Append additional certificates to cabundle?
My sites were moved to new CPanel server from another that used DirectAdmin with builtin Let's Encrypt functionality. There, after getting certificates from LE I could paste also additional certificates to the CA bundle, appending them to existing ones. In my case the additional certificates (totally 14) were needed to enable Estonian ID-card authentication. And yes, it worked, although every time the LE certs were renewed I had to paste my own bundle again.
Unfortunately, I had to admit that I can't do the same with CPanel/AutoSSL. When trying to add something more to the cabundle field, it start to scream that the bundle is invalid When I paste there only the root certificate then this alert doesn't appear but after installed, this additional one is cut off.
I am using shared host, the CP version is 66.
My questions:
- ]
- what could I do (and/or my hosting provider) just now to enable additional certs for my site(s)?
- would it be possible to improve Cpanel so that we could install also custom cabundle(s) and AutoSSL wouldn't overwrite them?
-
The way this is generally handled is by adding them to your server's trust store: Certificate Installation with OpenSSL - Other People's Certificates However, as you are using a shared host, I don't think most admin's would like adding them as it would affect all users on the server. Regarding the improvement from a cPanel side, our checks are done through OpenSSL. So if it's reporting invalid, I believe we will honor that because OpenSSL reports a trust issue. 0
Please sign in to leave a comment.
Comments
1 comment