Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Certificate verification failed

Discussion in 'Security' started by difepape, May 11, 2016.

Tags:
  1. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi, I´ve this error trying to install a SSl Certificate, using the WHM tool, any suggestion please?
    Code:
    Certificate verification failed! Certificate verified: stdin: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = [EMAIL]ca@trustwave.com[/EMAIL] error 20 at 1 depth lookup:unable to get local issuer certificate
    • CENTOS 6.7 x86_64 xenhvm –
    • [WHM 56.0 (build 14)
    • Trustwave Certificate
    • With Chain (CA bundle)
    upload_2016-5-11_16-32-27.png

    Thanks

    Fernando
     
    #1 difepape, May 11, 2016
    Last edited by a moderator: May 11, 2016
    Olof likes this.
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:

    Code:
    openssl version
rpm -qa | grep openssl
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, May 26, 2016
    Olof likes this.
  3. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi this is the output:

    Code:
    # openssl version
OpenSSL 1.0.2g  1 Mar 2016

# rpm -qa | grep openssl
openssl-devel-1.0.1e-42.el6_7.4.x86_64
openssl-1.0.1e-42.el6_7.4.i686
openssl-1.0.1e-42.el6_7.4.x86_64
    Thanks for your help
     
    #3 difepape, May 26, 2016
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, May 26, 2016
  5. difepape

    difepape Registered

    Joined:
    May 11, 2016
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Hi Michael, thanks for your support, now I´ve the Certificates installed, however continue with a subdomain problem, you can help me with this last issue please?

    Thanks

    Fernando

     
    #5 difepape, May 29, 2016
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you elaborate on the specific subdomain problem you are facing?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelMichael, May 31, 2016
  7. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I'm having the same problem when AutoSSL is trying to install a certificate, also likely due to manually installed openSSL:

    # openssl version
    OpenSSL 1.0.2j 26 Sep 2016

    # rpm -qa | grep openssl

    openssl-1.0.1e-48.el6_8.3.x86_64
    openssl-devel-1.0.1e-48.el6_8.3.x86_64


    We however, MUST, use 1.0.2j or later. So what can I do to make AutoSSL be able to install certificates again?
     
    #7 Olof, Jan 20, 2017
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Olof,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 cPanelMichael, Jan 24, 2017
  9. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator

    Thanks Michael!

    I have verified my suspicions by removing OpenSSL 1.0.2j (2016), and then WHM can install certs again. However, the problem is that I very much need that version to be use all throughout the system. So how do I get WHM to behave while having this installed? OR have the old version in a separate location and make WHM use that only when installing certs?

    The old version is 4 years old (OpenSSL 1.0.1e-fips 11 Feb 2013) - that is a long time.

    Support Request ID is: 8151305
     
    #9 Olof, Jan 25, 2017
  10. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    I got back word from cpanel-support (not Michael), saying it is impossible for WHM to work correctly with newer versions of openSSL.

    If anyone else is having similar problems, there are only two solutions:

    1, Roll back openSSL to the archaic version and move the newer one to /opt/openssl then rebuild everything that need a modern openSSL to look there instead.
    2, Start using something else than CPanel/WHM
     
    #10 Olof, Jan 25, 2017
  11. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 cPanelMichael, Jan 25, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Certificate verification failed
  1. csidev

    The certificate chain failed OpenSSL verification error

    csidev, Sep 26, 2018, in forum: Security
    Replies:
    2
    Views:
    357
    cPanelLauren
    Sep 28, 2018
  2. meeven

    The certificate chain failed OpenSSL’s verification

    meeven, Jun 12, 2018, in forum: Security
    Replies:
    5
    Views:
    795
    cPanelLauren
    Jun 15, 2018
  3. jtgroup

    The certificate chain failed OpenSSL verification

    jtgroup, May 24, 2018, in forum: Security
    Replies:
    4
    Views:
    2,646
    cPanelMichael
    May 29, 2018
  4. lhoezee

    SOLVED SSL::install_ssl - Certificate verification failed! UNABLE_TO_VERIFY_LEAF_SIGNATURE

    lhoezee, Feb 26, 2017, in forum: cPanel Developers
    Replies:
    3
    Views:
    1,860
    Infopro
    Feb 27, 2017
  5. Reado

    New Thread Force poll of EV certificate?

    Reado, Dec 11, 2018 at 2:47 AM, in forum: Security
    Replies:
    1
    Views:
    130
    Reado
    Dec 11, 2018 at 7:40 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice