The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 192121] Certificate bundle verification failed

Discussion in 'Security' started by sehh, Jun 22, 2015.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    I'm trying to install a wildcard certificate issued by CACERT.org, for all WHM/cpanel services (cPanel/WHM/Dovecot/Exim).

    I copy paste the CRT file, the KEY file and the Class 3 bundle. I see all three boxes with a green checkmark and I click on the "Install" button. Then I get the following error (same error for each service, I'm pasting the last one, which is for the FTP server):

    Code:
    The SSL certificate update failed.
    FTP Server Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
    
    Any suggestions please?

    PS:
    I tried adding a normal certificate issued by GoDaddy and that worked fine.
     
  2. madmanmachines

    madmanmachines Well-Known Member

    Joined:
    Nov 28, 2014
    Messages:
    94
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I have seen this issue as few times in the past and the fault was with the SSL Issuer and their intermediate certificate. I would contact your SSL Issuer's support as a first step.
     
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    I don't think so, because the same certificate works fine on the "old" server. But now that you mention it I'll go check it anyway.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. A valid chain is required to install a non-self signed certificate in cPanel version 11.50. This prevents an issue where the certificate installation succeeds but browsers such as Firefox show the "Untrusted" warning message. Internal case number 192121 is open to address the issue by improving the error message for a missing cabundle during the SSL installation.

    2. Also, if anyone else is experiencing this issue with a different SSL provider, could you please verify the full URL where you obtained the CA bundle?

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Cases 198033 and 198025 were opened to add the cacert.org and GeoTrust Global CA intermediate certs to cabundle.cpanel.net so these fields will populate automatically and the SSL installation won't fail when utilizing those specific CA Bundles.

    Thank you.
     
  6. rains

    rains Registered

    Joined:
    Jun 1, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0

    Dear Support,

    I still see this error:

    Code:
    Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
    On a WHM 11.52.0 (build 21)

    Can you please elaborate on how this can be resolved?

    Many thanks,

    Richard
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you verify the exact steps you are taking to reproduce the issue, in addition to what fields you are populating when installing the certificate?

    Thank you.
     
Loading...

Share This Page