XML API :: Install SSL is cabundle required?

morissette

April 29, 2014 15:04

Is the cab option required? So even w/ a cabundle which I believe is just the csr, crt and key concated I get this in the cPanel error log:


[an error occurred while processing this directive][2014-04-29 15:56:53 -0500] warn [xml-api] The system could not parse the certificate because o
f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated
 at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724
 at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72

This is my call:


    my $status = make_request($auth, "installssl?user=$user&domain=$domain&cert=@cert&key=@key&cab=@bundle&ip=$dedicated_ip");


sub make_request {
  my $auth = shift;
  my $params = shift;
  my $url = "https://127.0.0.1:2087/xml-api/" . $params;
  my $ua = LWP::UserAgent->new();
  my $request = HTTP::Request->new( POST => $url );
  $request->header( Authorization => $auth );
  my $response = $ua->request($request);
  my $data = $response->content;
  my $xml = XML::Simple->new;
  $data = $xml->XMLin($data);
  if ( $data->{'status'} ) {
    return $data;
  } else {
    print "[!] Cpanel API returned an error: " . $data->{'statusmsg'} . "\n";
    exit;
  }
}

Statusmsg: [!] Cpanel API returned an error: The certificate appears to be invalid. Additional details: The SSL is self signed. Additionally it works installing with the SSL and Private Key via WHM.

Comments

5 comments

cPanelMichael

April 30, 2014 13:57
Hello :) Have you tried using the input URL directly in your browser? You can URI encode the key and certificate before doing so. A utilitly such as [url=http://www.url-encode-decode.com/]Url Encode/Decode might be helpful. Thank you.
0
morissette

April 30, 2014 14:06
Hello Michael, I have tried both. Additionally I have tried URL Encoding the crt and key and inputing both though the browser and the script. Neither way works however if I go through the WHM installation it works fine. I get the same error either way: (Note: I removed the SSL data and KEY Data for obvious reasons. [an error occurred while processing this directive][2014-04-30 09:02:34 -0500] warn [xml-api] The system could not parse the certificate because o f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724 at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72 Cpanel::SSLInfo::fetchcabundle('-----BEGIN CERTIFICATE----------END CERTIFICATE-----') called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 288 Cpanel::SSLInstall::real_installssl('disclose_user_data', 1, 'domain', 'domain.net', 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'ip', '192.254.227.207', 'ke y', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef) called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 115 Cpanel::SSLInstall::install_or_do_non_sni_update('domain', 'domain.net', 'ip', '192.254.227.207', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef, 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'disclose_user_data', 1) called at /usr/local/cpanel/Whostmgr/XMLUI/SSL.pm line 120 Whostmgr::XMLUI::SSL::installssl('user', 'domain', 'domain', 'domain.net', 'cert', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'ip', '192.254.227.207') called at whostmgr/bin/xml-api line 1843 main::__ANON__(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3497 main::runapp_v0(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3547 main::runapp('installssl', HASH(0x2df4020), HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3421
Before submitting the code I use the subroutine found at /usr/local/cpanel/Cpanel/SSL/Utils.pm to ensure the certificate is valid: sub get_certificate_from_text { my ($text) = @_; $text =~ /^[^-]*(-+\s*BEGIN\s+CERTIFICATE\s*-+[^-]*-+\s*END\s+CERTIFICATE\s*-+)[^-]*$/ms; return ( 1, $1 ) if $1; _get_locale(); return ( 0, $locale->maketext('The certificate text was not valid.') ); }
What am I missing?
0
morissette

April 30, 2014 14:31
Additionally I get the following error when using /scripts/installssl: [root@server]# /scripts/installssl What user is the SSL host for? user Which IP is the SSL host for? 192.254.227.207 [SSL {user:domain} {IP:192.254.227.207}] Paste in your SSL certificate: -----BEGIN CERTIFICATE----- // Edited for privacy -----END CERTIFICATE----- Starting Install..... You cannot install SSL for the domain "domain.net" because neither you nor any of your owned accounts controls a domain with that name.
When the domain exists on the server and I am running as the root user.
0
morissette

April 30, 2014 16:03
As an update it looks like I'm failing in: the validate_ssl_components subroutine in the /usr/local/cpanel/whostmgr/bin/xml-api binary, unfortunately failed attempts at reading the hexdump has led me to wait on you :) The crt and key match: [root@server]# openssl x509 -noout -modulus -in domain.net.cert | openssl md5; \ > openssl rsa -noout -modulus -in domain.key | openssl md5 (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab
So your turn cPanel. Can you help a brother out?
0
cPanelMichael

May 01, 2014 19:15
Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thanks.
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?