The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Generate 1024-bit DKIM keys

Discussion in 'Workarounds and Optimization' started by Per Hlom, Apr 30, 2016.

Tags:
  1. Per Hlom

    Per Hlom Registered

    Joined:
    Apr 30, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Italy
    cPanel Access Level:
    Website Owner
    Hi,

    I struggled a lot with the 2048-bit DKIM keys that cPanel insists on generating, but that few registrars allow you to paste into the TXT field.

    I solved it by hacking cPanels generation script to reduce the key size, and I thought I'd post it here if it helps someone.

    Code:
    nano /usr/local/cpanel/Cpanel/DKIM.pm
    Around line 24, set the key size to 24:

    Code:
    our $_MYDNS_KEY_SIZE = 1024;
    Around line 192, comment out the existing lines and replace with versions that fix the key size:

    Code:
        #local $Cpanel::OpenSSL::DEFAULT_KEY_SIZE = $_MYDNS_KEY_SIZE if _nameserver_is_mydns();
    local $Cpanel::OpenSSL::DEFAULT_KEY_SIZE = 1024;
    
        #my $keysize_min = $Cpanel::OpenSSL::DEFAULT_KEY_SIZE;
    my $keysize_min = 1024;
    
    Basically, this is just a result of searching for "size" and replacing values.

    Then uninstall and reinstall:

    Code:
    /usr/local/cpanel/bin/dkim_keys_uninstall username
    /usr/local/cpanel/bin/dkim_keys_install username
    
    And then go to Edit DNS Zone to copy/paste the DKIM key. Remove the quotes. Now BulkRegister and NameCheap will accept it.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I've moved this thread to our "Workarounds" forum. Keep in mind that cPanel updates will overwrite the /usr/local/cpanel/Cpanel/DKIM.pm file, so you may need to manually patch it after each update until a resolution is reached on the remote DNS provider's interface.

    Thank you.
     
  3. BottNet

    BottNet Member

    Joined:
    Jun 25, 2015
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Rochester, NY
    cPanel Access Level:
    Root Administrator
    Great work around! This REALLY still needs to be address in CP itself as A LOT of places do not accept anything over 1024 including ENom. CP should allow you to select the key type 1024 or 2048 before generation. IMHO
     
  4. Xavier Crespin

    Joined:
    Mar 21, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    Root Administrator
    I agree, this issue needs a permanent fix ASAP, OVH DNS service does not support 2048 bit keys either.
     
    #4 Xavier Crespin, Jul 4, 2016
    Last edited: Jul 4, 2016

Share This Page