I am running qmail with stunnel to achieve SMTPSD and POP3DS. I am running it on 1 SSL cert on stunnel. How do I install more than 1 cert on stunnel as some of the clients on the server want their own cert for SMTP and POP over SSL?
View 1 RepliesI have two domains as virtual hosts on same IP address.
I am getting certificate error for the second domain when I try to check email (using MS Outlook). I can't permanently "accept" certificate, it complains again and again. Certuficate I created and self signed for imap.domain1.com, but the second email server is imap.domain2.com, so it complains.
How do I set separate email certificates for two domains? Is it possible at all?
I am not too sure if this is possible but is there a way to have 2 ssl certificates running for one domain? eg 1 for www. and one without
so he does not have to get a wildcard certificate.
Is there an issuer that issues wildcard SSL certificate which can be used on multiple servers under the same domain name (like server1.domain, server2.domain, server3.domain...etc)?
View 1 Replies View RelatedI want to know how to install SSL Certificate and what kind of certificates available. How they work? Is there any cheap and good certificate.
View 5 Replies View RelatedI got a buddy of mine currently hosted with Yahoo and I'm tryin to install some certificates from Comodo.
I know if you have WHM you can just upload the certs and then just install from WHM. Well, Yahoo CP doesnt necessarily have that which sucks.
If there is anybody that can guide me on how to do such a task, would be great.
I have cpanel VPS and I have to pass PCI (credit card compliance).
SSL v2 is considered a vulnerability and have to be disabled, so only SSL3/TLS1 are supported.
I have no problem disabling it in Apache (port 443) by adding line to httpd.conf:
SSLProtocol all -SSLv2
Obviously, it doesn't work for other non-apache ports.
I found how to plug port 25 (Postfix).
But I have no idea how to plug cpanel/WHM ports 2087 and so on.
After some research I found that stunnel is used to create secure connection via port 2087. I closed insecure port 2086, so only [url] is used to access WHM
I read stunnel documentation and found that:
options=NO_SSLv2 placed in stunnel.conf disables SSL v2.
I added this line to the stunnel.conf used by cpanel. I know it's right file because then I made a type, cpanel couldn't load ssl.
Unfortunately, it didn't work. Nmap or simple openssl connection show SSL v2 enable on port 2087.
So, my questions:
1) What did I do wrong? Or it's something specific to cPanel. I don't think so, since according to cpanel startup script it just starts stunnel. If stunnel isn't loaded, I can't use 2087
2) How else I can fix it? Few people on internet mentioned disabling SSL2 during openssl build time but I couldn't find how to do it. I don't really want to mess with source code
3) Any other ideas? Make Apache/mod_ssl somehow listen to this port 2087 and redirect it to 2086?
My hosting support while being very responsive and quick couldn't help me. I found it strange, since it's a very large provider (no names) and it must be ecommerce sites hosted. They told me Cpanel can't be compliant with PCI. I don't really believe since cpanel is nothing more that bunch of control scripts used only for site management
install tomcat in one location and have multiple instances running for individual clients:
Why would you want to do this:
==============================
1) Install tomcat in 1 location and have x number of instances running on a per client basis
2) Upgrade tomcat and have it propagate to all clients
3) Limit the resources each tomcat instance uses
4) Tomcat runs as the individual user rather than "root" or "tomcat"
5) Each user has its own manager; hence, no security risk to others
6) Start/Stop/Restart tomcat instances without affecting other clients who also have a tomcat instance
Assumptions:
============
1. Tomcat is installed in: /usr/local/tomcat (TOMCAT_HOME)
2. Instances are installed in: /usr/local/tomcat/instances
3. Java is installed somewhere on your machine
Step 1 - Create a Tomcat Instance
=================================
- Create a directory in /usr/local/tomcat/instances/user1 (CATALINA_BASE)
- Create a set of directories (conf,temp,logs,webapps) in $CATALINA_BASE
- Copy web.xml,server.xml,tomcat-users.xml from $TOMCAT_HOME/conf to $CATALINA_BASE/conf
- Create a bash script called user1startstop.sh as follows and make it executable
Quote:
#!/bin/bash
export INSTANCE_NAME=user1
export CATALINA_BASE=/usr/local/tomcat/instances/user1
#This is where you'd be able to restrict the memory usage
export CATALINA_OPTS=" -Djava.awt.headless=true"
# Call the jsvc script to launch the Tomcat instance
/usr/local/tomcat/bin/Tomcat5.sh $1
Step 2 - Configure the Tomcat Instance
======================================
- edit $TOMCAT_BASE/conf/server.xml:
Replace: ... port=8005 with port 8101 ... This is shutdown port
Replace: ... port=8080 with port 8201 ... This is http port
Replace: ... port=8009 with port 8301 ... This is the AJP port
- edit $TOMCAT_HOME/conf/workers.properties
Add: user1 to worker.list=ajp12,ajp13...
