HowTo Setup a Wildcard SSL Cert in CPANEL / WHM running Apache 2
After reading several blogs saying this was not possible I almost gave up on this, but finally got it working - wohoo!
After installing the wildcard cert and setting it as the shared ssl cert in whm, any subdomain would take me to the website owned by the user I installed the cert for. This was a big clue so I tried installing it for user nobody. After that every https://subdomain.server.com took me to the default cpanel "your server is running page". In the end I could not get it to magically work, but I was able to find a simple solution, much simpler than creating a bunch of apache rewrite rules or installing seperate ips for each domain wich was the solution I was finding in the forums.
Ok, so here is how to do it step by step starting with purchasing your wildcard cert.
- Generate the Certificate Signing Request (CSR) in WHM / CPANEL make sure you enter the host as *.domain.com or www*.domain.com
- Purchase the wildcard certificate using the CSR you generated
- Click Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com - enter the servers shared ip for the ip address
- For each subdomain you want to use the shared cert for, repeat step 3, but replace *.domain with subdomain.domain.com and set the user to the user for subdomain.domain.com
Thats it!
Note: This no longer works in WHM v11.24.2
You can still setup multiple subdomains using a wildcard cert on the shared ip, but you have to manually edit your httpd.conf file.
Example VirtualHost Entry: For mysite.com owned by user fred where the wildcard cert is installed for *.myserver.com
<VirtualHost 192.168.1.100:443>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /home/fred/public_html
ServerAdmin fred@mysite.com
UseCanonicalName off
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
CustomLog /usr/local/apache/domlogs/mysite.com combined
CustomLog /usr/local/apache/domlogs/mysite.com-bytes_log "%{%s}t %I.\n%{%s}t %O ."
## User fred # Needed for Cpanel::ApacheConf
<IfModule mod_suphp.c>
suPHP_UserGroup fred fred
</IfModule>
<IfModule concurrent_php.c>
php4_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/lib/
php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
php5_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/local/lib
/php:/tmp"
</IfModule>
<IfModule !concurrent_php.c>
<IfModule mod_php4.c>
php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/l
ib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/local/
lib/php:/tmp"
</IfModule>
<IfModule sapi_apache2.c>
php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/l
ib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
</IfModule>
</IfModule>
<IfModule !mod_disable_suexec.c>
SuexecUserGroup fred fred
</IfModule>
ScriptAlias /cgi-bin/ /home/fred/public_html/cgi-bin/
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/*.myserver.com.crt
SSLCertificateKeyFile /etc/ssl/private/*.myserver.com.key
SSLCACertificateFile /etc/ssl/certs/*.myserver.com.cabundle
ErrorLog /usr/local/apache/domlogs/mysite.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/mysite.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Directory "/home/fred/public_html/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# To customize this VirtualHost use an include file at the following location
# Include "/usr/local/apache/conf/userdata/ssl/2/fred/mysite.com/*.conf"
</VirtualHost>
Notice the las two commented lines. If you want to make sure that cpanel doesn't overwrite your changes you should save this virtual host defenition in /usr/local/apache/conf/userdata/ssl/2/fred/mysite.com/mysite.com.conf.