amuck-landowner

HOW TO: Force SSL and increase security in cPanel

mitgib

New Member
Verified Provider
Code:
To score an A- at <a href="https://www.ssllabs.com/ssltest/index.html" target="_blank">https://www.ssllabs.com/ssltest/index.html</a> you will need to adjust the Cipher Suite used in WHM for apache.  In WHM navagate to Service Configuration »Apache Configuration »Global Configuration and in the Cipher Suite section tick the 3rd radio and fill in the following<br />
<pre><span>ALL:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP</span></pre>
<br /><img src="https://hostigation.com/billing/assets/img/cipher.PNG" alt="cipher" width="760" height="430" /><br />You may also wish to force HSTS <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank">(</a><a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security" target="_blank">Strict-Transport-Security)</a> which is going to depend which version of apache you are running, assuming you are running apache 2.4 make the following directory <br />
<pre>mkdir -p /usr/local/apache/conf/userdata/ssl/2_4</pre>
<br />Now create 2 more directories  <br /><pre>cd /usr/local/apache/conf/userdata/ssl/2_4<br />mkdir -p $username/$domain<br /></pre><br />$username is the cPanel username and $domain is the domain you wish to enable HSTS<br />Now create a file hsts.conf and include the following<br /><br />
<pre id="aeaoofnhgocdbnbeljkmbjdmhbcokfdb-mousedown">&lt;IfModule mod_headers.c&gt;
        # Use HTTP Strict Transport Security to force client to use secure connections only
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
&lt;/IfModule&gt;</pre>
<br />Rebuild httpd.conf and restart apache<br />
<pre><br />/usr/local/cpanel/bin/build_apache_conf<br />service httpd restart</pre>
<br />Now all traffic to this domain will be forced to https:// <br /><br />
 
Last edited by a moderator:

wlanboy

Content Contributer
To score an A- at https://www.ssllabs.com/ssltest/index.html you will need to adjust the Cipher Suite used in WHM for apache.  In WHM navagate to Service Configuration »Apache Configuration »Global Configuration and in the Cipher Suite section tick the 3rd radio and fill in the following:
 

ALL:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXPYou may also wish to force HSTS (Strict-Transport-Security) which is going to depend which version of apache you are running, assuming you are running apache 2.4 make the following directory:
 

mkdir -p /usr/local/apache/conf/userdata/ssl/2_4Now create 2 more directories:

cd /usr/local/apache/conf/userdata/ssl/2_4
mkdir -p $username/$domain$username is the cPanel username and $domain is the domain you wish to enable HSTS
Now create a file hsts.conf and include the following

<IfModule mod_headers.c>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>Rebuild httpd.conf and restart apache:

/usr/local/cpanel/bin/build_apache_conf
service httpd restartNow all traffic to this domain will be forced to https:// 
 
Top
amuck-landowner