Add:
worker.user1.host=localhost
worker.user1.port=8301
worker.user1.lbfactor=1
worker.user1.type=ajp13
Under:
DEFAULT ajp13 WORKER DEFINITION
Step 3 - Modify Main Tomcat (One-Time)
======================================
Edit $TOMCAT_HOME/bin/Tomcat5.sh
Add:
Quote:
DAEMON_HOME=/usr/local/tomcat/bin
PIDFILE=/var/run/jsvc-$INSTANCE_NAME.pid
TMP_DIR=/usr/local/jakarta/servers/$INSTANCE_NAME/temp
TOMCAT_USER=$INSTANCE_NAME
Modify start case with the following:
Quote:
$DAEMON_HOME/jsvc
-user $TOMCAT_USER
-home $JAVA_HOME
-outfile $CATALINA_BASE/logs/catalina.out
-errfile $CATALINA_BASE/logs/catalina.err
-pidfile "$PIDFILE"
-Dcatalina.home=$CATALINA_HOME
-Dcatalina.base=$CATALINA_BASE
-Djava.io.tmpdir=$TMP_DIR
$CATALINA_OPTS
-cp $CLASSPATH
org.apache.catalina.startup.Bootstrap
;;
Modify end case with the following:
Quote:
PID=`cat $PIDFILE`
kill $PID
rm $PIDFILE
;;
Step 3 - Configure Apache
=========================
- Edit httpd.conf
Add the following code under the VirtualHost definition of the user in question:
<IfModule mod_jk.c>
JkMount /*.jsp user1
JkMount /webapps/* user1
JkMount /servlets/* user1
JkMount /servlet/* user1
</IfModule>
Step 4 - Restart Apache
Step 5 - run $TOMCAT_INSTANCE/user1startstop.sh start
That's it.
I have 5 instances of tomcat running on my machine and it works like a charm.
I have installed PHP5.5.12 as the secondary php version. The primary version (installed with plesk) is php5.4 .
Now when I try to install extensions, every time they are installing to the primary version.
How can I install extensions special for the other version?
I have Debian 7 x64 and parallels plesk 11.5
Depending on where u are at on my site (documents pages, training, main root, etc.) will depend on which type of background, footer, header and the like you'll get. Now I was thinking. Is there a way to have multiple error messages for more then one page depending on where you are at on a site? Right now it's intranet site and a modded snitz forum. What is the code and were does it go and in which apache conf file(s) does it go in?
View 1 Replies View RelatedIs it possible to install Plesk 12 to Debian Jessie with the autoinstall script?
View 7 Replies View RelatedI need to setup SSL.
I've never used SSL on any of my websites and I've never really understood how the certificates work.
I understand that SSL is used as a secure connection protocol (https://) and that it needs a valid certificate so that the encrypted data transfer can be committed.
OK makes sence, but why do some websites seem to have such difficultly setting up valid certificates?
You can setup SSL by with Apache + OpenSSL, but why do website hosting providers still allow you to purchase SSL certificates (isn't it supposed to be free)?
Finally, is it possible to setup SSL for a multiple-domain (Victual Host) server?
I have a client who requested me to do a website for his credit union company.
Some of the pages are forms that require customers to enter crucial information ie ssn etc etc. I told him that this can be broken into..and therefore he would need a secure way of transmitting this information. Therefore would the SSL certificate work for this issue? Where do i get one? We have a dedicated server and do i need to configure anything on that? Where can i get a trusted SSL Certificate, and ofcourse help to install it.
if you could recommend a place to get a certificate... I have seen many people talking about that you could get a rapidSSL for $15 +/- , but I was not able to find any sites that low.
View 14 Replies View RelatedA year ago I bought a Geotrust quick SSL vertificate from my dedicated server host for about 299.
Now I see companies like server tastic selling the same Geotrust cert for $79 ehen Geotrusts website is still $299. How can that be? what am I missing here.
who offers the best package?
View 5 Replies View RelatedIf your provider has a self-signed ssl.. anyway you can import those into clients like Outlook or Windows Mail (formerly OE6 on XP)
To stop the nagging prompts.. or is there a setting to stop prompts?
I purchased an EV SSL Cert, and all is fine. Installed via cPanel, and I get the green address bar in Firefox, but not in IE.
Comodo (the vendor) have an Auto-Enhancer feature which automatically tells IE to give me a green bar. They state in their FAQ the following instructions to install the feature:
Replace the bundle file that is in use for the web site.
Use the 'SSLCertificateChainFile' directive instead of the 'SSLCACertificateFile'/'SSLCACertificatePath' directives.
I have download a .CA-BUNDLE file from them.
Please tell me, now what do I do? I am at a lost at their instuctions, and going by my dealings with them, I think I can get help from you guys more accurately and quickly.
The server runs WHM/cPanel 11 with Apache 2 with mod_ssl. Full root access, but I am a Linux newbie.
I do web hosting (reseller); how much, in USD per year, do you think is a "reasonable" fee to charge clients for a shared SSL connection ?
The SSL is going to cost me $$ per year and I may have some use for it, but if clients want a shared SSL, instead of buying their own, I need to apportion the costs I incur somehow, and (maybe) make some small profit. I see the shared SSL as more of a service, but clients should pay _some_ $$ if they want to use one.
Any ideas on how much I should charge, please ?
Thanks,
Peter
I'm just looking for some background information or a place where I can learn more about this.
Here's the problem:
The web site runs on a dedicated Apache server. There's 2 SSL certificates installed, one for e-commerce for https://www.mysite.com and one to help with the administrative interface for https://admin.mysite.com. I run a custom php application that forces the web page from http://www.mysite.com to https://www.mysite.com when going to an e-commerce page.
Generally everything runs Ok but a few times this year there has been a problem where the php application points to https://www.mysite.com/ecom.php but instead it gets https://admin.mysite.com/ecom.php and gets a page not found.
In discussing this with my web hosting company they claim they haven't changed anything but they do manage to fix the problem and get the web site working correctly again.
I generally figure that the web hosting company has done some type of maintenance on the web server and messed-up the dns entries or something for the SSL part of the web site but this is really outside my area of experience. I'm trying to understand what went wrong and where the entries are that determine when going to SSL which SSL certificate/URL is used.
My website is currently running on http and the plesk control pannel is running on https
However the certificate for https for the plesk panel is out of date and self signed therefore web browsers promit its not valid.
I want to get a valid SSL certificate for https for Plesk, Client/Billing area and the main website.
I want to do it as easy as possiable (as I'm not one for technical stuff but if it was resoniable I could give it a go)
I dont want a self signed and want to try to go for something free or very cheap.
Any got any suggestions? I've looked around and come up with companys wanting alot of money I did come across another which was free but it was self signed.
I currently have a reseller accounts from Thawte, Comodo, and RapidSSL, but have realized that I can purchase Comodo and Geotrust SSL certificates cheaper from Namecheap.com and Enom.com
Namecheap.com support is (as always) superb. Any opinions from Enom.com support?
What about Resellerclub.com? I know that they recently started to sell Thawte certs at very good prices. How good is their support?
I have an ssl certificate installed on my main server. How can I encrypt a page on a website hosted on that server sharing the certificate?
View 11 Replies View RelatedTo cut costs I'm planning on eliminating my VPS and will just host the few sites that I have on my home-office network. However I have 1 site that requires a SSL certificate. Is there an inexpensive solution for doing this that doesn't cost into the thousands per year?
View 14 Replies View RelatedAny recommendations on the cheapest ssl certificates out there.
View 7 Replies View RelatedIf you use SSL certificate, how much do you pay for it per year?
Allwebnow.com offers it for $99.99 per year.
Can an SSL certificate be issued to any tld. Does country matter etc?
View 2 Replies View RelatedI am continuously getting this error message in my error_logs
Invalid method in request x16x03x01
I searched and found out that it is something to do with httpd.conf configurations and SSL. So I asked my provider to check it and solve. First they acknowledge that it was SSL issue but later I was told
Quote:
Since cPanel controls how the virtualhosts are configured this error most likely cannot be fix since cPanel will just revert the change. ..... The SSL connection with the selfsigned cert works beyond kicking out the error, but again cPanel controls the httpd.conf and how the * virtualhosts are configured.
So my question is, Is it common to have this error message with a cPanel VPS?
Is there any solution?
I think I hit this error every time when I login to WHM or cPanel of every domain.
Should this be fixed or it's not exactly an issue.
I am trying to add some new features to my hosting business and have a couple of questions. I have cpanel/whm and clientexec. I would like to offer shared ssl to my customers but don't know how to set that up. Also, how do this hosting companies offer free ad credits to yahoo and google? Is that something you talk to yahoo and google about setting up or what?
View 4 Replies View Related