Have you ever faced SSL-related issues? Then you already know how exasperating it can be to deal with such issues. That is the reason we have decided to put together all the relevant information that outlines the most common issues with regard to SSL, along with the ways in which you can troubleshoot and resolve these issues.
Before
proceeding, it needs to be mentioned that only TLS (Transport Layer Security)
protocol version 1.2 is supported by cPanel & WHM version 68. Only those
applications are supported that use TLSv1.2. It is recommended that you enable
TLSv1.2 on your server.
What is SSL?
SSL,
which is the abbreviation for Secure Sockets Layer, is a protocol that
establishes authenticated and encrypted links between networked computers. The
SSL protocol was deprecated when TLS (Transport Layer Security) 1.0 was
released in the year, 1999, but these related technologies are commonly
referred to as “SSL” or “SSL/TLS”.
SSL
refers to the standard technology that is used to keep an Internet connection
secure and to safeguard the sensitive data, which is exchanged between two
systems, a server and a client or server to server. This prevents those with
malicious intent from reading and/or modifying any information that is being
transferred.
To
digress, in the context of servers, VPS (Virtual Private Servers) are a
type of server that are highly efficient for hosting purposes and are provided
by most of the professional web hosting companies, such as HTS Hosting. HTS Hosting offers Windows Managed
VPS, Linux Managed VPS at the most affordable prices while
ensuring the highest quality of service for its clients.
Now let
us elaborate on the various common issues that have to do with SSL.
Installation Issues
Some
common certificate installation issues and the ways to fix those issues are
being described here.
- Certificate/Key Mismatch
If you
receive the error messages, modulus
mismatch or key file does not match the certificate, then it
means that the private key which you had entered had not generated that
certificate which you had wanted to install. The correct private key might be
in a different file.
When
you try to install a certificate, WHM might automatically complete the text
box, Private Key. You need to paste the
private key in the text box, Private Key,
in WHM’s Install an SSL Certificate on a
Domain interface, in order to properly install the certificate.
WHM >> Home >> SSL/TLS >> Install an SSL
Certificate on a Domain.
- Dedicated IP Addresses
Post-Installation Warnings
- Certificate Mismatch Warnings
In this
situation, most probably your web host either uses a self-signed certificate,
or a signed certificate which doesn’t match your domain name. This warning is
meant to notify that the name which is on the certificate is not an exact match
to the name of the domain which you want to visit.
You
need to ensure that the SSL certificate matches the domain which belongs to
your web hosting company, prior to proceeding and contacting your web hosting
service provider with any additional security issues.
- Domain Mismatch Warnings
If a
warning is displayed to your visitors regarding a domain mismatch, then your
SSL certificate most likely doesn’t match your domain name. Domain mismatches are rarely a security issue
upon logging in to one’s cPanel account. You should contact your hosting
service provider for any additional security issues.
- Self-signed Certificates
Most
browsers do not trust certificates that are self-signed. That is because such a
certificate encrypts only data and doesn’t verify identity. This is reason why
most browsers display a warning to the visitors when it comes to a self-signed
certificate.
You
need to purchase an SSL certificate from an SSL provider if you want to ensure
that visitors do not encounter such a warning. Do not remove the installed
self-signed certificate when you purchase an SSL certificate. Rather, you
should purchase and install the additional certificate in the Install an SSL Certificate on a Domain
interface in WHM.
WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a
Domain.
Some
other common issues pertaining to SSL are mentioned below, along with the ways
to fix them.
Inability of Visitors to Access Other Sites
on a Shared Certificate
When
there are multiple sites which share an IP address but only one of them has an
installed SSL certificate, visitors to the other domains on that server might
encounter issues. Apache isn’t able to serve unsecured websites through a
secure protocol.
When
https:// is entered before a domain name, the secure HTTPS protocol is used by
the browser. When http:// is entered before a domain name, the not secure HTTP
protocol is used by the browser.
The
below-mentioned steps need to be carried out in order to let visitors visit an
unsecure domain, regardless of the type of protocol entered by them.
- Navigate to Install an SSL Certificate on a Domain interface in WHM.
WHM >> Home >> SSL/TLS >>
Install an SSL Certificate on a Domain
- Click Browse Certificates.
- Select root in the Browse Account menu.
- Select the option for the hostname certificate of the server in the Certificate list.
- Click Use certificate.
- Select the shared IP address of the server in the IP Address (non-user domains only) menu.
- Click Install.
- Navigate to Manage SSL Hosts interface in WHM.
WHM >> Home >> SSL/TLS >>
Manage SSL Hosts
- Click Make Primary in the Installed SSL Hosts table. This needs to be done in the appropriate row for the hostname of the server.
System Failures
If a drive
failure is encountered, you might lose some or all of your SSL data. If there
is the possibility of accessing the old drive, your authentication data is
stored by the system in the /root/.trustwavereqs
file.
Now you
know about the most common issues that are encountered with regard to SSL. Not
only that, the information provided here ensures that you can troubleshoot and
resolve such issues easily.
Source: https://www.htshosting.org/knowledge-base/website-security/192/troubleshoot-issues-related-to-ssl
No comments:
Post a Comment