Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel and ECDSA ECC certificate support ?

Discussion in 'Security' started by glpanel, Jul 4, 2018.

  1. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    I’m using a third party utility (Acme.sh) that should deploy a Letsencrypt ECDSA certificate with a 384-bit ECC key to cPanel using an Uapi command, but a receive this error:

    [Wed Jul 4 03:42:52 MST 2018] Error in deploying certificate:
    [Wed Jul 4 03:42:52 MST 2018] ---
    apiversion: 3
    func: install_ssl
    module: SSL
    result:
    data: ~
    errors:
    - "The system could not parse the certificate because of an error: The ASN.1 data is corrupt. Its header indicates a length of 89 bytes, but its content is 97 bytes long."
    messages: ~
    metadata: {}
    status: 0
    [Wed Jul 4 03:42:52 MST 2018] Error deploy for domain:test.com
    [Wed Jul 4 03:42:52 MST 2018] Deploy error.


    I think that this error may be due to the ECDSA ECC certificate used.

    Can someone please tell me if cPanel supports ECDSA Ecc certificates ?

    Thank You.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,552
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    glpanel likes this.
  3. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    The plugin code is not using Get or Post methods, but command line call:

    github.com/Neilpang/acme.sh/blob/master/deploy/cpanel_uapi.sh
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,552
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    glpanel likes this.
  5. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    @cPanelLauren,

    in fact, by issuing and installing a standard Rsa certificate with a 2048-bit key, everything works perfectly.

    Considering that these certificates are becoming increasingly common in use, perhaps the development team might consider including support for them in the future :)

    Thanks for the information.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,552
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @glpanel

    I agree with you and IMO the best way to facilitate more attention to this would be to vote on the feature request, we do weight the interest feature requests garner to prioritize adding items like this to the product. From my discussion with development it does look like this may be a possibility in the future.

    I believe some of the things we're waiting on are further research into security concerns + transparency with these as well as more browser support for ed25519 Introduction

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    glpanel likes this.
  7. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    I voted for the implementation of the ECDSA ECC certificates, although I doubt that, considering the number of votes and the particularity of the function, it can have visibility in the development team.

    I invite all forum users to evaluate this feature and vote using the links in post #4.
     
    cPanelLauren likes this.
  8. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,552
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @glpanel

    I believe there were some roadblocks to this previously which are no longer in place, so it may not be further off than you think, though I can make no promises.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    glpanel likes this.
  9. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    Good, I hope this will happen soon.
     
  10. KrishR

    KrishR Registered

    Joined:
    Jul 18, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    New South Wales, Australia
    cPanel Access Level:
    Root Administrator
    Hi, are ECC Certificates supported yet?
     
  11. glpanel

    glpanel Member

    Joined:
    Jun 24, 2018
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    I am currently using RSA certificates and have not done any further testing, so I can't tell you if new versions of cPanel have added support for this feature.

    Try to consult release notes.
     
  12. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,552
    Likes Received:
    253
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @KrishR

    As of now, no they are not, along with checking the release notes as indicated by @glpanel the feature request status will also change to completed when the new feature is added to the product.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice