cPanel® Blog

SSL Improvements for cPanel & WHM

Screen Shot 2013-04-24 at 11.29.50 AM

The internet is brimming with online stores, merchant gateways, and more e-commerce solutions than you can shake a stick at. With such a quickly growing market, the ability to securely communicate across a network became a necessity. Technologies, like SSL and TLS for example, have stepped up to fill this ever growing requirement. For users who are running their own stores, or who simply want to be able to securely access their email, an SSL or TLS certificate is a necessity.

cPanel & WHM 11.38 will be seeing a number of new SSL improvements in the form of usability changes, SNI support, and support for multi-domain certificates. Recently, I was able to sit in on a demonstration of these new features to see for myself what this offering includes.  

Enhanced Error Checking

A number of niceties have been added to the user interface to make the process of installing a certificate more straight forward and much more foolproof.

Enhanced Error Checking steps when attempting to install a certificate on a server. In the event that there’s an issue with the certificate cPanel & WHM will deny the installation to prevent the certificate from being installed on the server. Additionally, it will let the user know that there is an issue that needs be to resolved in order for the installation to result in a working certificate.

Server Name Indicator (SNI)

Currently, it’s common for each SSL Certificate to require its own dedicated IP address. The cost of this address is typically being passed down to the end user.

SNI is able to change this paradigm by indicating what hostname the client is connecting to at the start of the handshake process. This allows a server to have multiple certificates all installed on the same IP address. Users on shared servers, that support SNI, will be able to install their own certificates and bypass the need for a dedicated address. While this saves on the cost of the dedicated IP address, this also helps reduce the need for extra addresses.

In order to experience the full benefit of SNI in cPanel & WHM 11.38, an operating system that supports this functionality will be needed as well. CentOS 6 is a prime example of such an operating system.

Multi-Domain Certificates (UCC/SAN)

What if I’m using an operating system that doesn’t support SNI, such as CentOS 5?

As an alternative to SNI we have also taken steps to improve our support for multi-domain certificates. These allow users to add multiple domain names to a single certificate, and multi-domain certificates can be installed onto shared IP addresses.

Within both cPanel & WHM, users can quickly create self-signed, multi-domain certificates and can additionally generate signing requests that they can then take to their SSL provider to have their permanent certificate created.

With all of the improvements coming it’s hard not to be excited for cPanel & WHM 11.38. You can expect to see these new SSL improvements soon.