cPanel and ECDSA ECC certificate support ?

glpanel

Member
Jun 24, 2018
10
1
3
Italy
cPanel Access Level
Website Owner
I’m using a third party utility (Acme.sh) that should deploy a Letsencrypt ECDSA certificate with a 384-bit ECC key to cPanel using an Uapi command, but a receive this error:

[Wed Jul 4 03:42:52 MST 2018] Error in deploying certificate:
[Wed Jul 4 03:42:52 MST 2018] ---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- "The system could not parse the certificate because of an error: The ASN.1 data is corrupt. Its header indicates a length of 89 bytes, but its content is 97 bytes long."
messages: ~
metadata: {}
status: 0
[Wed Jul 4 03:42:52 MST 2018] Error deploy for domain:test.com
[Wed Jul 4 03:42:52 MST 2018] Deploy error.


I think that this error may be due to the ECDSA ECC certificate used.

Can someone please tell me if cPanel supports ECDSA Ecc certificates ?

Thank You.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
  • Like
Reactions: glpanel

glpanel

Member
Jun 24, 2018
10
1
3
Italy
cPanel Access Level
Website Owner
The plugin code is not using Get or Post methods, but command line call:

github.com/Neilpang/acme.sh/blob/master/deploy/cpanel_uapi.sh
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
  • Like
Reactions: glpanel

glpanel

Member
Jun 24, 2018
10
1
3
Italy
cPanel Access Level
Website Owner
@cPanelLauren,

in fact, by issuing and installing a standard Rsa certificate with a 2048-bit key, everything works perfectly.

Considering that these certificates are becoming increasingly common in use, perhaps the development team might consider including support for them in the future :)

Thanks for the information.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Hi @glpanel

I agree with you and IMO the best way to facilitate more attention to this would be to vote on the feature request, we do weight the interest feature requests garner to prioritize adding items like this to the product. From my discussion with development it does look like this may be a possibility in the future.

I believe some of the things we're waiting on are further research into security concerns + transparency with these as well as more browser support for ed25519 Introduction

Thanks!
 
  • Like
Reactions: glpanel

glpanel

Member
Jun 24, 2018
10
1
3
Italy
cPanel Access Level
Website Owner
I voted for the implementation of the ECDSA ECC certificates, although I doubt that, considering the number of votes and the particularity of the function, it can have visibility in the development team.

I invite all forum users to evaluate this feature and vote using the links in post #4.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Hi @glpanel

I believe there were some roadblocks to this previously which are no longer in place, so it may not be further off than you think, though I can make no promises.
 
  • Like
Reactions: glpanel

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Hi @KrishR

As of now, no they are not, along with checking the release notes as indicated by @glpanel the feature request status will also change to completed when the new feature is added to the product.

Thanks!