Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Append additional certificates to cabundle?

Discussion in 'Security' started by Jaanus Nurmoja, Nov 16, 2017.

  1. Jaanus Nurmoja

    Jaanus Nurmoja Registered

    Joined:
    Nov 11, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Estonia
    cPanel Access Level:
    Website Owner
    My sites were moved to new CPanel server from another that used DirectAdmin with builtin Let's Encrypt functionality. There, after getting certificates from LE I could paste also additional certificates to the CA bundle, appending them to existing ones. In my case the additional certificates (totally 14) were needed to enable Estonian ID-card authentication. And yes, it worked, although every time the LE certs were renewed I had to paste my own bundle again.

    Unfortunately, I had to admit that I can't do the same with CPanel/AutoSSL. When trying to add something more to the cabundle field, it start to scream that the bundle is invalid When I paste there only the root certificate then this alert doesn't appear but after installed, this additional one is cut off.

    I am using shared host, the CP version is 66.

    My questions:
    1. what could I do (and/or my hosting provider) just now to enable additional certs for my site(s)?
    2. would it be possible to improve Cpanel so that we could install also custom cabundle(s) and AutoSSL wouldn't overwrite them?
    Many thanks!
     
  2. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    258
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    The way this is generally handled is by adding them to your server's trust store:
    Certificate Installation with OpenSSL - Other People's Certificates

    However, as you are using a shared host, I don't think most admin's would like adding them as it would affect all users on the server. Regarding the improvement from a cPanel side, our checks are done through OpenSSL. So if it's reporting invalid, I believe we will honor that because OpenSSL reports a trust issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice