Getting a security certificate error when logging into cPanel?

[Jason]

UPDATE: September 6, 2015.  All servers have been converted to Globalsign certificates today and should no longer prompt the security warnings mentioned in this topic.  Details are located in this thread: CLICK HERE.
-----------------------

If you're running one of the newer browsers available (IE7/8, for example) and you get a security warning when trying to login to your cPanel, it may be because of how newer browsers are treating self-signed certificates.

If you're logged in as an administrator on your computer, you should be able to "add an exception" to view and accept the certificate.  Verify the hostname and the "valid dates" are accurate first, of course.  If you have any questions, definitely contact support -- it's far better to be safe than sorry.

However, if you are not logged in as an administrator (especially in IE7+) you may not be able to add the exception.  Here's a good doc one of our customers shared that may be useful for those of you on Vista:  (Thanks ShaneR!)

http://msmvps.com/blogs/cgross/archive/2006/10/23/Vista-RC2_2C00_-IE7-and-SBS-Self_2D00_Signed-Certs.aspx

Otherwise, most browsers will allow you to add an exception.  You should only have to do this once (per computer you use) and then once a year when we regenerate the certificates.

If you spot an invalid date where the certificate shows expired, please contact me (email or a ticket) so they can be renewed.

Thanks!

[Jason]

To add to this topic, here are instructions that work in IE8/9 and Firefox.  I've noticed IE8/9 makes it more of a pain to accept a cert so you don't have to click through every time with warnings.

http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certific

How to make IE8 trust a self-signed certificate in 20 irritating steps
1    Browse to the site whose certificate you want to trust.
2   When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
3  Select Tools->Internet Options.
4   Select Security->Trusted sites->Sites.
5  Confirm the URL matches, and click "Add" then "Close".
6  Close the "Internet Options" dialog box with either "OK" or "Cancel".
7  Refresh the current page.
8  When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
9  Click on "Certificate Error" at the right of the address bar and select "View certificates".
10  Click on "Install Certificate...", then in the wizard, click "Next".
11  On the next page select "Place all certificates in the following store".
12   Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
13   Back in the wizard, click "Next", then "Finish".
14   If you get a "Security Warning" message box, click "Yes".
15   Dismiss the message box with "OK".
16  Select Tools->Internet Options.
17   Select Security->Trusted sites->Sites.
18  Select the URL you just added, click "Remove", then "Close".
19  Now shut down all running instances of IE, and start up IE again.
20  The site's certificate should now be trusted.

Firefox 8.0.1.   
The way it works there is when you go to webmail, (or cpanel), it will say "The Connection is Untrusted."  On that page near the bottom is an expandable link that says "I Understand the Risks."  If you click that, there is a button there that says "Add Exception."  Click on that.  On the next page, there is a checkbox at the bottom that says "permanently store this exception."  Make sure that's checked and then click the "Confirm Security Exception" button.     That should do it.

[Jason]

Last week I received a great suggestion to post the fingerprints of the certificates we use on our servers on a page that's SSL-secured by a verifiable (third-party) provider. 

Below are the fingerprints as of today for all servers.  You can refresh this page by clicking below to view it via https instead of http.  That way you know the page is SSL secured.

https://www.charlottezweb.com/forums/index.php?topic=1218.0

Please post here if these get outdated.  The certs only last a year and they aren't all in sync so they may get outdated quickly if we don't monitor it closely.



Regards,
Jason   

[dania]

Its a right pain Jason...once a day or thereabouts I don't mind a bit.

[Jason]

Its a right pain Jason...once a day or thereabouts I don't mind a bit.

Technically you should only get it about once a year unless you use multiple machines. 

[Pam]

Jason,

Everything was golden until I got to step 9 in the 20 irritating steps instructions above.    

I'm not seeing "Certificate Error" on the right hand side of the address bar as I have in past years?

I'm running IE9.

Any suggestions?

Thanks!

[Pam]

Disregard my last post Jason . . . I figured it out

[Pam]

Okay . . . I'm back again

I've gone through the 20 step process twice now and I'm still receiving the certificate error?

What now?

Thanks . . . again.

[Jason]

Which url are you access so I can try to recreate?

[Pam]

http://thefunnyfactor.net/cpanel

[Jason]

I just completed the "20 Steps" in IE 11 and after shutting down IE and relaunching it, it's working perfectly without errors.

Are you doing the install as a local admin on that machine?

[Pam]

I'll try again as admin and be back . . .

[Pam]

I ran as admin and got the same results?

[Jason]

Hmm.  It's working for me.  It let you do every step as listed 1-20?   At step 14, did you get the popup to install the cert for Blackice.charlottezweb.com?

To be clear, you are currently logged in as a user with full administrator rights on your machine?  Not a regular user?

[Pam]

Yes, I'm logged in with full admin rights.

I'll recheck step 14 to answer your other question and be back . .