Shared SSL and CP Manager

Discussion in 'H-Sphere Shared Hosting' started by bro, Aug 26, 2011.

  1. bro

    bro Perch

    Re: the previous announcement that shared ssl was to be temporarily suspended, how long is temporary going to be?

    Bearing in mind that the only alternative to this is to use up more IPs and pay for a number of certificates, I would think this is a priority. I have a Roundcube setup that uses it, for example, as the Hsphere-provided webmail does not allow SSL connections. Customers are less willing than ever to use non-secure connections for their email, and it was the cause of a major web-design client taking their business elsewhere, in my case.

    ---
    CP SSL Manager is down, too, by the way. I was investigated getting a certified SSL for that, but there was no way to generate the CSR as shown in the Hsphere instruction. The link was missing. Now it's all missing...
  2. Pratik

    Pratik SkyWalker Staff Member

    This issue is coming due to the move to 2048bit SSL certs and Hsphere not wanting to accept it properly. We would recommend a move to a dedicated IP and then using StartSSL to make yourself a free certificate, it will be non shared, and also allow you to use your domain directly. http://www.startssl.com/?app=1

    There is apparently a problem with current Hsphere version and the SSL certificate used for Shared SSL feature. We need to forward this issue to Parallels for further investigation. This process can take much time.
    As a convenient alternative we suggest you to try free SSL certificate from startssl.com.

    And we are not sure if Hsphere will support this or not and if the do when so we are fully dependent on them for now.
  3. bro

    bro Perch

    I can see why JH might have their hands tied in this instance, but I'm registering my displeasure with the removal of still-advertised features of the plan I pay for, and the other arbitrary changes in contracts, such as monthly charges for an FTP username.

    Even if free certificates work, IPs are not free and cost more than they used to, and we're continually warned they won't be issued for non-essential reasons. It's not a good workaround for many situations, especially testing, and most hosts already offer secured webmail and shared SSL.

    I thought the data center move was to facilitate more features, not reduce them or price them out. I will more likely move accounts with any SSL requirements to another host.

    ---

    The reseller CP SSL Manager is still broken.
  4. Stephen

    Stephen US Operations Staff Member

    CP SSL is still being checked, Shared SSL was announced, and it will return one day, I can't say exactly when because it is dependent upon Parallels. There are several hiccups with that process. It has never worked exactly well and always was prone to breakage, and IPs are really only charged as they are getting more and more costly for us to have as well, we have to account for them and report with more detail than ever to get them, and it takes quite some time to process all this each request for more(and that is paid as well)

    there already is a lot more offered with the new datacenter, and will be more, but it will NOT be tied to Hsphere in all ways going forward. While we will strive to maintain, upgrade resources here etc, our future cannot maintain tied to a dying product.
  5. bro

    bro Perch

    So, got a dedicated IP- needed support for that. Generated a certificate at startssl, and of course hsphere then declares an internal error when I try to install it. Support says it's invalid (though hsphere can't even generate its own temporary certificate without an error.)

    Tried generating a CSR from hsphere instead, but startssl don't accept that because it's only 1024-bit.

    Is it worth revoking this certificate and trying again, or am I just wasting my time with a free startssl certificate? Anyone else able to install one in less than a month?


    [RS #ASW-82171-876]
  6. Stephen

    Stephen US Operations Staff Member

    We will have to generate the CSR for you and send back to you.
    For that we will need from you the Company/Person contact fields required in the CSR to generate the request. Pratik, Ashwani, and Akshay can all do this for you.
  7. bro

    bro Perch

    Thanks, PM'd to Pratik on his request.

    There was some talk long ago of having a customer-updated wiki for these kinds of things, since the hsphere instructions are often poor or features mentioned are not enabled. It would still be a good idea...
  8. Avataar

    Avataar Guppy

    I'm surprised....is it so!!??? How any company can abandon such good product? Is it that they are not developing or have planned to stop?
  9. Stephen

    Stephen US Operations Staff Member

    Parallels wants all to 'upgrade' to their still in progress plesk multi server(10 or less server) or parallels multi server panel(10 or more)

    There have been some minor developments on Hsphere, and will be a few more, but still ironing out all that, but it is not a product in a major way looking to the future.
  10. bro

    bro Perch

    So to revoke my original 'free' certificate now costs $25, and I can't get another one unless I do that, so that the CSR support sent me 'might' work.

    ... (cut everything else I was gonna say)
  11. Penhall

    Penhall Perch

    probably cheaper just to get a $10/year Commodo or RapidSSL cert instead and start over....
  12. bro

    bro Perch

    Yes, I know it...

    Will the CSR sent work for those, too, Stephen?
  13. Stephen

    Stephen US Operations Staff Member

    Yes when we make a 2048bit CSR it is not specific to one issuing company, but good for any.
  14. Penhall

    Penhall Perch

    So, just a question then... will all new cert requests have to go through the ticket system now?
  15. Stephen

    Stephen US Operations Staff Member

    Until a fix is in place, which we will announce, yes.
  16. Penhall

    Penhall Perch

    Thanks Mr. Stephen
  17. Stephen

    Stephen US Operations Staff Member

    Ha, am I really getting that old?!
  18. Penhall

    Penhall Perch

    Maybe ;)

    I suspect you haven't caught up to me yet though so you're still good... actually, you still got a long way to go to get to my decade.
  19. bro

    bro Perch

    Just to report, I got a $8.95 Positivessl certificate and support installed it today (thank you.) In case anyone's still wondering...

    1. Get a dedicated IP.
    2. Ask support to generate the CSR (not hsphere)
    3. Order the certificate
    4. Activate the certificate, sending the CSR to the authority
    5. Send the ssl certificate to support to install.

    There was a large choice of server types when I activated the certificate, including 'hsphere'. I was under the impression we should choose Apache, but I guess that's just for CP certificates. I had to select IIS, as this site is on a win server. The Linux servers should be for Apache/ModSSL (there were 6 different Apache-type servers on the list.)

    Last questions. For reseller CP certificates, is that still the right type of server?

    (That probably all seems obvious now, but doing it wrong cost me $8.95...)


    Youngsters... what would we do without 'em?
  20. Penhall

    Penhall Perch

    Thanks for the step-by-step. I've always chosen IIS when submitting the CSR without issues over the years.

    Somebody has to teach us old-dogs new tricks.

    I bet I can still code circles around them in PASCAL on a Apple 2e or BASIC on an old TRS-80 (if I could only find where I put those 8" Floppies)...

    ... or probably not :evil:

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services