Results 1 to 3 of 3
-
03-11-2016, 11:12 AM #1New Member
- Join Date
- Mar 2016
- Posts
- 1
WHM SSL Best Practices on a Single IP Address
Hello everyone. I wasn't sure if this belonged here on in the Security forum since our issue is particular to WHM, my apologies if I'm in the wrong section.
We have multiple servers under our control, and each server has one IP address which we put our clients' websites onto. In the past, we were on servers that did not support SNI, and thus we ordered a dedicated IP for clients on SSL. Since switching to servers running the latest version of CloudLinux, which supports SNI, our server provider strongly insisted that we use the same IP address for our SSL clients as our non-SSL clients.
Since then, we have been running into issues where a client who does not have SSL on their domain attempts to access their domain over HTTPS, and not only receives a Common Name Mismatch error, but also gets sent to a competitor's website.
I know why this is happening -- it's because SSL is on a different layer, and the client is connecting to the first available host with SSL installed. I do have a couple of questions that I hope the community can answer.
1. I'm aware that WHM has a Tweak option that allows cPanel users to only install SSL certificates if they are on a dedicated IP, but this is more for the end-user than the server administrator. Does WHM have a best practice that can be enforced at the administrator (root) level? I suspect it is intentionally missing since server administrators generally develop their own best practices, but I just want to confirm.
2. Since our server provider will not provide IPs for us due to the IP shortage, the proposed solution is to set up a virtual host at the top to display an "SSL Not Supported" message to our clients, so they do not hit a competitor's website. Given that we only have one IP, is this the best we can do, or is there a cleaner, more practical solution?
Thanks a bunch for your help WHT.
-
03-11-2016, 10:47 PM #2Web Hosting Master
- Join Date
- Jul 2005
- Location
- Australia - NSW
- Posts
- 1,053
The only way that I know to get around is to have all SSL clients on one IP, and non-SSL clients on a different IP.
Recommended: Stablehost, Hivelocity, Fused
-
03-12-2016, 04:09 AM #3Web Hosting Master
- Join Date
- Oct 2007
- Posts
- 2,349
Hi,
Having a dedicated IP for account SSL is actually a good practice as the site is also accessible via the IP.. when browsed with https protocol...www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !! Skype: techs24x7
Similar Threads
-
Multi-domain SSL on a single IP address?
By ramdak5000 in forum Hosting Security and TechnologyReplies: 0Last Post: 01-09-2010, 11:25 PM -
Looking for Host that puts sites on a single IP address
By Dorian in forum Web HostingReplies: 11Last Post: 10-20-2008, 11:46 PM -
number of domains hosted on a single ip?
By Lakpura in forum Web HostingReplies: 0Last Post: 02-01-2004, 11:54 AM -
single ip address on cobalt system
By kevinb in forum Dedicated ServerReplies: 1Last Post: 04-17-2003, 05:13 AM -
3000 accounts on a single IP address
By Deb Suran in forum Web HostingReplies: 1Last Post: 03-29-2001, 03:28 PM