cPanel and ECDSA ECC certificate support ?
I"m using a third party utility (Acme.sh) that should deploy a Letsencrypt ECDSA certificate with a 384-bit ECC key to cPanel using an Uapi command, but a receive this error:
[Wed Jul 4 03:42:52 MST 2018] Error in deploying certificate:
[Wed Jul 4 03:42:52 MST 2018] ---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- "The system could not parse the certificate because of an error: The ASN.1 data is corrupt. Its header indicates a length of 89 bytes, but its content is 97 bytes long."
messages: ~
metadata: {}
status: 0
[Wed Jul 4 03:42:52 MST 2018] Error deploy for domain:test.com
[Wed Jul 4 03:42:52 MST 2018] Deploy error.
I think that this error may be due to the ECDSA ECC certificate used.
Can someone please tell me if cPanel supports ECDSA Ecc certificates ?
Thank You.
-
Hi @glpanel What is the method you're using to run this? You must use a POST request for the call this is discussed here Tutorial - Call UAPI's SSL::install_ssl Function in Custom Code - Developer Documentation - cPanel Documentation The http GET method has a limited field length that does not accommodate this function's input parameters. For this reason, you cannot use the WHM API to call this function. Thanks! 0 -
The plugin code is not using Get or Post methods, but command line call: github.com/Neilpang/acme.sh/blob/master/deploy/cpanel_uapi.sh 0 -
Hi @glpanel It appears you are on to something about the Eliptic Curve Cryptography SSL Certificates - it looks like we have a couple feature requests open to begin supporting them: CPanel to add support for ECDSA (ECC) HTTPS SSL certificates Support Elliptic Curve Cryptography (ECC) Based on the response in the second Feature request they are completely unsupported at this time. I apologize for not realizing this earlier on. Thanks! 0 -
@cPanelLauren, in fact, by issuing and installing a standard Rsa certificate with a 2048-bit key, everything works perfectly. Considering that these certificates are becoming increasingly common in use, perhaps the development team might consider including support for them in the future :) Thanks for the information. 0 -
Hi @glpanel I agree with you and IMO the best way to facilitate more attention to this would be to vote on the feature request, we do weight the interest feature requests garner to prioritize adding items like this to the product. From my discussion with development it does look like this may be a possibility in the future. I believe some of the things we're waiting on are further research into security concerns + transparency with these as well as more browser support for ed25519 Introduction Thanks! 0 -
I voted for the implementation of the ECDSA ECC certificates, although I doubt that, considering the number of votes and the particularity of the function, it can have visibility in the development team. I invite all forum users to evaluate this feature and vote using the links in post #4. 0 -
Hi @glpanel I believe there were some roadblocks to this previously which are no longer in place, so it may not be further off than you think, though I can make no promises. 0 -
Good, I hope this will happen soon. 0 -
Good, I hope this will happen soon.
Hi, are ECC Certificates supported yet?0 -
Hi, are ECC Certificates supported yet?
I am currently using RSA certificates and have not done any further testing, so I can't tell you if new versions of cPanel have added support for this feature. Try to consult release notes.0 -
Hi @KrishR As of now, no they are not, along with checking the release notes as indicated by @glpanel the feature request status will also change to completed when the new feature is added to the product. Thanks! 0 -
Hello, Some news for ECC support? Frank Aguilieri 0 -
Hello @Frank Aguilieri There is no new news for this. Please feel free to add to the discussion in the aforementioned feature request links. Thanks! 0
Please sign in to leave a comment.
Comments
13 comments