Tuesday 17 June 2014

A wildcard ssl basically allows you to use unlimited subdomains on a given domain name with one SSL certificate. A user will need to purchase a wildcard SSL from a vendor that supplies them.

Similar to having multiple certificates installed on a server, each subdomain containing the certificate needs its own IP as well. Wildcard SSL’s do not work like Wildcard DNS – you really do have to specifically install the certificate on each subdomain. Here are two methods to setting up Wildcard certificates for a domain.

Installing A Wildcard SSL Certificate

Multiple Accounts

In this scenario, you’d have each subdomain hosted as a separate cPanel account, and each of those cPanel accounts will have its own IP address.

➠ Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com
➠ How to assign each account its own IP address

Go to WHM > Change site’s IP Address , select the account, then select the IP

Via Command Line:

/usr/local/cpanel/bin/setsiteip -u $user $ip

Manually:

(This is also useful for changing the IP address of a single domain in an account, without affecting other domains on that account)

1) Edit /var/named/domain.com.db, change the domain’s A records, increment the serial number, and sync the zone out. For help in changing DNS, see this post.  To sync a zone:

/scripts/dnscluster synczone $domain

Obviously, you do this on whatever server acts as a nameserver for the domain in question.

2) Replace instances of the old IP with the new IP in /var/cpanel/userdata and /var/cpanel/users

replace 123.123.123.123 222.222.222.222 — /var/cpanel/userdata/user/*

replace 123.123.123.123 222.222.222.222 — /var/cpanel/users/user

3) If the new IP is shared, remove the user’s main domain entry from /etc/domainips. If it’s a dedicated IP, add/change the IP in /etc/domainips and /etc/ssldomains (if the site has an SSL)

4) Run /scripts/rebuildhttpconf and /scripts/rebuildippool, and restart Apache

➠ When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
➠ The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain
➠ Click install to install the certificate

One Account

This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cpanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its subdomains.

➠ Generate the Certificate Signing Request (CSR) in WHM, using *.domain.co
➠ How to assign dedicated IPs to multiple subdomains on the same account

1. Edit /var/cpanel/userdata/$user/$subdomain.$maindomain for each subdomain (for addon domains you’ll usually edit the file for the subdomain associated with the addondomain) and change the ip value to a ‘dedicated’ ip.

2. Delete the associated .cache file for the file you just edited

3. Run /scripts/rebuildhttpdconf

4. Edit the dns zone for the subdomain (which will likely be attached to the parent domain) and update the a-record to point to that IP as well. Then syncronize the zone out to the DNS cluster, if one exists:

/scripts/dnscluster synczone <parentdomain>

5. Edit /etc/domainips and add an entry for that sudomain to point to the IP and run /scripts/rebuildippool to make sure the IP is marked as taken.

➠ When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com
➠ The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain
➠ Click install to install the certificate

0 comments:

Post a Comment

Facebook

Popular Posts

Blog Archive

Total Pageviews