H-Sphere version 2.3 and higher allows securing reseller control panels with SSL
by allocating either spare IPs or open ports to the control panel server.
It is available only for Apache installations of H-Sphere because it uses
virtual hosts in the Apache configuration file.
In one reseller plan, you can use either IP-based or Port-based reseller SSL, not both. Although
you can set different types of CP SSL protection for different reseller plans, it's
highly recommended to use IP-based Reseller CP SSL in contrast to port-based.
The reason for this is that Internet is widely accessed from behind firewalls and proxy servers
that don't allow using random ports.
This document explains how to:
Enable reseller control panel SSL protection
Step 1: Add and register index.conf file.
- Log into your control panel server as root.
- Make sure you have the following line in the /hsphere/local/home/cpanel/apache/etc/httpd.conf file:
- Open file ~cpanel/shiva/psoft_config/hsphere.properties
- Make sure the following variables are there and uncommented:
Note: If you don't add these variables, Reseller CP SSL won't be working. So make sure to do it.
- For IP-based SSL:
RESELLER_SSL_SEC_PORT = 8443
RESELLER_SSL_INSEC_PORT = 8080
You may need the ports changed, e.g. to 443 and 80 correspondingly.
- For port-based SSL:
RESELLER_SSL_PORT_RANGE = 8440, 8444 - 8449, 8451, 8453-8468
It's a possible range of ports for port-based CP SSL to be created on.
Make sure that ports are open.
- Check if you have the sites directory in the /hsphere/local/home/cpanel/apache/conf/ dir.
If you don't, create it:
and make file index.conf inside it:
- Restart H-Sphere
Step 2: Check Global Resources for Reseller CP SSL in your admin CP.
- Log into your admin control panel.
- Select Global Resources in the INFO menu. The following page appears:
- Make sure that Reseller CP SSL is checked i.e. enabled entirely for the whole system.
- If they are checked, leave as they are.
- If they are unchecked, check them and click Submit.
Note: be careful because unchecking the boxes will disable Reseller CP SSL entirely.
Step 3: Include Reseller CP SSL in Reseller Plan Wizards
This step is most important for resellers. For the resellers to be able to secure
their control panel, Reseller CP SSL needs to be included in the plan settings:
- Select Plans in the INFO menu.
- Click the name of the reseller plan to start the wizard.
- On the first step of the wizard, scroll down to the Reseller CP SSL section
and select the type of CP SSL you want to be enabled in this plan.
Note: If you select Disabled, reseller CP SSL will be disabled for all accounts under this plan.
- Confirm changes in the Plan Wizard by clicking Submit through all steps.
Step 4: Add spare IPs to the control panel server.
*Note: Port-based CP SSL uses CP IP, so skip this step if you are setting port-based SSL.
- Log into your admin control panel.
- In E.Manager, select the cp logical server and
add Reseller SSL IPs
Step 5: Install SSL certificate.
- Log into reseller control panel.
- Select DNS Manager in the E.Manager menu and
create a DNS Zone if it has not been created before.
- Select Server Aliases in the DNS zone settings.
- Add CP Alias that points to the control panel logical server:
The CP alias name should coincide with the domain name you are going to secure.
- Select CP SSL Manager in the E.Manager menu.
- On the page that shows, turn on CP Alias to enable it in the system:
- On the page that appears, you have two choices:
Click the Submit button to install the certificate.
On the page that shows, CP alias turns on. In the Action section you can:
- Generate a temporary wildcard certificate by clicking the link at the top of the window;
- Enter your existent wildcard certificate by entering it in the form.
- Click the Edit icon against the alias to edit certificate data or to enter new keys .
- Click the Change icon to change current reseller CP URL to the secured URL
you have bought SSL certificate for.
Note: Select DNS Manager in the E.Manager menu.
If you have set IP-based CP SSL, cp server alias becomes an A DNS record.
Disable reseller control panel SSL protection
- Go to CP SSL Manager in the E.Manager menu.
- Turn off Reseller CP alias in the Action entry.
- Go to Server Aliases in the E.Manager menu.
- Remove server alias for the cp logical server and add it again.