Wednesday, June 23, 2010

Wildcard SSL on WHM and cPanel

I had the task of implementing a wildcard SSL for a client the other day. I search the web for info on doing this with WHM and cPanel and got a host of wild answers that made it sound difficult to impossible. When I got done, I was surprised by how easy it was. Here is what I did..

By the way, just as a disclaimer, this is from memory. If you have any feedback, let me know in the comments.

  1. Create an account for *.example.com (you must have a dedicated IP for the account for example.com)
  2. Generate private keys (Log into cPanel > SSL/TLS Manager > Private Keys (KEY)) for the domain *.example.com
  3. Generate a signing request (cPanel > SSL/TLS Manager > Certificate Signing Requests (CSR)) for the domain *.example.com
  4. Go to your favorite certificate issuer (RapidSSL, for instance) and get your certificate using the CSR you just created
  5. Upload your new certificate from your issuer (cPanel > SSL/TLS Manager > Certificates (CRT)) by pasting it in the box
  6. Install & enable the new certificate (cPanel > SSL/TLS Manager > Activate SSL on Your Web Site (HTTPS)) for example.com (it is missing the * but this is ok)
  7. Everything should be working now, so try it by going to https://example.com/
  8. Create a * sub-domain so that all sub-domains will work (cPanel > Subdomains) directing them to the document root of public_html
  9. Create a folder in public_html for each sub-domain you want to use
  10. Add these lines to your .htaccess file to rewrite the URL:

    # This line should only be in the file once, at the top
    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^mysubdomain\.example\.com$
    RewriteCond %{REQUEST_URI} !^/mysubdomain/
    RewriteRule ^(.*) mysubdomain/$1 [L]


And that should be it. Like I said, I am doing this from memory. But, this is the general outline to getting a wildcard SSL working on cPanel. It does work and is not that hard to get going, contrary to many other posts. If I missed something or did a step wrong, please let me know so I can update this post.

Peace!