Parallels H-Sphere Documentation Administrator Guide

 

Installing Shared SSL Certificates

 
 

Related Docs:   Securing Your CP with SSL (Sysadmin guide) Reseller Control Panel SSL Reseller Shared SSL Provider's Shared SSL (Reseller guide) Securing Transferred Data through SSL (User guide)

Last modified: 25 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

Shared SSL certificates, also known as wildcard or server-wide certificates, are used to service multiple third level domains.

Thawte determines a wildcard certificate as "a single certificate, with a wildcard character in the domain name field. This allows the certificate to secure multiple hosts within the same domain. For example, a certificate for ' *.domain.com ', could be used for www.domain.com, www1.domain.com, www2.domain.com, in fact, any host in the domain.com domain. When a client checks the host name in this certificate it uses a shell expansion procedure to see if it matches."

According to VeriSign, a shared SSL certificate "enables Internet Service Providers (ISPs) to provide SSL (Secure Sockets Layer) encryption and business authentication to Web business customers, but without the need to issue unique digital certificates to each hosted customer. The service offers ISPs the convenience and streamlined management of a single specially licensed SSL digital certificate to share among multiple hosted web sites".

Shared SSL certificates work only within one domain level. For example, if you get a domain name for *.domain.com, it will work for www.domain.com and subdomain.domain.com. But it won't work for www.subdomain.domain.com or http://domain.com, and visitors' browsers will show a warning message: "The name on the security certificate does not match the name of the site".

H-Sphere Shared SSL is based on shared IPs and wildcard SSL certificates and is bound to a particular service DNS zone. Since different servers use different shared IPs, Shared SSL is associated with a certain shared IP tag, which identifies these IPs on each server. When you install a wildcard certificate, it is set up on all web servers. Just make sure that shared IPs on the web servers have the same shared IP tag.

Wildcard certificates can be purchased, for instance, at Comodo Ca.

The cost of a shared SSL certificate usually depends on the number of subdomains that it covers and varies depending on the certificate authority.

Important:
When obtaining SSL certificate, make sure it is generated for Apache regardless of whether you inted to install it on windows or unix box.

To install a shared SSL certificate:

  1. Select Shared SSL Manager in the E.Manager menu:
  2. Turn Shared SSL Support on for the DNS zone domain you would like to secure:
  3. NOTE: Starting from H-Sphere 2.3.1 Beta 3, you can dedicate a DNS zone for secure third level hosting of your direct end users as well as end users of your resellers. With this utility, resellers can offer your secure DNS zone for secured third level hosting without having to purchase their own shared SSL certificate.

    To let your resellers provide their end users with secure hosting on your 'dedicated' DNS zone, install shared SSL on it as described below and when you are through turn Share SSL with resellers on.

Shared SSL installation wizard

  1. The window that appears on enabling Shared SSL support will give you two options:

    • Generate a temporary wildcard certificate by clicking the link at the top of the window;
    • Enter your existent wildcard certificate by entering it in the form. When you click the Submit button, the certificate will be installed.

    If you have created a temporary wildcard certificate, you can request a permanent wildcard certificate in the future from a trusted certificate authority. To install the SSL certificate, click the Edit icon next to the domain name and enter the certificate key and certificate file. Then click the Upload button.

    Sometimes, you may have to use a Certificate Authority File provided with the Certificate by your Certificate Authority (e.g. Comodo Ca, Geotrust, Equifax, etc.). To use the Certificate Authority File, you have to add a line to the apache config of each virtual host that uses shared SSL. H-Sphere can do this for you: enter the file in the Certificate Authority File text box and click the Upload button.

    Note: If you are using more than one shared IP, each of them must have a unique shared IP tag. You can't create more than one certificate on one shared IP tag.

  2. Go to Plan Edit Wizard and enable Shared SSL. By doing this, you will also automatically enable Third Level Domain Alias, Third Level DNS Zone, Domain Alias A DNS Record.
  3. If you have added a new web server and want it to be serviced with the shared SSL certificate, click the Edit icon next to the domain name and enter the certificate key and certificate file in the Install completely new certificate key and file pair boxes. Then click the Upload button. This will update the shared SSL certificate installation on all servers, including the newly installed one.

 

Besides, you can create 'reseller dedicated' DNS zone domain, secure it with your shared SSL and allow resellers to secure their end user third-level domains (registered on this domain) with your own shared SSL.


Related Docs:   Securing Your CP with SSL (Sysadmin guide) Reseller Control Panel SSL Reseller Shared SSL Provider's Shared SSL (Reseller guide) Securing Transferred Data through SSL (User guide)



© Copyright 2017. Parallels Holdings. All rights reserved.