We just purchased a Thwate certificate and I have everything set up correctly at this point, EXCEPT, EVERY entry into the Cobalt control panel flips the browser into secure SSL mode (even if you don't type https:...).

The problem is, when one of our hosted customers tries to access their control panel they also get flipped into SSL, PLUS they get the warning that the name on the certificate does not match the name of their domain. Of course. This is because the SSL comes from our certificate, not theirs.

We installed the SSL for stuff like secure order forms, etc. on our web pages. Not to secure account control panel access.

htaccess password protection, YES. SSL for this particular use, NO. Yet we get SSL when accessing the Cobalt control panel, no matter what. Of course this was not the case until I installed our cert.

I have never encountered a forced/manditory SSL situation when entering the control panel area of a web account. Not with any server on Alabanza, not with any server at VDI, not at Verio, no where.

The people at RackShack are telling me this is the way Cobalt servers work. Is this true? And is there any way to turn SSL off for the control panel areas? Anyone know about this?
Thanks.

If I'm correct, it happens when you active SSL on the main domain on your RAQ.

So if your main site is:

ns1.whatever.net

you could get a cert for:

secure.whatever.net
(and set it up as a domain on your RAQ)

Then you would avoid getting the security warning when other domains enter their site admin.

Daniel

Thanks. Yes I have thought about this but will I still be able to share the cert among our hosted customer's if I go this route?

Yep, thats what I do. I wish I would have done it the other way, (but now I know).

I just advise my customers that the security warning screen they receive is an expected event.

The next RAQ I purchase,,, I'll use a different host name for the SSL.

Dan

Yes, but my current question is, can you still share a cert among your hosted customers if your certificate is NOT on the main server admin account, i.e. secure.hostname.com?

Which RAQ are you using?

4i

You should be using SSL for your /admin page long ins, regardless of the fact that it causes the error message for your users. If you don't you're broadcasting your admin password out in the open every time you log on to the control panel.

Thanks for the advice. Of course you are right.



In any case I have found a way around the security warnings with a bit of a longer address:



http://www.host.com:80/.cobalt/siteManage/www.hostingcustomer.com/



Actually the address will jump to the secure:



https://www.host.com:81/.cobalt/siteManage/www.hostingcustomer.com/



But there are no warnings encountered because the primary cert holder's domain is in the primary part of the address.



----------------------------------



On another front, does anyone know of a good way to offer point-and-click password protection of customers directories in their accounts?



Inspite of what others say about the Cobalt control panel, I find it pretty functional, a bit slow, but functional. I just which it had this one feature.

Joe,

I'm not terribly experienced with this, but:

I'm not sure about the 4i, but on the 3i the SSl server won't allow symbolic links to work, so I have to create a user on the ssl domain for a client to run scripts or pages in SSL mode.

On the RAQ2, I could create a symlink to a directory on the customers site and he could access it from there.

Dan

Alais, I am a still a little green at this stuff. I assume that by creating a symbolic link you are referring to the kind of name linking you can do in the DNS section of the admin control panel.

Can I ask that you spell out this symlink proceedure a bit for us green-horns out here? Thanks!

I have Raq3 and setup SSL on secure.domain.com

create soft link in secure web

ln -s /home/sites/site2/web site2

then chown it to nobody

chown nobody site2

now SSL works as

https://secure.domain.com/site2

and opens as if you were veiwing http://www.site.com only with shared SSL key.

I have Raq3 and setup SSL on secure.domain.com

create soft link in secure web

ln -s /home/sites/site2/web site2

then chown it to nobody

chown nobody site2

now SSL works as

https://secure.domain.com/site2

and opens as if you were veiwing http://www.site.com only with shared SSL key.


Thanks. Does this also work for control panel access as well?

In any case, is the soft link created via a new line addition to httpd.conf, (ln -s /home/sites/site2/web site2)? Would this be written as an alias? Sorry for the dumb questions. I guess I'm still not sure how to set up symbolic links.

No editing of the httpd. Log into your server via Telnet or SSH and run that at the command line.

What are you trying to do to the control panel?

Regarding the control panel, I am trying to remove all control panel access from SSL without disabling SSL from the main host. It just seems like SSL for a web site control panel is overkill. No other control panel access in my experience works this way (the Alabanza control panel, VDI's CPannel, etc.)

Well your on your own there. I perfer to use the GUI for ease of setup.

I did not say I wanted to forgo the GUI completely, just the forced SSL aspect of using the cobalt GUI.