Self-signed SSL Certificate Warnings

Self-signed SSL Certificate Warnings

Many customers who are purchasing their first server/trying to entering their cPanel services (webmail/cpanel/whm) using their own domain using https:// with XeonBD are surprised to see a foreboding warning in their browser the first time they log on to their control panel:
Although the warning looks alarming, there is no reason to think that your new server is insecure.

Both cPanel and Plesk use secure connections on their control panels; the security of those connections is provided by SSL certificates. Out of the box, both Plesk and cPanel use a type of certificate known as a self-signed certificate. Self-signed certificates work exactly like a certificate purchased through an SSL Certificate Authority, except that they are NOT signed by a Certificate Authority. Instead they are signed by your server; hence the term “self-signed”. That is the only difference. Apart from that, the encrypted connection using a self-signed certificate is as secure as any other SSL connection.
So why do most browsers throw that scary-looking error? The answer lies in the role that certificate authorities play. Certificate authorities perform various checks to see that whoever is purchasing the certificate is who they say they are. Browsers assume that a site that uses an ssl certificate that has been vetted by a certificate authority is safer than a site that does not.

Making The Error Disappear

While it is entirely safe to connect to your server using the self-signed certificate, you may want to make that error disappear so your customers never see it. To do this, you will have to install an SSL certificate for the control panel you are using. Instructions for doing that in cPanel can be found by contacting our sales .