HowTo Setup a Wildcard SSL Cert in CPANEL / WHM running Apache 2

After reading several blogs saying this was not possible I almost gave up on this, but finally got it working - wohoo!

After installing the wildcard cert and setting it as the shared ssl cert in whm, any subdomain would take me to the website owned by the user I installed the cert for. This was a big clue so I tried installing it for user nobody. After that every https://subdomain.server.com took me to the default cpanel "your server is running page". In the end I could not get it to magically work, but I was able to find a simple solution, much simpler than creating a bunch of apache rewrite rules or installing seperate ips for each domain wich was the solution I was finding in the forums.

Ok, so here is how to do it step by step starting with purchasing your wildcard cert.

  1. Generate the Certificate Signing Request (CSR) in WHM / CPANEL make sure you enter the host as *.domain.com or www*.domain.com
  2. Purchase the wildcard certificate using the CSR you generated
  3. Click Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com - enter the servers shared ip for the ip address
  4. For each subdomain you want to use the shared cert for, repeat step 3, but replace *.domain with subdomain.domain.com and set the user to the user for subdomain.domain.com

Thats it!

Note: This no longer works in WHM v11.24.2
You can still setup multiple subdomains using a wildcard cert on the shared ip, but you have to manually edit your httpd.conf file.

Example VirtualHost Entry: For mysite.com owned by user fred where the wildcard cert is installed for *.myserver.com

<VirtualHost 192.168.1.100:443>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /home/fred/public_html
    ServerAdmin fred@mysite.com
    UseCanonicalName off
    Options -ExecCGI -Includes
    RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
    CustomLog /usr/local/apache/domlogs/mysite.com combined
    CustomLog /usr/local/apache/domlogs/mysite.com-bytes_log "%{%s}t %I.\n%{%s}t %O ."
    ## User fred # Needed for Cpanel::ApacheConf
    <IfModule mod_suphp.c>
        suPHP_UserGroup fred fred
    </IfModule>
    <IfModule concurrent_php.c>
        php4_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/lib/
php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        php5_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/local/lib
/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/l
ib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/local/
lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "/home/fred:/usr/lib/php:/usr/php4/l
ib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        </IfModule>
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup fred fred
    </IfModule>
    ScriptAlias /cgi-bin/ /home/fred/public_html/cgi-bin/
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/ssl/certs/*.myserver.com.crt
    SSLCertificateKeyFile /etc/ssl/private/*.myserver.com.key
        SSLCACertificateFile /etc/ssl/certs/*.myserver.com.cabundle
    ErrorLog /usr/local/apache/domlogs/mysite.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/mysite.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/fred/public_html/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    # To customize this VirtualHost use an include file at the following location
    # Include "/usr/local/apache/conf/userdata/ssl/2/fred/mysite.com/*.conf"

</VirtualHost>

Notice the las two commented lines. If you want to make sure that cpanel doesn't overwrite your changes you should save this virtual host defenition in /usr/local/apache/conf/userdata/ssl/2/fred/mysite.com/mysite.com.conf.