cpanel error: Secure Connection Failed

[shauno]

Hey guys,

I'm trying to log on to my cpanel and am getting this warning (I changed my address to blah blah blah in this post for privacy, don't know if I needed to or not).

----------------------------------------------------------
Secure Connection Failed

blah blah blah uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_untrusted_issuer)
----------------------------------------------------------

I know I can add an exception to allow the certificate to work, but I was just wondering why this has happened, why isn't the security certificate valid, why has it been self signed? Doesn't seem right, to me it feels like having a car alarm installed but never using it :/


Any advice would be appreciated, thanks guys
shauno

[Sergey S.]

This happens because the certificate that is used on your cPanel has been issued by us to us. That is why it is called a self-signed one.
But we guarantee the 100% security of this certificate.

So as the certificate was generated by ourselves your browser doesn't know yet whether it is real or fake, but as we guarantee that it is real you just need to tell your browser that this one is ok and add it to the trusted ones.

So this car alarm is pointing to the places that are first of all suspicious rather than dangerous when you don't know who you are dealing with.

So as I have mentioned above, we DO guarantee the 100% Security of the certificate therefore now you know that you can trust this certificate.

[Alan B]

As Sergey says, a self-signed certificate is just as secure as a purchased cert. The only difference is that purchased certs come with a guarantee from an issuing authority, which web browsers recognize so as to avoid warnings. But, security level is the same.

[shauno]

Ah great, thanks for clearing that up guys, that puts my mind at rest

Thanks for the help, much appreciated
shauno

[JeffC71]

So how do we (and are clients) who use Firefox access our cPanels. When I get this warning and click OK Firefox just ignores the URL request and stays on the page it was on when prior to the warning.

I spent at least an hour in the live chat and when I had to leave was told I would have to either stay online with them till it was resolved or start again when I had some more time.

There is something wrong with your security certificates. Not because they are self signed but because when I go to add my domain as an exemption so I can bypass the warning I get an error saying:

-------------------------------------------------------------------------
An error occurred during a connection to xxxx.info:443.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)
---------------------------------------------------------------------------------

As can be seen in this screen shot:
http://screencast.com/t/I3nWKOAvJZ

Domain name hid.

[Taras O.]

Please try it the following way:

http://yourdomain.com/cpanel
or
http://yourdomain.com:2082
or
https://yourdomain.com:2083

Please pay attention to http and https prefixes.

[JeffC71]

Thank you taras.o. I just wish that the support person I was talking to last night knew to have me try those first.

http://yourdomain.com/cpanel
https://yourdomain.com:2083

Are still blocked. But this one works to get me through:

http://yourdomain.com:2082

Thank you as this gives me an easy solution to tell my clients. Much better then trying to explain to them how and why they need to set up server exemptions

Jeff C

[Arkadij S]

Hi Jeff,

http://yourdomain.com/cpanel is most likely to be blocked either by your local PC firewall, or by the firewall of your ISP. You can check it by temporary switching your firewall off.
If it lets you in, you can either leave your firewall turned off, or add an exception for port 2083.

It's about connectivity. As for painless usage of https://yourdomain.com:2083, you will need to add an exception for our self-signed certificate by means of your browser.

[Tony]

Actually, I think it's more secure to use https://yourdomain.com:2083 . It's always worked for me in Firefox. Note that I have this in Firefox's Tools>Options>Advanced>Encryption>View Certificates>Certificate Manager>Servers.

[JeffC71]

Thanks Tony,

I also think that https://yourdomain.com:2083 is more secure to use. However as I said above when I try to add it in Firefox's Tools>Options>Advanced>Encryption>View Certificates>Certificate Manager>Servers I get the following error:


-------------------------------------------------------------------------
An error occurred during a connection to xxxx.info:443.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)
---------------------------------------------------------------------------------

As can be seen in this screen shot:
http://screencast.com/t/I3nWKOAvJZ

This is why I say there is an error in the security scripts. But for the time being I'll simply use the login URL that works: http://yourdomain.com:2082

I am using Firefox 3.5.2 it is the only web browser I use as I am on a Linux system most of the time. When I am on my Windows 7 system I only use Firefox due to it's security and the large number of add ons that I use for work.

Jeff C.

[Maxim M.]

Hello Jeff,

Please give your domain name here or in PM and we will check that for your server. There should not be any problem adding the cert to the group of trusted.

[JeffC71]

Hello Jeff,

Please give your domain name here or in PM and we will check that for your server. There should not be any problem adding the cert to the group of trusted.

Well the domain I have been trying to add is 9th-hole.info. It is on of many that I have hosted with you. I have 2 reseller accounts. So far I have tried to add a few of my hosted domains and they are all giving the same error.

Jeff C.

[Maxim M.]

Did you try doing that directly from the error page:

click 'Or you can add an exception...' -> 'Add exception...' -> 'Get certificate' -> 'Confirm security exception'.

Was able to do that for 9th-hole.info successfully in my 3.0.13.

[Maxim M.]

And according to the error, you are trying to connect to the server through 443. So you need to either do it properly in the Properties -> Advanced or follow my instruction from the previous post.

[JeffC71]

Did you try doing that directly from the error page:

click 'Or you can add an exception...' -> 'Add exception...' -> 'Get certificate' -> 'Confirm security exception'.

Was able to do that for 9th-hole.info successfully in my 3.0.13.

Just for a point of refferance as I had said in a previouse post I am using 3.5.2 and it does not give the option to click 'Or you can add an exception...' it only gives the option to click OK and then does nothing.

Jeff C

[JeffC71]

And according to the error, you are trying to connect to the server through 443. So you need to either do it properly in the Properties -> Advanced or follow my instruction from the previous post.

Thank you for pointing this out. I was unaware that I had to add :2083 to the domain when adding it as an exemption and was just entering my domain. I have now been able to add them as an exemption.

Just would prefer to not have to need to explain all this to my clients and not sure why it is that the larger hosting compainies don't have this problem.

Jeff C.

[Catprog]

Just checking something.

Is this correct for the subject's public key under firefox?

Modulus (1024 bits):
bd ad 69 f1 de 66 5a 4f 21 14 14 d3 29 9c 3f aa
5e 5e da e2 f9 ba 9d 7b f3 0c 12 91 cf 1e 7f d1
08 9d e9 44 35 44 e0 77 ca 8f ff 21 5e 70 ab 38
aa f6 f1 ce 02 bf f8 02 69 b4 60 2e e7 5d ea 27
6d 46 b1 9a db ea ac d9 76 b3 f4 5e 29 7a 41 91
05 d2 5c 66 7a 79 11 03 5d bf e6 36 cc 3c 61 27
6c 01 b2 b1 b5 17 d7 0a 2b 93 61 b9 07 33 a3 a5
d6 bf 61 35 88 d6 fd a0 c6 01 ec ea 79 1c 36 ef

Exponent (24 bits):
01 00 01