Any issues with reseting a WHM Self-assigned service SSL certificate?

4
votes

I got a few e-mails yesterday warning me that some of my WHM self-assigned SSL certificates are going to expire. I did not setup the WHM originally, but according to their documentation self-assigned certificates are usually created during the WHM installation.

Services that need a new certificate:

cPanel/WHM/Webmail Service Exim (SMTP) Server Dovecot Mail Server FTP Server

  • All on the same domain (which is our main domain that we use to access whm).

All current services have self-assigned certificates. I don't know the point of having a self-assigned certificates if they create browser errors anyway.

So I guess I have 2 questions:

  1. Are there any issues that could arise from resetting the current certificates?

  2. Do I have to have a certificate at all? Our main domain (that has all these certificates) doesn't use SSL.

1
ssl-certificatewhm

1 Answers

2
votes

I'm afraid I don't have experience of WHM, but I do have experience with ssl certificates, so hopefully this will be helpful anyway.

  1. If there are any existing clients who have been using the services over SSL, they will have already been accepting the existing self-signed certificates, so they should be able to accept the new ones. Whether this will happen automatically probably depends on the client.

  2. You say your main domain doesn't use ssl. However, are you just talking about a website? Are there, for example, email clients which are talking to your Exim server using secure SMTP or to dovecot using secure IMAP for example? If so, then they'd need the server to provide an ssl certificate (and they may need to accept the new self-signed certificate).

Self-signed certificates will cause browser security exceptions that need to be accepted by users and they don't provide a guarantee of identity in the same way that 'proper' certificates do, but at least they enable encryption to be used for communication.