25 May 2013

Install server certificates for WHM services - mail, ftp and web interface

Even though this is simple task I decide to describe it. WHM / cPanel system is really complex and overlooking some settings can easily happen. That's what happened also to me. I think there are 2 reasons:
1. This task is not on daily basis - certificates are generated for longer periods - year or more years
2. Settings for SSL in WHM is not on one place and that is bit confusing.

To secure communication on WHM's important services:

- Web interface (WHM, cPanel, Webmail on SSL ports 2083, 2087, 2096)
- SMTP (Exim on port 25 - event. aditionally another)
- Mail (IMAP, POP3 -Dovecot on ports 993 and 995)
- SFTP (Pure-FTPD on port 20, 21,  event. aditionally another)

it is required to get some certificate from CA (certificate authority). There are lot of CA - you can Google it and compare their prices. Proper type of certificate is Class 2 - organizations, for which proof of identity is required. But if you are individualist or small project you can save some money here. Class 1 certificate is sufficient which is intended for securing web-mail and simillar applications like cPanel / WHM is. Some CA providing Class 1 certificates for free of charge like StarCom CA.

Specific steps:

1. Generate an SSL Certificate and Signing Request:
Go to WHM > SSL / TLS > Generate an SSL Certificate and Signing Request.
Fill all fields with your data. I recommend also filling last field to get certificate to email to have backup.

2. Sign your certificate by CA - cpecifics steps depends on CA.

3. As soon as CA sign the certificate you can install it to all services mentioned above under this navigation:
WHM > Service Configuration > Manage Service SSL Certificates


In order to configure secure communication without warnings it is also required to use proper hostname on client side for which was certificate issued. Otherwise user will see security warning - domain mismatch. Connection itself remains encrypted.

No comments:

Post a Comment