System SSL Certificates

cleverwise · February 14, 2014, 9:20am

Hello Community,

As a user coming from the WHM/Cpanel panels I am still learning how InterWorx (IW) handles certain functions. I noticed that IW generates several SSL certificates. My question here is are these static keys/crts or randomly generated with each install?

In otherwords is every IW install using the same key and crt on installation?

Thanks!

d2d4j · February 14, 2014, 9:26am

Hi clevereise

Welcome to interworx

I believe the SSL are randomly generated for each siteworx.

If you want to test, just create 2 test siteworx accounts, and goto generate for SSL and you will see all details from private key through to chain are different, once you view them.

If by chance you can only generate for 1 siteworx SSL, goto nodeworx, server settings, settings, and set for shared ip SSL.

I hope that helps

Many thanks

John

cleverwise · February 14, 2014, 9:31am

Thanks for the greetings.

Well I was referring to the system like nodeworx. When you log into the nodeworx panel at port 2443 are all IW installs using the same SSL cert or does IW generate an unique combination for each setup? If not that means by default we are all using the same SSL keys/crts for system logs like our nodeworx, qmail, etc. Which wouldn’t be good security.

d2d4j · February 14, 2014, 9:44am

Hi cleverwise

You set the server SSL from nodeworx, for services like web, email etc… But if your using shared ip SSL, it works slightly different to how I first thought, so to answer quickly, if only server SSL installed, and set to all services and no other SSL installed on your ip, it uses this SSL

Now you have 2 choices, you can set a dedicated ip to a domain and install SSL and both are seperate, ie server SSL on shared ip and dedicated SSL

However, if you install your server SSL and also install a SSL on shared ip siteworx account, it would only use the SSL for the siteworx account installed, so to overcome this, you need to set a siteworx account for your server SSL, which would then seperate them out, but any https request would show as the SSL for the lowest alphabetical ssl, ie both SSL work lovely but if another siteworx account without an SSL setup would show the https webpage of the lowest alphabetical SSL siteworx account.

Interworx are aware of this, and actively working on changing this.

I’m sorry if my post is rather long or confusing, sorry but if you look through the forum, you’ll see my post explains this.

Many thanks

John

cleverwise · February 14, 2014, 9:54am

Thanks.

Yeah my concern here isn’t about separate sites but rather when logging into the main Nodeworx control panel if all us IW users are using the same system SSL certificate or if IW is generated a random one on each IW install.

d2d4j · February 14, 2014, 10:06am

Hi

Sorry if I’m not fully understanding your post.

If I understand correctly now, if you have more then 1 iw server, each will use their own randomly generated private key, csr etc.

If you wish to match them, you can copy and paste the keys etc when you first generate it ie private key etc.

I hope that helps and apologise if I’m wrong or still have not understood.

Many thanks

John

cleverwise · February 14, 2014, 10:24am

Thanks! That’s what I was wondering as I only have one IW install right now. I was curious if the default system certs were the same or unique. It is good to know they are uniquely generated. So when logging into port 2443 on three different IW servers they are all different. That is far better security.

Thanks again!

cleverwise · February 15, 2014, 6:28am

BTW I thought I would mention I just generated new SSL certs for all functions like Qmail, ftp, IW-ssl, etc. This way I know they are all unique for sure. I thought I would leave this note for future readers of this thread.