Results 1 to 3 of 3
  1. #1

    Post WHM SSL Best Practices on a Single IP Address

    Hello everyone. I wasn't sure if this belonged here on in the Security forum since our issue is particular to WHM, my apologies if I'm in the wrong section.

    We have multiple servers under our control, and each server has one IP address which we put our clients' websites onto. In the past, we were on servers that did not support SNI, and thus we ordered a dedicated IP for clients on SSL. Since switching to servers running the latest version of CloudLinux, which supports SNI, our server provider strongly insisted that we use the same IP address for our SSL clients as our non-SSL clients.

    Since then, we have been running into issues where a client who does not have SSL on their domain attempts to access their domain over HTTPS, and not only receives a Common Name Mismatch error, but also gets sent to a competitor's website.

    I know why this is happening -- it's because SSL is on a different layer, and the client is connecting to the first available host with SSL installed. I do have a couple of questions that I hope the community can answer.

    1. I'm aware that WHM has a Tweak option that allows cPanel users to only install SSL certificates if they are on a dedicated IP, but this is more for the end-user than the server administrator. Does WHM have a best practice that can be enforced at the administrator (root) level? I suspect it is intentionally missing since server administrators generally develop their own best practices, but I just want to confirm.

    2. Since our server provider will not provide IPs for us due to the IP shortage, the proposed solution is to set up a virtual host at the top to display an "SSL Not Supported" message to our clients, so they do not hit a competitor's website. Given that we only have one IP, is this the best we can do, or is there a cleaner, more practical solution?

    Thanks a bunch for your help WHT.

  2. #2
    Join Date
    Jul 2005
    Location
    Australia - NSW
    Posts
    1,053
    The only way that I know to get around is to have all SSL clients on one IP, and non-SSL clients on a different IP.
    Recommended: Stablehost, Hivelocity, Fused

  3. #3
    Hi,

    Having a dedicated IP for account SSL is actually a good practice as the site is also accessible via the IP.. when browsed with https protocol...
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

Similar Threads

  1. Multi-domain SSL on a single IP address?
    By ramdak5000 in forum Hosting Security and Technology
    Replies: 0
    Last Post: 01-09-2010, 11:25 PM
  2. Replies: 11
    Last Post: 10-20-2008, 11:46 PM
  3. number of domains hosted on a single ip?
    By Lakpura in forum Web Hosting
    Replies: 0
    Last Post: 02-01-2004, 11:54 AM
  4. single ip address on cobalt system
    By kevinb in forum Dedicated Server
    Replies: 1
    Last Post: 04-17-2003, 05:13 AM
  5. 3000 accounts on a single IP address
    By Deb Suran in forum Web Hosting
    Replies: 1
    Last Post: 03-29-2001, 03:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •