Do many hosts provide secure SSL login to Cpanel to protect user name and password?
Is it something that's hard to set up?
Printable View
Do many hosts provide secure SSL login to Cpanel to protect user name and password?
Is it something that's hard to set up?
https://yourdomain.com:2083/
https://yourdomain.com:2087/
:2082 and :2086 are insecure
:2083 and :2087 are secure
:homer:
I am sorry to inform you but 2083 and 2087 are not secure either.
Quote:
Originally posted by admin0
https://yourdomain.com:2083/
https://yourdomain.com:2087/
:2082 and :2086 are insecure
:2083 and :2087 are secure
:homer:
2083 and 2087 are 2082 and 2086 wrapped in stunnel....
albeit not 100% rock solid impenetrable, but pretty freaking solid considering.
What do you mean exactly, not secure?
huh?
i always considered ssh and https:// secure
???
please shed some light!
:homer:
Acording to cPanel.net https and 2087 are secure. I have never heard othewise - anyone know something they don't?
2083 and 2087 are https:// , yes
I think what the dude meant above is that the connection isn't backed by a real deal certificate-- you'd have to by an ssl cert for the hostname of each box if you didn't want the annoying browser error saying "not a valid certificate authority" , etc.
But that doesn't mean the handshake and transmission isn't via ssl- it still is very much secured.
:D :D :D
:homer:
:2083 :2087
Yes, the connection is still encrypted through port 443 but your web browser will cry if the site name does not match the cert and says the cert is not trusted...... no biggie, and still secure.
Forget the ports, you're just going to confuse your users if you tell them to use them. But fortunately the guys at Cpanel have implemented another way to access the CPanel via SSL. I don't know if it is documented, but I found it by digging through httpd.conf.
Just use http://yourdomain.com/securecontrolpanel
Enjoy!
:confused: :confused: :confused:
cannon7 it's really working! Thanks :cool:
Thanks Cannon7! Works great.
They are secure ports from which cpanel can be accessed - whats there to agrue about? a facts a fact:eek:
Then perhaps you would like to sniff the traffic going over those ports and see if you can decipher it? :)Quote:
Originally posted by TYS
I am sorry to inform you but 2083 and 2087 are not secure either.
Also, with regard to the browser warning, you can actually use WHM to configure ports 2083 and 2087 to use your server's SSL certificate--if you have one.
So you have a certificate for servername.yourdomain.com... you can use that certificate not only on port 443 for serving HTTP securely, you can also have the same certificate running on the control panel's SSL ports at the same time. There is an option in WHM to do this pretty quickly and easily: the "Change cPanel/WHM Certificate" link under the SSL/TLS menu in WHM.
Thanks cannon7!!
My home ISP refuses https - so I "had" to use a crapo and much more expensive one - no more :)
Yes, it's secure on those ports with the tunneling. But cPanel is much slower and has a large delay finishing the page load. You may see complaints.
If you watch the progress bar in your web browser you will see the large delay in finishing the page load. The page will be displayed but it will not finish for a few seconds after that.
I have tested this on hosts all over the place using their live demos, so it's not something just with us. I remember a time when it did not do this, the page would finish loading just fine, approx. 7 months ago it all started.
I don't know what changed but I wish they would fix it..
Hi there,
from behind the firewall I am know, I don't even have permission to access my Cpanel with http://www.mydomain.com:2082/
Are there any other alternatives.....?
Thanks!
Marsha
You can change the port by editing /var/cpanel/cpanel.config, however you still need to make sure that whatever access control device is in place will allow connections on the new port you choose (and you also don't want to choose a port that's in use by another service--check /etc/services to be sure).
If it's a firewall that's blocking your access, it's very unlikely that any other port is going to be open either. Perhaps contact your firewall administrator (or ISP?) to see if they can enable access on port 2082 and 2083 for you.
Matt-
I realize we should probably be talking about this at cpanel.net's forums, but whatev. :) Is there a similar config for the backend, (whostmgrd) where you can reassign a port, among other things?
I know I can tweak the stunnel startup & config and manually whisk it away to another port, but I am curious if there is a config file for the WHM as cpaneld has.
Thanks man.
Quote:
Originally posted by isildur
Matt-
I realize we should probably be talking about this at cpanel.net's forums, but whatev. :) Is there a similar config for the backend, (whostmgrd) where you can reassign a port, among other things?
I know I can tweak the stunnel startup & config and manually whisk it away to another port, but I am curious if there is a config file for the WHM as cpaneld has.
Thanks man.
I just use IPtables when I want to forward 2086 to another port...