Support Services

Fast and professional to support your business
Welcome, Guest
Username: Password: Remember me

TOPIC: Forced SSL and subdomain

Forced SSL and subdomain 6 years 2 months ago #3053

Hello,

Will the combination of WHMCS and Joomla work when WHMCS resides on a subdomain and ssl is forced through the .htaccess file? That subdomain does reside on the same server but has a separate ip address from the SSL certificate of the main domain.

Or are there other ways to force ssl on WHMCS when it's simply on a subfolder of the main domain and uses that ssl certificate?

Basically, I just want WHMCS to always be secured.
The administrator has disabled public write access.

Re: Forced SSL and subdomain 6 years 2 months ago #3054

  • mmstudio
  • mmstudio's Avatar
  • Offline
  • Junior Boarder
  • Posts: 20
  • Karma: 0
use ssl with wildcards *.yourdomain.com that way all subdomains will be secured with ssl as long as you use links with https:
You cam use startssl verified level 2 for 50 usd for thata and u can use that ssl cert on unlimited domains.
The administrator has disabled public write access.

Re: Forced SSL and subdomain 6 years 2 months ago #3060

  • Justin
  • Justin's Avatar
  • Offline
  • User is blocked
  • Posts: 827
  • Thank you received: 1
  • Karma: 0
panzerknacker;3053 wrote:
Will the combination of WHMCS and Joomla work when WHMCS resides on a subdomain and ssl is forced through the .htaccess file? That subdomain does reside on the same server but has a separate ip address from the SSL certificate of the main domain.

Or are there other ways to force ssl on WHMCS when it's simply on a subfolder of the main domain and uses that ssl certificate?

Basically, I just want WHMCS to always be secured.

This is correct:
use ssl with wildcards *.yourdomain.com that way all subdomains will be secured with ssl as long as you use links with https:
We ran into the same problem only recently. We purchased a Wildcard Server Certificate from DomainPar and needed to apply this to our site on all subdomains and of course, our main domain. We've done this in effort to offer even further protection for our customers.

The problem we ran into is the wildcard SSL is only good for subdomains. So if you're read my blog post about Canonical URLs, I mentioned the www. prefix is a subdomain.

When installing the certificate, we had to use *.gohigheris.com and it correctly https all the subdomains. Problem was, it was not protecting the main directory: [url:ge5ct2q7]gohigheris.com[/url] which we had redirected from [url:ge5ct2q7]www.gohihgeris.com[/url] . What we learned was there is no way to SSL the root on a wildcard SSL certificate without using [url:ge5ct2q7]www.gohigheris.com[/url] as the prefix. www. is the subdomain therefore we are forced to use it with our own website.

As far as WHMCS, it's best not to force SSL over the entire WHMCS installation. Let WHMCS use the SSL as it normally would so in this case, our site, the client portal is not SSL because WHMCS manages the use of it. However, when we go into a protected area like the client login or client portal or any of the pages in WHMCS, the ssl is used where needed. Then, on the rest of the site we have forced SSL and are using SSL for everything else including the forum because it too has information where SSL is needed.

Hopefully this information will assist you in setting this up. Feel free to ask more questions if needed.

Thank you mmstudio for your reply as well and thank you both for posting this in the forum so that we can all benefit and learn from the replies.
The administrator has disabled public write access.

Re: Forced SSL and subdomain 5 years 8 months ago #4280

  • cresona
  • cresona's Avatar
  • Offline
  • Junior Boarder
  • Posts: 30
  • Karma: -1
What we learned was there is no way to SSL the root on a wildcard SSL certificate without using www.gohigheris.com as the prefix. www. is the subdomain therefore we are forced to use it with our own website.

Wildcard SSL certs are classed as UCC's or Unified Communication Certificates and require a SAN (subject alternative name) to secure the root ([url:1dfh05fr]gohigheris.com[/url]) domain. If you don't specify a SAN, the root falls outside the scope of the SSL cert and it will throw a security warning.

Log in to your Thawte SSL setup panel and add a SAN name for gohigheris.com. Most companies charge for extra SAN's unless you already have an EV/Wildcard cert.

I'm not a fan of the www prefix, it's archaic and no longer relevant to the web in its present form. That said, I'm not keen on UCC's either but hey, each to their own ;)
The administrator has disabled public write access.

Re: Forced SSL and subdomain 5 years 8 months ago #4281

  • Justin
  • Justin's Avatar
  • Offline
  • User is blocked
  • Posts: 827
  • Thank you received: 1
  • Karma: 0
Good info Cresona, thank you much. I'll have to take a closer look at that option of SAN name.
The administrator has disabled public write access.
Time to create page: 0.042 seconds
Powered by Kunena Forum