finding the current install SSL from SSH

Daniel Berthiaume

• May 03, 2018 13:44

Hi, I"m currently working on an automated solution to have Nginx as a reverse proxy for all HTTPS traffic. But for this solution to be feasible, my script need to be able to get the current installed SSL on a domain. Currently, I can easily parse through the ssl.db file from each hosting, but the problem occurs when some of those file show more than one installed SSL for the same domain. Here an example of an output I get with the UAPI which if giving me the same result as the ssl.db yaml file: root@web [/home/mca/ssl]# uapi --user=mca SSL list_certs --- apiversion: 3 func: list_certs module: SSL result: data: - created: '1462902596' domain_is_configured: 1 domains: - www.example.com - example.com friendly_name: www.example.com and example.com 2 id: www_example_com_d3b4a_... is_self_signed: 0 issuer.commonName: GeoTrust EV SSL CA - G4 issuer.organizationName: GeoTrust Inc. issuer_text: "\nGeoTrust EV SSL CA - G4" modulus: d.... modulus_length: 4096 not_after: '1528588799' not_before: '1462838400' signature_algorithm: sha256WithRSAEncryption subject.commonName: www.m105.ca subject_text: "..." validation_type: ev - created: '1517513665' domain_is_configured: 1 domains: - www.example.com - mexample.com friendly_name: Cert for "example.com" id: www_example5_com_c0061_... is_self_signed: 0 issuer.commonName: GeoTrust EV RSA CA 2018 issuer.organizationName: DigiCert Inc issuer_text: "\nwww.digicert.com\ncommonName\nGeoTrust EV RSA CA 2018" modulus: c..... modulus_length: 4096 not_after: '1528545600' not_before: '1517443200' signature_algorithm: sha256WithRSAEncryption subject.commonName: www.example.com subject_text: "..." validation_type: ev errors: ~ messages: ~ metadata: transformed: 1 status: 1
My question id how can I get the actual installed SSL for the hosting? Even the uapi SSL:: fetch_best_for_domain (uapi --user=myuser SSL fetch_best_for_domain domain=example.com) function didn"t return the same SSL that is listing inside the user cPanel GUI interface.

• 

  cPanelMichael

  • May 03, 2018 18:58

  Hello @Neutrall, The

  0
• 

  cPanelMichael

  • May 03, 2018 19:09

  Hello @Neutrall, On a side note, in cPanel & WHM version 72 we're adding a Standardized Hook that triggers events before and after the installation or changes to SSL certificates via WHM's Install an SSL Certificate on a Domain interface or WHM API 1's installssl function. This is in addition to a separate Standardized Hook we're adding for AutoSSL certificate installations. Thank you.

  0
• 

  sparek-3

  • May 03, 2018 19:36

  I would probably recommend using whmapi1 for this, the fetch_ssl_vhosts API call. The UAPI interface isn't going to work if the account you are checking doesn't have the SSL feature enabled. Now, perhaps all of your accounts have this. But we don't typically allow this in our cPanels, we install certificate ourselves using the WHM (or the whmapi1 API). cPanel wants to move everything over to UAPI for better permission control, but it's not all that useful to me because the permission control become a burden. This is also why we will probably never see a "Park a domain" API call added to whmapi1, cPanel wants to control the permissions on that with UAPI (but that's getting off topic). When you run whmapi1 fetch_ssl_vhosts, look for the data->vhosts->crt->servername object. Then take that value (for each vhost installed certificate) and find the combined certificate information in /var/cpanel/ssl/apache_tls/%servername%/combined

  0
• 

  Daniel Berthiaume

  • May 03, 2018 19:57

  Thank you @cPanelMichael, This is giving me the proper value, now I just have to find the proper way to get all this information together so I can have it ready for Nginx proxy!. Thank you! Also, thanks @sparek-3 for the alternative, chances are that I might also take a look on your suggestion!

  0

Please sign in to leave a comment.