Domain TLS: What Is It and How It Works?

The Domain TLS (Transport Layer Security) feature was introduced in the version 60 of cPanel & WHM. This system stores as well as manages the verified certificates of a server in a repository that is domain-indexed. The management of SNI (Server Name Indication) services for the domains of a user is rendered faster and more efficient by this system. The following actions are performed by the system:

• Finding the necessary certificate.

• Looking up the domain.

• Retrieving the certificate, CA bundle, and the key for that domain name.

In the version 60.0.X of cPanel & WHM and in the earlier versions, the Domain TLS feature stores and manages all the certificates of the server. In the version 60.0.X+1 and the newer versions, this feature stores and manages only the verified certificates of the server. The Domain TLS file structure is expected to change in the future versions. TLS (Transport Layer Security) protocol version 1.2 is the only version that is supported on cPanel & WHM version 68. Moreover, only those applications are supported, which use TLSv1.2. Hence, it is recommended that TLSv1.2 is enabled on your server.

In the context of servers, web servers are a type of servers that are used in web hosting by web hosting service providers for storing the files (web content) of websites. Availing the service of web hosting is essential to ensure the online accessibility of websites, and to keep websites up and running continuously. Web hosting can be shared, dedicated, reseller, cloud, WordPress or VPS. A VPS is a Virtual Private Server and is provided in its managed as well as self-managed versions by most of the professional web hosting companies, such as HTS Hosting. HTS Hosting is globally well-known as the provider of the “Best Linux Managed VPS”, the “Best Windows Managed VPS”, and  and  the “Best Linux Self-managed VPS”, due to its high quality of service at affordable prices.

Functioning of Domain TLS

When a certificate is installed for Apache, the certificate is also copied by the system into the Domain TLS for Apache virtual host’s each domain that is secured by the certificate. If an Apache virtual host with four domains is secured by the certificate, then the Domain TLS contains four copies of the certificate.

SNI functionality for the below-mentioned services is taken care of by Domain TLS:

• cpsrvd – cPanel, WHM, Webmail logins and interfaces.

• cpdavd – Contacts, Calendar, and Web Disk services.

• exim – Mail transfer and receiving services.

• dovecot – Mailbox service.

Apache SSL Certificate Storage’s Difference

SSL certificate storage of Apache groups domains into virtual hosts, which are referred to as websites by the cPanel interface.

The domain name is used as a key in the Domain TLS, and the certificate that is used by the domain is used as a value. The www. subdomain is classified by most of the cPanel & WHM, as functionally equivalent to its parent domain. Since TLS classifies every domain as a separate entity, the www. subdomain and parent domain are classified as separate items by the Domain TLS. Due to this, the Domain TLS stores each as a separate entry on the index. Moreover, there are no expired or invalid certificates contained in the Domain TLS that the Apache SSL certificate storage contains.

Maintenance of Certificate

Servers automatically copy, valid and current certificates from the Apache SSL certificate storage to Domain TLS storage during the upgrade to the version 60 of cPanel & WHM. Expired or invalid certificates are not copied by Domain TLS from the SSL storage of Apache. As certificates are installed, deleted, and managed through cPanel & WHM user interfaces or API calls, the necessary updates are automatically performed by the system with regard to the Domain TLS index and certificate storage.

There isn’t any user interface provided at present for managing Domain TLS. Such an interface might be made available in the future, based on its value and requirement.

Now you know what a Domain TLS is and how it works.

Source: https://www.htshosting.org/knowledge-base/domain-hosting/222/domain-tls-what-is-it-and-how-it-works