Shared SSL and CP Manager

bro

Perch
Re: the previous announcement that shared ssl was to be temporarily suspended, how long is temporary going to be?

Bearing in mind that the only alternative to this is to use up more IPs and pay for a number of certificates, I would think this is a priority. I have a Roundcube setup that uses it, for example, as the Hsphere-provided webmail does not allow SSL connections. Customers are less willing than ever to use non-secure connections for their email, and it was the cause of a major web-design client taking their business elsewhere, in my case.

---
CP SSL Manager is down, too, by the way. I was investigated getting a certified SSL for that, but there was no way to generate the CSR as shown in the Hsphere instruction. The link was missing. Now it's all missing...
 
This issue is coming due to the move to 2048bit SSL certs and Hsphere not wanting to accept it properly. We would recommend a move to a dedicated IP and then using StartSSL to make yourself a free certificate, it will be non shared, and also allow you to use your domain directly. http://www.startssl.com/?app=1

There is apparently a problem with current Hsphere version and the SSL certificate used for Shared SSL feature. We need to forward this issue to Parallels for further investigation. This process can take much time.
As a convenient alternative we suggest you to try free SSL certificate from startssl.com.

And we are not sure if Hsphere will support this or not and if the do when so we are fully dependent on them for now.
 
I can see why JH might have their hands tied in this instance, but I'm registering my displeasure with the removal of still-advertised features of the plan I pay for, and the other arbitrary changes in contracts, such as monthly charges for an FTP username.

Even if free certificates work, IPs are not free and cost more than they used to, and we're continually warned they won't be issued for non-essential reasons. It's not a good workaround for many situations, especially testing, and most hosts already offer secured webmail and shared SSL.

I thought the data center move was to facilitate more features, not reduce them or price them out. I will more likely move accounts with any SSL requirements to another host.

---

The reseller CP SSL Manager is still broken.
 
CP SSL is still being checked, Shared SSL was announced, and it will return one day, I can't say exactly when because it is dependent upon Parallels. There are several hiccups with that process. It has never worked exactly well and always was prone to breakage, and IPs are really only charged as they are getting more and more costly for us to have as well, we have to account for them and report with more detail than ever to get them, and it takes quite some time to process all this each request for more(and that is paid as well)

there already is a lot more offered with the new datacenter, and will be more, but it will NOT be tied to Hsphere in all ways going forward. While we will strive to maintain, upgrade resources here etc, our future cannot maintain tied to a dying product.
 
So, got a dedicated IP- needed support for that. Generated a certificate at startssl, and of course hsphere then declares an internal error when I try to install it. Support says it's invalid (though hsphere can't even generate its own temporary certificate without an error.)

Tried generating a CSR from hsphere instead, but startssl don't accept that because it's only 1024-bit.

Is it worth revoking this certificate and trying again, or am I just wasting my time with a free startssl certificate? Anyone else able to install one in less than a month?


[RS #ASW-82171-876]
 
So, got a dedicated IP- needed support for that. Generated a certificate at startssl, and of course hsphere then declares an internal error when I try to install it. Support says it's invalid (though hsphere can't even generate its own temporary certificate without an error.)

Tried generating a CSR from hsphere instead, but startssl don't accept that because it's only 1024-bit.

Is it worth revoking this certificate and trying again, or am I just wasting my time with a free startssl certificate? Anyone else able to install one in less than a month?


[RS #ASW-82171-876]

We will have to generate the CSR for you and send back to you.
For that we will need from you the Company/Person contact fields required in the CSR to generate the request. Pratik, Ashwani, and Akshay can all do this for you.
 
Thanks, PM'd to Pratik on his request.

There was some talk long ago of having a customer-updated wiki for these kinds of things, since the hsphere instructions are often poor or features mentioned are not enabled. It would still be a good idea...
 
I'm surprised....is it so!!??? How any company can abandon such good product? Is it that they are not developing or have planned to stop?

Parallels wants all to 'upgrade' to their still in progress plesk multi server(10 or less server) or parallels multi server panel(10 or more)

There have been some minor developments on Hsphere, and will be a few more, but still ironing out all that, but it is not a product in a major way looking to the future.
 
So to revoke my original 'free' certificate now costs $25, and I can't get another one unless I do that, so that the CSR support sent me 'might' work.

... (cut everything else I was gonna say)
 
Maybe ;)

I suspect you haven't caught up to me yet though so you're still good... actually, you still got a long way to go to get to my decade.
 
Just to report, I got a $8.95 Positivessl certificate and support installed it today (thank you.) In case anyone's still wondering...

1. Get a dedicated IP.
2. Ask support to generate the CSR (not hsphere)
3. Order the certificate
4. Activate the certificate, sending the CSR to the authority
5. Send the ssl certificate to support to install.

There was a large choice of server types when I activated the certificate, including 'hsphere'. I was under the impression we should choose Apache, but I guess that's just for CP certificates. I had to select IIS, as this site is on a win server. The Linux servers should be for Apache/ModSSL (there were 6 different Apache-type servers on the list.)

Last questions. For reseller CP certificates, is that still the right type of server?

(That probably all seems obvious now, but doing it wrong cost me $8.95...)


I suspect you haven't caught up to me yet though so you're still good... actually, you still got a long way to go to get to my decade.

Youngsters... what would we do without 'em?
 
Thanks for the step-by-step. I've always chosen IIS when submitting the CSR without issues over the years.

Youngsters... what would we do without 'em?

Somebody has to teach us old-dogs new tricks.

I bet I can still code circles around them in PASCAL on a Apple 2e or BASIC on an old TRS-80 (if I could only find where I put those 8" Floppies)...

... or probably not :evil:
 
Back
Top