The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED autossl certs - not verifying for external sites, but fine in browser?

Discussion in 'Security' started by morrow95, Dec 11, 2016.

Tags:
  1. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    104
    Likes Received:
    2
    Trophy Points:
    168
    I went ahead and enabled autossl a week or so ago. Everything has pretty much worked without problems until recently. I use curl to 'talk' with an order processor we use on our sites... things like receiving order info or sending info to them and what not which allows us to automate tasks on both sides of things when an order is processed through scripts - such as doing database work. Upon changing over to ssl I found that these automated scripts using the order processors api were failing, but not all the time - it seemed random at first until I realized what was happening.

    The error being thrown was this :

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

    I spent the better part of two days going over things, trying things, and so on to figure out why this was happening. In the end I was confident this was not something on our side of things. Working with the order processor we were able to find the cause of the issue. The scripts were failing because OUR ssl cert wasn't verifying properly for THEM. I didn't get any full details other than that, but I assume it had to do something with curl so probably CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_SSL_VERIFYPEER => 1 or something similar.

    My question is... why are the autossl certs failing their verification? The certs show perfectly fine in all browsers with no errors so why would this happen with our order processor?

    Is this because they are DV certs or is there some other underlying reason for this? In the meantime our order processor has essentially 'whitelisted' us so the cert verification is bypassed and our api scripts work with ssl/https, but I would really like to try and figure this out more.

    Has anyone else experienced anything like this with their autossl certs or have any hints as to why it is not validating for them? Could it be they just need to update their cert authority bundles or...?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible that specific company does not accept domain-validated SSL certificates, however there's no way to know for sure without receiving confirmation from their administration team. I recommend reaching out to them again to have them review one of the certificates and determine why it fails to meet their qualifications.

    Thank you.
     
Loading...

Share This Page