I logged in to my websites CPanel and I noticed the URL was not a https but a http url and so I emailed my hosting service and asked them if the CPanel was secure. This is their answer. "Thank you for contacting support. The link mysite:2082 is secure, the port :2082 itself uses RIP-2 MD5 Authentication to keep passwords and sensitive information safe. Even though https isn't showing in the URL, rest assured the information is encrypted. Once you start a connection with cpanel through mysite:2082 it essentially creates a "tunnel" with our servers and any and all information that is passed between the two during the session is encrypted with an algorithm so that even if someone got a hold of the packets they wouldn't be able to read them because their encrypted." Calomel shows this connection to be insecure and my question is can a site that shows a http url be secure, and can Calomel show a site to be insecure when it is in fact secure? I'm really kind of concerned about the security of my CPanel, although when I log in to the CPanel I do get a CP in the address bar that show the message, "This site does not supply identity information. Jim
I highlighted the BS. No certificate - no dice. That's the whole point of the certificates! I wouldn't accept that for a minute. There should be a certificate at 2082 2083 for secure log-ins. They are doing something out of the ordinary with cPanel for sure. Is it a small hosting company?
For CPanel (end user panel) as said port 2082 is non-ssl and port 2083 is SSL. Therefore change your url to https://mysite:2083 and it should work fine.
I believe it is a relatively small company. I tried the 2083 port and I get an untrusted certificate warning, says it is self-signed. I've been with them for some time and I believe them to be honest but I don't understand what's going on with the Cpanel issue. Jim
Either they are lying or they don't know what they are doing. Seems like they claim the connection is internally encrypted but that doesn't help you as your connection to the site isn't and can't ever be encrypted. You should really follow up on this and ask why they didn't tell you about the https://mysite:2083 option. The self-signed certificate isn't a security issue. You could go as far as to verify the cert over phone.