Reseller Control Panel SSL

(version 2.3 RC3 and higher)

 

Related Docs:   Securing Your CP with SSL (Sysadmin guide) Installing Shared SSL Certificates Securing Transferred Data through SSL (User guide)


H-Sphere version 2.3 and higher allows securing reseller control panels with SSL by allocating either spare IPs or open ports to the control panel server. It is available only for Apache installations of H-Sphere because it uses virtual hosts in the Apache configuration file.

In one reseller plan, you can use either IP-based or Port-based reseller SSL, not both. Although you can set different types of CP SSL protection for different reseller plans, it's highly recommended to use IP-based Reseller CP SSL in contrast to port-based. The reason for this is that Internet is widely accessed from behind firewalls and proxy servers that don't allow using random ports.

This document explains how to:

 

Enable reseller control panel SSL protection

Step 1: Add and register index.conf file.

  1. Log into your control panel server as root.
  2. Make sure you have the following line in the /hsphere/local/home/cpanel/apache/etc/httpd.conf file:
    include /hsphere/local/home/cpanel/apache/conf/sites/index.conf
  3. Open file ~cpanel/shiva/psoft_config/hsphere.properties
  4. Make sure the following variables are there and uncommented:
      Note: If you don't add these variables, Reseller CP SSL won't be working. So make sure to do it.
    • For IP-based SSL:
      RESELLER_SSL_SEC_PORT = 8443
      RESELLER_SSL_INSEC_PORT = 8080
      You may need the ports changed, e.g. to 443 and 80 correspondingly.
    • For port-based SSL:
      RESELLER_SSL_PORT_RANGE = 8440, 8444 - 8449, 8451, 8453-8468
      It's a possible range of ports for port-based CP SSL to be created on. Make sure that ports are open.
  5. Check if you have the sites directory in the /hsphere/local/home/cpanel/apache/conf/ dir. If you don't, create it:
    mkdir /hsphere/local/home/cpanel/apache/conf/sites
    and make file index.conf inside it:
    touch /hsphere/local/home/cpanel/apache/conf/sites/index.conf
  6. Restart H-Sphere

Step 2: Check Global Resources for Reseller CP SSL in your admin CP.

  1. Log into your admin control panel.
  2. Select Global Resources in the INFO menu. The following page appears:
  3. Make sure that Reseller CP SSL is checked i.e. enabled entirely for the whole system.
    - If they are checked, leave as they are.
    - If they are unchecked, check them and click Submit.
    Note: be careful because unchecking the boxes will disable Reseller CP SSL entirely.

Step 3: Include Reseller CP SSL in Reseller Plan Wizards

This step is most important for resellers. For the resellers to be able to secure their control panel, Reseller CP SSL needs to be included in the plan settings:

  1. Select Plans in the INFO menu.
  2. Click the name of the reseller plan to start the wizard.
  3. On the first step of the wizard, scroll down to the Reseller CP SSL section and select the type of CP SSL you want to be enabled in this plan.
    Note: If you select Disabled, reseller CP SSL will be disabled for all accounts under this plan.
  4. Confirm changes in the Plan Wizard by clicking Submit through all steps.

Step 4: Add spare IPs to the control panel server.
*Note: Port-based CP SSL uses CP IP, so skip this step if you are setting port-based SSL.

  1. Log into your admin control panel.
  2. In E.Manager, select the cp logical server and add Reseller SSL IPs

Step 5: Install SSL certificate.

  1. Log into reseller control panel.
  2. Select DNS Manager in the E.Manager menu and create a DNS Zone if it has not been created before.
  3. Select Server Aliases in the DNS zone settings.
  4. Add CP Alias that points to the control panel logical server:

    The CP alias name should coincide with the domain name you are going to secure.

  5. Select CP SSL Manager in the E.Manager menu.
  6. On the page that shows, turn on CP Alias to enable it in the system:
  7. On the page that appears, you have two choices:
  • Generate a temporary wildcard certificate by clicking the link at the top of the window;
  • Enter your existent wildcard certificate by entering it in the form.
  • Click the Submit button to install the certificate.
  • On the page that shows, CP alias turns on. In the Action section you can:
    • Click the Edit icon against the alias to edit certificate data or to enter new keys .
    • Click the Change icon to change current reseller CP URL to the secured URL you have bought SSL certificate for.

    Note: Select DNS Manager in the E.Manager menu. If you have set IP-based CP SSL, cp server alias becomes an A DNS record.

    Step 6: restart H-Sphere

     

    Disable reseller control panel SSL protection

    1. Go to CP SSL Manager in the E.Manager menu.
    2. Turn off Reseller CP alias in the Action entry.
    3. Go to Server Aliases in the E.Manager menu.
    4. Remove server alias for the cp logical server and add it again.

     


    Related Docs:   Securing Your CP with SSL (Sysadmin guide) Installing Shared SSL Certificates Securing Transferred Data through SSL (User guide)







    Home   Products   Services   News
    © Copyright. . PSOFT. All Rights Reserved. Terms | Site Map