The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Certificate verification failed

Discussion in 'Security' started by difepape, May 11, 2016.

Tags:
  1. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi, I´ve this error trying to install a SSl Certificate, using the WHM tool, any suggestion please?
    Code:
    Certificate verification failed! Certificate verified: stdin: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = [EMAIL]ca@trustwave.com[/EMAIL] error 20 at 1 depth lookup:unable to get local issuer certificate
    • CENTOS 6.7 x86_64 xenhvm –
    • [WHM 56.0 (build 14)
    • Trustwave Certificate
    • With Chain (CA bundle)
    upload_2016-5-11_16-32-27.png

    Thanks

    Fernando
     
    #1 difepape, May 11, 2016
    Last edited by a moderator: May 11, 2016
    Olof likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:

    Code:
    openssl version
rpm -qa | grep openssl
    Thank you.
     
    #2 cPanelMichael, May 26, 2016
    Olof likes this.
  3. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi this is the output:

    Code:
    # openssl version
OpenSSL 1.0.2g  1 Mar 2016

# rpm -qa | grep openssl
openssl-devel-1.0.1e-42.el6_7.4.x86_64
openssl-1.0.1e-42.el6_7.4.i686
openssl-1.0.1e-42.el6_7.4.x86_64
    Thanks for your help
     
    #3 difepape, May 26, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system?

    Thank you.
     
    #4 cPanelMichael, May 26, 2016
  5. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi Michael, thanks for your support, now I´ve the Certificates installed, however continue with a subdomain problem, you can help me with this last issue please?

    Thanks

    Fernando

     
    #5 difepape, May 29, 2016
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you elaborate on the specific subdomain problem you are facing?

    Thank you.
     
    #6 cPanelMichael, May 31, 2016
  7. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I'm having the same problem when AutoSSL is trying to install a certificate, also likely due to manually installed openSSL:

    # openssl version
    OpenSSL 1.0.2j 26 Sep 2016

    # rpm -qa | grep openssl

    openssl-1.0.1e-48.el6_8.3.x86_64
    openssl-devel-1.0.1e-48.el6_8.3.x86_64


    We however, MUST, use 1.0.2j or later. So what can I do to make AutoSSL be able to install certificates again?
     
    #7 Olof, Jan 20, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Olof,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    #8 cPanelMichael, Jan 24, 2017
  9. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator

    Thanks Michael!

    I have verified my suspicions by removing OpenSSL 1.0.2j (2016), and then WHM can install certs again. However, the problem is that I very much need that version to be use all throughout the system. So how do I get WHM to behave while having this installed? OR have the old version in a separate location and make WHM use that only when installing certs?

    The old version is 4 years old (OpenSSL 1.0.1e-fips 11 Feb 2013) - that is a long time.

    Support Request ID is: 8151305
     
    #9 Olof, Jan 25, 2017
  10. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I got back word from cpanel-support (not Michael), saying it is impossible for WHM to work correctly with newer versions of openSSL.

    If anyone else is having similar problems, there are only two solutions:

    1, Roll back openSSL to the archaic version and move the newer one to /opt/openssl then rebuild everything that need a modern openSSL to look there instead.
    2, Start using something else than CPanel/WHM
     
    #10 Olof, Jan 25, 2017
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,630
    Likes Received:
    1,136
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    #11 cPanelMichael, Jan 25, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Certificate verification failed
  1. lhoezee

    SOLVED SSL::install_ssl - Certificate verification failed! UNABLE_TO_VERIFY_LEAF_SIGNATURE

    lhoezee, Feb 26, 2017, in forum: cPanel Developers
    Replies:
    3
    Views:
    508
    Infopro
    Feb 27, 2017
  2. AMB

    Certificate verification failed

    AMB, Jul 7, 2016, in forum: Security
    Replies:
    1
    Views:
    311
    cPanelMichael
    Jul 11, 2016
  3. neilb2

    Jailshell access to /etc/pki/ files for certificate verification

    neilb2, Nov 6, 2015, in forum: General Discussion
    Replies:
    3
    Views:
    403
    cPanelMichael
    Nov 12, 2015
  4. epaslv

    New Thread AutoSSL produces invalid certificate after transfer

    epaslv, Jun 23, 2017 at 9:41 PM, in forum: General Discussion
    Replies:
    3
    Views:
    19
    24x7serversecurity
    Jun 24, 2017 at 9:43 AM
  5. itmonitor

    Is Comodo SSL in AutoSSL a self-signed certificate?

    itmonitor, Jun 22, 2017 at 1:25 AM, in forum: Security
    Replies:
    2
    Views:
    55
    cPanelMichael
    Jun 22, 2017 at 9:14 AM

Share This Page