H-Sphere version 2.3 and higher allows securing reseller control panels with SSL by allocating either spare IPs or open ports to the control panel server. It is available only for Apache installations of H-Sphere because it uses virtual hosts in the Apache configuration file.

In one reseller plan, you can use either IP-based or Port-based reseller SSL, not both. Although you can set different different types of CP SSL protection for different reseller plans, it's highly recommended to use IP-based Reseller CP SSL in contrast to port-based. The reason for this is that Internet is widely accessed from behind firewalls and proxy servers that don't allow using random ports.

To enable reseller control panel SSL protection:

Step 1: Add and register index.conf file.

1. Log into your control panel server as root.
2. Make sure you have the following line in the /hsphere/local/home/cpanel/apache/etc/httpd.conf file:
   include /hsphere/local/home/cpanel/apache/conf/sites/index.conf
3. Open file ~cpanel/shiva/psoft_config/hsphere.properties
4. Make sure the following variables are there and uncommented:
     Note: If you don't add these variables, Reseller CP SSL won't be working. So make sure to do it.
   • For IP-based SSL:
     RESELLER_SSL_SEC_PORT = 8443
     RESELLER_SSL_INSEC_PORT = 8080
     You may need the ports changed, e.g. to 443 and 80 correspondingly.
     
   • For port-based SSL:
     RESELLER_SSL_PORT_RANGE = 8440, 8444 - 8449, 8451, 8453-8468
     It's a possible range of ports for port-based CP SSL to be created on. Make sure that ports are open.
5. Check if you have the sites directory in the /hsphere/local/home/cpanel/apache/conf/ dir. If you don't, create it:
   mkdir /hsphere/local/home/cpanel/apache/conf/sites
   and make file index.conf inside it:
   touch /hsphere/local/home/cpanel/apache/conf/sites/index.conf
6. Restart H-Sphere.

Step 2: Check Global Resources for Reseller CP SSL in your admin CP.

1. Log into your admin control panel.
2. Select Global Resources in the INFO menu. The following page appears:



3. Make sure that Reseller CP SSL is checked i.e. enabled entirely for the whole system.
   - If they are checked, leave as they are.
   - If they are unchecked, check them and click Submit.
   Note: be careful because unchecking the boxes will disable Reseller CP SSL entirely.
   

Step 3: Include Reseller CP SSL in Reseller Plan Wizards

This step is most important for resellers. For the resellers to be able to secure their control panel, Reseller CP SSL needs to be included in the plan settings:

1. Select Plans in the INFO menu.
2. Click the name of the reseller plan to start the wizard.
3. On the first step of the wizard, scroll down to the Reseller CP SSL section and select the type of CP SSL you want to be enabled in this plan.
   

   

   Note: If you select Disabled, reseller CP SSL will be disabled for all accounts under this plan.
4. Confirm changes in the Plan Wizard by clicking Submit through all steps.

Step 4: Add spare IPs to the control panel server.
*Note: Port-based CP SSL uses CP IP, so skip this step if you are setting port-based SSL.

1. Log into your admin control panel.
2. Click the cp logical server in the list and add Reseller SSL IPs
   Note: for more information refer to the instructions on how to manage servers.

Step 5: Install SSL certificate.

1. Log into reseller control panel.



2. Select DNS Manager in the E.Manager menu and create a DNS Zone if it has not been created before.
3. Select Server Aliases in the E.Manager menu.
4. Add CP Alias that points to the control panel logical server:

   

   The CP alias name should coincide with the domain name you are going to secure.

5. Select CP SSL Manager in the E.Manager menu.
6. On the page that shows, turn on CP Alias to enable it in the system:
   

   

7. On the page that appears, you have two choices:



• Generate a temporary wildcard certificate by clicking the link at the top of the window;
• Enter your existent wildcard certificate by entering it in the form.
8. Click the Submit button to install the certificate.
9. On the page that shows, CP alias turns on. In the Action section you can:



• Click the Edit icon against the alias to edit certificate data or to enter new keys .
• Click the Change icon to change current reseller CP URL to the secured URL you have bought SSL certificate for.

Note: Select DNS Manager in the E.Manager menu. Note that if you have set IP-based CP SSL, cp server alias becomes an A DNS record.

Step 6: It's obligatory to restart CP after CP SSL is set and configured in H-Sphere CP. All settings will take effect only after H-Sphere restart.