Saturday, September 10, 2011

New SSL Certificate for the Apollo Server

A new SSL certificate was installed for all shared hosting and services (mail, FTP) on the Apollo server. Depending on the email client/software you use, you may need to re-accept the certificate for email, and/or also re-accept the certificate in your browser (or create a new exception).



This will need to be done any time a new certificate is installed or renewed (and in this case we changed from using Equifax to using GeoTrust certificates). The hostname will always be the same, only the validity dates change. The big, bad, scary warnings that your browser gives you, claiming "No valid site would ask you to do this" aren't technically true. Millions upon millions of websites use shared hosting.



They write these warnings to scare the crap out of people, because - in general - that's the only way people pay attention. The unfortunate part is these warnings are both overkill and technically untrue...and quite often the user clicks the red "X", closes their browser, unplugs their computer, hides under their desk...then calls me to complain the next day.

This is how shared hosting, and SSL encryption is *supposed* to work.

An SSL certificate can only be given to one hostname and one single IP. A shared hosting server contains many domains/accounts, all using the same IP. The shared hosting servers' SSL certificate that's used by all services (email, FTP, cPanel logins, etc) is assigned to the servers' hostname. Typically when you login to cPanel you use your own domain name, i.e. - yourdomain.com/cpanel (or yourdomain.com:2083).

What your browser (or email client) is alerting you to is that the domain name (our server) on the SSL certificate is different than the domain you're logging into (your domain on our server). That's all. They're trying to alert you in case you're not aware that the names are different. In this case, you *are* aware, and can verify that by viewing the certificate and verifying that the servers' hostname and our name are there on the certificate.



Many "discount hosting companies" use self-signed certificates, but we go the extra mile and provide high quality encryption for you, with a purchased SSL certificate from a recognized vendor (in this case GeoTrust).

If you have any questions about this please feel free to ask.