Wildcard SSL Certificates in CPanel – How to put multiple sub domains on the same IP
ИконописиконографияКартиниA while ago I bought a wildcard SSL certificate so that I could use one certificate on multiple sub domains. This works great when each sub domain is on a separate server or if each sub domain has a separate IP.
As an example, we have several servers. Each server gets its own name. Something like server1.cmagic.biz, server2.cmagic.biz, server3.cmagic.biz.
If you setup a whole new server, it will have it’s own IP address. With a wild card certificate, you can setup CPanel on each server and use the same certificate for all three instead of having to purchase 3 separate certificates.
The tricky part is when you want to use the same certificate on more than one sub domain on the same server without using extra IPs.
The easy way to do this would be to setup another static IP for the new sub domain. In many cases though, this is a real waste and can be a technical roadblock to using SSL.
If you have followed the news on the facebook session hack, you know that SSL is a really good thing for keeping your sites secure. It is a waste though to have to setup a new IP every time you setup a new sub domain.
For example, one CPanel account can have www.cmagic.biz, payments.cmagic.biz, portal.cmagic.biz, and school.cmagic.biz.
Each sub domain serves it’s own purpose, but having 4 different IP’s so each one can use the SSL certificate is a waste if they are all on the same server and same account.
To setup a wildcard certificate so that you can share the same IP, you follow the same rules as if you were installing a standard SSL cert. Your main site will need its own static IP. After you get the wild card certificate issued, install it normally on the main website (e.g. use www.cmagic.biz as the host). This can be done in the WHM or in the CPanel interface (if it is enabled for you).
Once that is done, make sure to use CPanel to create each sub domain.
At this point, should be able to go to each subdomain using http. Once you switch it to https though, you will see the main site instead (e.g. payments.cmagic.biz will show www.cmagic.biz instead if using SSL). To get apache to direct things properly, you can add a virtual host entry to your HTTP.CONF file.
The easiest way to do this is to use the WHM (yes, you will need admin support for this) and use the Apache Include Editor (Service Configuration -> Apache Configuration -> Include Editor).
Under the Post VirtualHost Include section, paste the following and put your information for EACH subdomain in (e.g. your site name, your home directory, etc…). Once you save that and restart apache, your site can have multiple subdomains that all use the wildcard SSL certificate and the same IP and you don’t have to get too tricky. Using the WHM this way allows you to avoid command line editing and such.
ServerName subdomain.examplesite.com
ServerAlias www.subdomain.examplesite.com
DocumentRoot /home/example/public_html/subdomain
ServerAdmin websubdomain@examplesite.com
## User example # Needed for Cpanel::ApacheConf
UseCanonicalName On
UserDir subdomain
suPHP_UserGroup example example
php4_admin_value open_basedir “/home/example:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp”
php5_admin_value open_basedir “/home/example:/usr/lib/php:/usr/local/lib/php:/tmp”
php_admin_value open_basedir “/home/example:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp”
php_admin_value open_basedir “/home/example:/usr/lib/php:/usr/local/lib/php:/tmp”
php_admin_value open_basedir “/home/example:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp”
SuexecUserGroup example example
CustomLog /usr/local/apache/domlogs/subdomain.examplesite.com combined
CustomLog /usr/local/apache/domlogs/subdomain.examplesite.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
ScriptAlias /cgi-bin/ /home/example/public_html/subdomain/cgi-bin/
SSLEngine on
SSLCertificateFile /etc/ssl/certs/examplesite.com.crt
SSLCertificateKeyFile /etc/ssl/private/examplesite.com.key
SSLCACertificateFile /etc/ssl/certs/examplesite.com.cabundle
CustomLog /usr/local/apache/domlogs/examplesite.com-ssl_log combined
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown