This server's certificate is not trusted - SSL labs - Knowledgebase

Portal Home > Knowledgebase > Articles Database > This server's certificate is not trusted - SSL labs

This server's certificate is not trusted - SSL labs

Posted by The_Dsigner, 05-21-2015, 12:19 PM
I ran an SSL scan of my new dedicated server and its giving me a Grade of "T"? Saying my certificate is not trusted. Its a self-signed cert given by WHM. Do I need to purchase an SSL sert for the WHM itself or just for the Cpanel accounts? Thanks
Posted by SSL-Vince, 05-21-2015, 02:25 PM
Hi Dsigner, As you have observed, the "T" grade indicates the certificate is not trusted. This is because self-signed certificates are not issued by a legitimate CA, but instead created by yourself. Legitimate CAs like Symantec and Comodo have "Root Certificates" which are trusted by software and operating systems such as Windows. When you purchase a certificate from them, they validate you and issue you are certificate from their Root. Then you are able to use that certificate and establish a SSL connection without any errors or warnings about not being trusted. Since you are not a trusted party, your self signed certificates will result in an error/warning when people visit the page serving that certificate. This is to enforce the authentication provided by SSL. Any site where you want yourself (or your users) to connect via HTTPS without getting a warning, you will need to use a certificate signed by a CA. So yes, you will likely want to purchase a CA-signed cert for WHM and possibly your cPanels as well. There are many options out there for basic single name certificates for <$10/yr. There are also Wildcard Certificate which can be used to secure unlimited subdomains (for instance a Wildcard for "*.domain.com" would cover all subdomains that are in place of the "*"). This may be a better option if you have a lot of cPanel accounts. If you have any questions about what the best/cheapest SSL configuration would be, please post some examples of the FQDNs you need covered and I would be happy to help. Sincerely, SSL-Vince
Posted by The_Dsigner, 05-21-2015, 02:28 PM
Thanks for the reply Vince. Is there a difference between a cert for the WHM and one for a Cpanel? e.g: should I have a cert for the hostname of my server and another individual one for a website running in a Cpanel account? I don't have any subdomains just a couple of individual domains running on their own cpanel accounts. Thanks
Posted by EthernetServers, 05-21-2015, 02:42 PM
For cPanel/WHM/Webmail: WHM --> Service Configuration --> Manage Service SSL Certificates For Domains: WHM --> SSL/TLS --> Install an SSL Certificate on a Domain You may like to take a look at both interfaces, as well as the cPanel documentation for each: https://documentation.cpanel.net/dis...L+Certificates https://documentation.cpanel.net/dis...te+on+a+Domain
Posted by SSL-Vince, 05-21-2015, 02:50 PM
You will need a certificate for each hostname that people will be visiting. So for example, if you login to WHM at "whm.domain.com" and cPanel at "controlpanel.com" you will need SSL certificate(s) that cover those names. So in short, yes, you need a certificate for each hostname. But you do not need to worry about getting an SSL certificate specifically made for WHM or cPanel. SSL protects a domain name(/hostname) and does not care about what you are running on that domain. Last edited by SSL-Vince; 05-21-2015 at 02:52 PM. Reason: Adding content
Posted by The_Dsigner, 05-21-2015, 02:55 PM
I'll probably get one for the WHM hostname, but is it really necessary to purchase one for a small wordpress blog with no e-commerce service present in one of my CP accounts?
Posted by EthernetServers, 05-21-2015, 03:00 PM
It's not - no.
Posted by The_Dsigner, 05-21-2015, 03:01 PM
great thanks for the clarification guys!
Posted by SSL-Vince, 05-21-2015, 03:07 PM
That would be up to you. My personal view is that all sites need SSL because it helps protect your visitors privacy (even if they are not sharing a credit card number; just the very act of reading up on a particular topic can be used to identify someone). But it is not necessary to do this - I just have strong personal beliefs about privacy. BUT, Im betting you are likely logging in to Wordpress to post on the back end and tweak settings? Without SSL, your password and other things you are doing in the admin panel could potentially be snooped on.