Community Forums
Connect with us on LinkedIn
Community Notice
SSL CSR emails sensitive information
  
+ Reply to Thread
Results 1 to 4 of 4
  1. 08-20-2008 12:31 PM #1
    cpanelquestions
    cpanelquestions is offline
    Registered User
    Join Date
    May 2006
    Posts
    1

    Exclamation SSL CSR emails sensitive information

    Why does the CSR process insist on emailing the requests??? email is not secure and doing this automatically compromises the certificate by emailing the private key and its password!

    Is there a way to turn OFF this behavior? This information should be stored in a file on the server that can only be accessed with root login to WHM, NOT emailed across the universe!
    Reply With Quote Reply With Quote
  2. 11-25-2008 08:30 AM #2
    prashantp786
    prashantp786 is offline
    Registered User
    Join Date
    Jul 2007
    Posts
    3

    Default same query here

    Hello,

    I have same confusion with this.

    Is any alternative to put the csr information on the server and will be get through ssh.

    thanks

    Regards,
    PrashantP786
    Reply With Quote Reply With Quote
  3. 11-26-2008 12:47 AM #3
    stokkeland
    stokkeland is offline
    Registered User
    Join Date
    Nov 2008
    Posts
    3

    Default

    cpanel developers probably doesnt care about security - they just follow the trend of making it easy to get a certificate so that people who doesnt understand what ssl is thinks the whole website/server/data/application is secure because it shows https:// and has a nice security seal... ok that was probably slightly sarcastic

    security-wise I dont think the pkey should be generated at the server at all, and definetely not in non-ssh mode whm login - it should be on an isolated system on a network that does not have any systems doing fun stuff (no browsing, no IM, no irc, no email, etc) - wether its wintendo, mac or linux you can just download and install openssl and create your own pkey and csr locally.
    (I think a pkey should be treated nearly as safely as a gpgp/pgp key, see www.gnupg.org for how they recommend keeping it on removable media and only use it on a completely offline machine).

    Generate Private Key
    $ openssl genrsa -des3 -out keyfile 1024

    Generate CSR, (Common name is domain name, skip all optionals)
    $ openssl req -new -key keyfile -out csrfile

    Remove encryption from a key (needed to get a clear copy to past in the install dialog in whm, make sure you are using whm in ssl mode before doing so)
    $ openssl rsa -in keyfile

    Generate self signed cert - if that is all you want for testing
    $ openssl x509 -req -days 360 -in csrtfile -signkey keyfile -out certfile
    Reply With Quote Reply With Quote
  4. 11-26-2008 05:44 AM #4
    prashantp786
    prashantp786 is offline
    Registered User
    Join Date
    Jul 2007
    Posts
    3

    Default csr key generate

    Hello,

    Thanks, It's too good.

    Regards,
    PRash
    Reply With Quote Reply With Quote
«   Adding custom mail aliases? | help on cpanel license »     
Similar Threads & Tags
Similar threads

  1. 2048 bit SSL CSR
    By optize in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 05-27-2011, 07:31 PM
  2. cannot generate SSL csr !!
    By dhecker in forum cPanel and WHM Discussions
    Replies: 3
    Last Post: 07-03-2005, 12:32 PM
  3. SSL CSR blank
    By JamesSmith in forum cPanel and WHM Discussions
    Replies: 6
    Last Post: 11-01-2004, 07:54 PM
  4. cannot generate CSR for SSL; getting error
    By networxhosting in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 02-05-2004, 04:19 PM
  5. Problems generating SSL CSR
    By kcdworks in forum cPanel and WHM Discussions
    Replies: 1
    Last Post: 04-22-2003, 09:48 PM
Tags for this Thread
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube