Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED finding the current install SSL from SSH

Discussion in 'cPanel Developers' started by Neutrall, May 3, 2018.

Tags:
  1. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Hi,


    I’m currently working on an automated solution to have Nginx as a reverse proxy for all HTTPS traffic. But for this solution to be feasible, my script need to be able to get the current installed SSL on a domain.


    Currently, I can easily parse through the ssl.db file from each hosting, but the problem occurs when some of those file show more than one installed SSL for the same domain. Here an example of an output I get with the UAPI which if giving me the same result as the ssl.db yaml file:


    Code:
    root@web [/home/mca/ssl]# uapi --user=mca SSL list_certs
    ---
    apiversion: 3
    func: list_certs
    module: SSL
    result:
      data:
        -
          created: '1462902596'
          domain_is_configured: 1
          domains:
            - www.example.com
            - example.com
          friendly_name: www.example.com and example.com 2
          id: www_example_com_d3b4a_...
          is_self_signed: 0
          issuer.commonName: GeoTrust EV SSL CA - G4
          issuer.organizationName: GeoTrust Inc.
          issuer_text: "\nGeoTrust EV SSL CA - G4"
          modulus: d....
          modulus_length: 4096
          not_after: '1528588799'
          not_before: '1462838400'
          signature_algorithm: sha256WithRSAEncryption
          subject.commonName: www.m105.ca
          subject_text: "..."
          validation_type: ev
        -
          created: '1517513665'
          domain_is_configured: 1
          domains:
            - www.example.com
            - mexample.com
          friendly_name: Cert for “example.com”
          id: www_example5_com_c0061_...
          is_self_signed: 0
          issuer.commonName: GeoTrust EV RSA CA 2018
          issuer.organizationName: DigiCert Inc
          issuer_text: "\nwww.digicert.com\ncommonName\nGeoTrust EV RSA CA 2018"
          modulus: c.....
          modulus_length: 4096
          not_after: '1528545600'
          not_before: '1517443200'
          signature_algorithm: sha256WithRSAEncryption
          subject.commonName: www.example.com
          subject_text: "..."
          validation_type: ev
      errors: ~
      messages: ~
      metadata:
        transformed: 1
      status: 1
    My question id how can I get the actual installed SSL for the hosting? Even the uapi SSL:: fetch_best_for_domain (uapi --user=myuser SSL fetch_best_for_domain domain=example.com) function didn’t return the same SSL that is listing inside the user cPanel GUI interface.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Neutrall,

    The SSL::installed_hosts UAPI function is available if you'd like to see the certificates installed on the account, as opposed to seeing a list of all CRT files that exist under the account. Can you let me know if that's what you are looking for?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Neutrall,

    On a side note, in cPanel & WHM version 72 we're adding a Standardized Hook that triggers events before and after the installation or changes to SSL certificates via WHM's Install an SSL Certificate on a Domain interface or WHM API 1's installssl function. This is in addition to a separate Standardized Hook we're adding for AutoSSL certificate installations.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,743
    Likes Received:
    110
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    I would probably recommend using whmapi1 for this, the fetch_ssl_vhosts API call.

    The UAPI interface isn't going to work if the account you are checking doesn't have the SSL feature enabled. Now, perhaps all of your accounts have this. But we don't typically allow this in our cPanels, we install certificate ourselves using the WHM (or the whmapi1 API).

    cPanel wants to move everything over to UAPI for better permission control, but it's not all that useful to me because the permission control become a burden. This is also why we will probably never see a "Park a domain" API call added to whmapi1, cPanel wants to control the permissions on that with UAPI (but that's getting off topic).

    When you run whmapi1 fetch_ssl_vhosts, look for the data->vhosts->crt->servername object. Then take that value (for each vhost installed certificate) and find the combined certificate information in /var/cpanel/ssl/apache_tls/%servername%/combined
     
  5. Neutrall

    Neutrall Member
    PartnerNOC

    Joined:
    Jul 22, 2014
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    DataCenter Provider
    Thank you @cPanelMichael,

    This is giving me the proper value, now I just have to find the proper way to get all this information together so I can have it ready for Nginx proxy!.

    Thank you!

    Also, thanks @sparek-3 for the alternative, chances are that I might also take a look on your suggestion!
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice