSL Hosts interface in WHM.
WHM >> Home >> SSL/TLS >> Manage SSL Hosts
Click Make Primary in the Installed SSL Hosts table. This needs to be done in the appropriate row for the hostname of the server.
System Failures
If a drive failure is encountered, you might lose some or all of your SSL data. If there is the possibility of accessing the old drive, your authentication data is stored by the system in the /root/.trustwavereqs file.
Now you know about the most common issues that are encountered with regard to SSL. Not only that, the information provided here ensures that you can troubleshoot and resolve such issues easily.
Comments