Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED finding the current install SSL from SSH

Discussion in 'cPanel Developers' started by Neutrall, May 3, 2018.

Tags:
  1. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Hi,


    I’m currently working on an automated solution to have Nginx as a reverse proxy for all HTTPS traffic. But for this solution to be feasible, my script need to be able to get the current installed SSL on a domain.


    Currently, I can easily parse through the ssl.db file from each hosting, but the problem occurs when some of those file show more than one installed SSL for the same domain. Here an example of an output I get with the UAPI which if giving me the same result as the ssl.db yaml file:


    Code:
    root@web [/home/mca/ssl]# uapi --user=mca SSL list_certs
---
apiversion: 3
func: list_certs
module: SSL
result:
  data:
    -
      created: '1462902596'
      domain_is_configured: 1
      domains:
        - www.example.com
        - example.com
      friendly_name: www.example.com and example.com 2
      id: www_example_com_d3b4a_...
      is_self_signed: 0
      issuer.commonName: GeoTrust EV SSL CA - G4
      issuer.organizationName: GeoTrust Inc.
      issuer_text: "\nGeoTrust EV SSL CA - G4"
      modulus: d....
      modulus_length: 4096
      not_after: '1528588799'
      not_before: '1462838400'
      signature_algorithm: sha256WithRSAEncryption
      subject.commonName: www.m105.ca
      subject_text: "..."
      validation_type: ev
    -
      created: '1517513665'
      domain_is_configured: 1
      domains:
        - www.example.com
        - mexample.com
      friendly_name: Cert for “example.com”
      id: www_example5_com_c0061_...
      is_self_signed: 0
      issuer.commonName: GeoTrust EV RSA CA 2018
      issuer.organizationName: DigiCert Inc
      issuer_text: "\nwww.digicert.com\ncommonName\nGeoTrust EV RSA CA 2018"
      modulus: c.....
      modulus_length: 4096
      not_after: '1528545600'
      not_before: '1517443200'
      signature_algorithm: sha256WithRSAEncryption
      subject.commonName: www.example.com
      subject_text: "..."
      validation_type: ev
  errors: ~
  messages: ~
  metadata:
    transformed: 1
  status: 1
    My question id how can I get the actual installed SSL for the hosting? Even the uapi SSL:: fetch_best_for_domain (uapi --user=myuser SSL fetch_best_for_domain domain=example.com) function didn’t return the same SSL that is listing inside the user cPanel GUI interface.
     
    #1 Neutrall, May 3, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,824
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Neutrall,

    The SSL::installed_hosts UAPI function is available if you'd like to see the certificates installed on the account, as opposed to seeing a list of all CRT files that exist under the account. Can you let me know if that's what you are looking for?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, May 3, 2018
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,961
    Likes Received:
    1,824
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Neutrall,

    On a side note, in cPanel & WHM version 72 we're adding a Standardized Hook that triggers events before and after the installation or changes to SSL certificates via WHM's Install an SSL Certificate on a Domain interface or WHM API 1's installssl function. This is in addition to a separate Standardized Hook we're adding for AutoSSL certificate installations.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, May 3, 2018
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,675
    Likes Received:
    84
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I would probably recommend using whmapi1 for this, the fetch_ssl_vhosts API call.

    The UAPI interface isn't going to work if the account you are checking doesn't have the SSL feature enabled. Now, perhaps all of your accounts have this. But we don't typically allow this in our cPanels, we install certificate ourselves using the WHM (or the whmapi1 API).

    cPanel wants to move everything over to UAPI for better permission control, but it's not all that useful to me because the permission control become a burden. This is also why we will probably never see a "Park a domain" API call added to whmapi1, cPanel wants to control the permissions on that with UAPI (but that's getting off topic).

    When you run whmapi1 fetch_ssl_vhosts, look for the data->vhosts->crt->servername object. Then take that value (for each vhost installed certificate) and find the combined certificate information in /var/cpanel/ssl/apache_tls/%servername%/combined
     
    #4 sparek-3, May 3, 2018
  5. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Thank you @cPanelMichael,

    This is giving me the proper value, now I just have to find the proper way to get all this information together so I can have it ready for Nginx proxy!.

    Thank you!

    Also, thanks @sparek-3 for the alternative, chances are that I might also take a look on your suggestion!
     
    #5 Neutrall, May 3, 2018
    cPanelMichael likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - finding current install
  1. woodland

    Finding the MySQL file in a cPanel backup

    woodland, Jan 15, 2018, in forum: Data Protection
    Replies:
    3
    Views:
    362
    cPWilliamL
    Jan 16, 2018
  2. dave_83

    Finding all emails for a given user (dovecot - pop3)

    dave_83, Jan 12, 2018, in forum: E-mail Discussion
    Replies:
    8
    Views:
    216
    dave_83
    Jan 12, 2018
  3. minzhe

    finding ftp account directory path

    minzhe, Apr 15, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    699
    cPanelMichael
    Apr 17, 2017
  4. swbrains

    UAPI Functions SSL::list_certs -- finding single installed certificate

    swbrains, Oct 3, 2016, in forum: cPanel Developers
    Replies:
    5
    Views:
    825
    cPanelMichael
    Oct 6, 2016
  5. elisethechemist

    SOLVED EasyApache4 migration currently building EasyApache 3 stack

    elisethechemist, Jul 8, 2018, in forum: EasyApache
    Replies:
    9
    Views:
    176
    cPanelLauren
    Jul 16, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice