Certificate verification failed

difepape

Registered
May 11, 2016
4
1
53
Colombia
cPanel Access Level
Root Administrator
Hi, I´ve this error trying to install a SSl Certificate, using the WHM tool, any suggestion please?
Code:
Certificate verification failed! Certificate verified: stdin: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = [EMAIL][email protected][/EMAIL] error 20 at 1 depth lookup:unable to get local issuer certificate
  • CENTOS 6.7 x86_64 xenhvm –
  • [WHM 56.0 (build 14)
  • Trustwave Certificate
  • With Chain (CA bundle)
upload_2016-5-11_16-32-27.png

Thanks

Fernando
 
Last edited by a moderator:
  • Like
Reactions: Olof

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello,

I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:

Code:
openssl version
rpm -qa | grep openssl
Thank you.
 
  • Like
Reactions: Olof

difepape

Registered
May 11, 2016
4
1
53
Colombia
cPanel Access Level
Root Administrator
Hello,

I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:

Code:
openssl version
rpm -qa | grep openssl
Thank you.
Hi this is the output:

Code:
# openssl version
OpenSSL 1.0.2g  1 Mar 2016

# rpm -qa | grep openssl
openssl-devel-1.0.1e-42.el6_7.4.x86_64
openssl-1.0.1e-42.el6_7.4.i686
openssl-1.0.1e-42.el6_7.4.x86_64
Thanks for your help
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system?

Thank you.
 

difepape

Registered
May 11, 2016
4
1
53
Colombia
cPanel Access Level
Root Administrator
The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system?

Thank you.
Hi Michael, thanks for your support, now I´ve the Certificates installed, however continue with a subdomain problem, you can help me with this last issue please?

Thanks

Fernando

This SSL certificate was already installed.

The SSL website is now active and accessible via HTTPS on this domain:

  • mydomain.com
The SSL certificate also supports these domains, but these domains do not refer to the SSL website mentioned above:
  • subdomain.mydomain.com
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
however continue with a subdomain problem, you can help me with this last issue please?
Could you elaborate on the specific subdomain problem you are facing?

Thank you.
 

Olof

Member
Jan 18, 2016
11
0
1
stockholm, sweden
cPanel Access Level
Root Administrator
I'm having the same problem when AutoSSL is trying to install a certificate, also likely due to manually installed openSSL:

# openssl version
OpenSSL 1.0.2j 26 Sep 2016

# rpm -qa | grep openssl

openssl-1.0.1e-48.el6_8.3.x86_64
openssl-devel-1.0.1e-48.el6_8.3.x86_64


We however, MUST, use 1.0.2j or later. So what can I do to make AutoSSL be able to install certificates again?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Hello @Olof,

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

Olof

Member
Jan 18, 2016
11
0
1
stockholm, sweden
cPanel Access Level
Root Administrator
Hello @Olof,

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

Thanks Michael!

I have verified my suspicions by removing OpenSSL 1.0.2j (2016), and then WHM can install certs again. However, the problem is that I very much need that version to be use all throughout the system. So how do I get WHM to behave while having this installed? OR have the old version in a separate location and make WHM use that only when installing certs?

The old version is 4 years old (OpenSSL 1.0.1e-fips 11 Feb 2013) - that is a long time.

Support Request ID is: 8151305
 

Olof

Member
Jan 18, 2016
11
0
1
stockholm, sweden
cPanel Access Level
Root Administrator
I got back word from cpanel-support (not Michael), saying it is impossible for WHM to work correctly with newer versions of openSSL.

If anyone else is having similar problems, there are only two solutions:

1, Roll back openSSL to the archaic version and move the newer one to /opt/openssl then rebuild everything that need a modern openSSL to look there instead.
2, Start using something else than CPanel/WHM