The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Certificate verification failed

Discussion in 'Security' started by difepape, May 11, 2016.

Tags:
  1. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi, I´ve this error trying to install a SSl Certificate, using the WHM tool, any suggestion please?
    Code:
    Certificate verification failed! Certificate verified: stdin: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = [EMAIL]ca@trustwave.com[/EMAIL] error 20 at 1 depth lookup:unable to get local issuer certificate
    
    • CENTOS 6.7 x86_64 xenhvm –
    • [WHM 56.0 (build 14)
    • Trustwave Certificate
    • With Chain (CA bundle)
    upload_2016-5-11_16-32-27.png

    Thanks

    Fernando
     
    #1 difepape, May 11, 2016
    Last edited by a moderator: May 11, 2016
    Olof likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:

    Code:
    openssl version
    rpm -qa | grep openssl
    Thank you.
     
    Olof likes this.
  3. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi this is the output:

    Code:
    # openssl version
    OpenSSL 1.0.2g  1 Mar 2016
    
    # rpm -qa | grep openssl
    openssl-devel-1.0.1e-42.el6_7.4.x86_64
    openssl-1.0.1e-42.el6_7.4.i686
    openssl-1.0.1e-42.el6_7.4.x86_64
    
    Thanks for your help
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system?

    Thank you.
     
  5. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi Michael, thanks for your support, now I´ve the Certificates installed, however continue with a subdomain problem, you can help me with this last issue please?

    Thanks

    Fernando

     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you elaborate on the specific subdomain problem you are facing?

    Thank you.
     
  7. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I'm having the same problem when AutoSSL is trying to install a certificate, also likely due to manually installed openSSL:

    # openssl version
    OpenSSL 1.0.2j 26 Sep 2016

    # rpm -qa | grep openssl

    openssl-1.0.1e-48.el6_8.3.x86_64
    openssl-devel-1.0.1e-48.el6_8.3.x86_64


    We however, MUST, use 1.0.2j or later. So what can I do to make AutoSSL be able to install certificates again?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Olof,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator

    Thanks Michael!

    I have verified my suspicions by removing OpenSSL 1.0.2j (2016), and then WHM can install certs again. However, the problem is that I very much need that version to be use all throughout the system. So how do I get WHM to behave while having this installed? OR have the old version in a separate location and make WHM use that only when installing certs?

    The old version is 4 years old (OpenSSL 1.0.1e-fips 11 Feb 2013) - that is a long time.

    Support Request ID is: 8151305
     
  10. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I got back word from cpanel-support (not Michael), saying it is impossible for WHM to work correctly with newer versions of openSSL.

    If anyone else is having similar problems, there are only two solutions:

    1, Roll back openSSL to the archaic version and move the newer one to /opt/openssl then rebuild everything that need a modern openSSL to look there instead.
    2, Start using something else than CPanel/WHM
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page