Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

OpenSSL error: data too large for modulus

Discussion in 'Security' started by chris0147, Nov 1, 2018.

Tags:
  1. chris0147

    chris0147 Well-Known Member

    Joined:
    Aug 28, 2015
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    London
    cPanel Access Level:
    Root Administrator
    Hi all,

    I need some help with setup the DKIM on my server. I have got a problem with the DKIM as it get invalid every time when I tried to generate new DKIM key and sent the email for validation results, but the issue are still the same as I still get the test as fail.

    Here is what I get when I sent the test for results:

    Code:
    Message contains this DKIM Signature:
    DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
       d=mydomain.com; s=default; h=Message-ID:Subject:To:From:Date:
       Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:
       Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
       Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
       List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
        bh=eKQde3dilkEJoLbbOiXJ4/w35F2pIwr3fLMV4CdYMhs=; b=uMcgM+aEQXA0Indge5kTia7Sa
       j5oByZNgaB5C85tp+KVUSVXGgOvBWGP3NWmNLuV/HNUdi+oIm+HZnm4s2FR7Pg90urAGqLy8KfqEg
       5vpNKL9B3y2PA7wCRKExrl7S3U71tiGgUENu18H+ETYUbPTIhMk0e/JG+vsc3njPzY5yfWmgBavoL
       9iTgMmQRtT4SOdSylIrPVOkE1XOdnxKI8CDZAkWUN3N0iwwhWMyEbNyfb4ynC1yM6p8rFwSk906YG
       /7SS64o44kLeTp3F/wFWLak53Sja7UHU5qkgLSKcWY6DEXhHBKGM+WYEIOl3JvZnpDAPrED7ldCXD
       N47G7HnnA==;
    
    
    Signature Information:
    v= Version:         1
    a= Algorithm:       rsa-sha256
    c= Method:          relaxed/relaxed
    d= Domain:          mydomain.com
    s= Selector:        default
    q= Protocol:        dns/txt
    bh=                 eKQde3dilkEJoLbbOiXJ4/w35F2pIwr3fLMV4CdYMhs=
    h= Signed Headers:  Message-ID:Subject:To:From:Date:
       Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc:
       Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
       Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
       List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
    b= Data:            uMcgM+aEQXA0Indge5kTia7Sa
       j5oByZNgaB5C85tp+KVUSVXGgOvBWGP3NWmNLuV/HNUdi+oIm+HZnm4s2FR7Pg90urAGqLy8KfqEg
       5vpNKL9B3y2PA7wCRKExrl7S3U71tiGgUENu18H+ETYUbPTIhMk0e/JG+vsc3njPzY5yfWmgBavoL
       9iTgMmQRtT4SOdSylIrPVOkE1XOdnxKI8CDZAkWUN3N0iwwhWMyEbNyfb4ynC1yM6p8rFwSk906YG
       /7SS64o44kLeTp3F/wFWLak53Sja7UHU5qkgLSKcWY6DEXhHBKGM+WYEIOl3JvZnpDAPrED7ldCXD
       N47G7HnnA==
    Public Key DNS Lookup
    Building DNS Query for default._domainkey.mydomain.com
    Retrieved this publickey from DNS: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOXuexVy0AGduMJzhgkkNP8/dU9B3BgCgwllxwDxkIL0lpfLEXwk6tHX25DmtDqwsDRkaDRiBbOaJlMuKIj8ueCULlJapdHoRwgCn88WeXKUzubUQ8IsevE2hhm2H4NGpn3OntaH1kIfLiBfbp3DTqCLh48RhFa8bsOkYEIzSW0LcvZEn9cwwzl1alkcViJOSumv/AKvklAogWN9mUSob6IgcwaeyZ3ZptTNP8ebXCJ4p61Ce5Knk1q0+XchGo+wMEikIrhA28A6XtZDlg74nC4FBzR6oI+itbm1Vz3rv/RqmA6eohXlTh7keWRE1xUZvy4olL6tWUyrrblpvetI5wIDAQAB;
    Validating Signature
    result = fail
    Details: OpenSSL error: data too large for modulus
    

    I dont really understand why I am getting "OpenSSL error: data too large for modulus".

    Do you know why and do you know how I can fix it?

    Thanks in advance

    Does anyone know??
     
    #1 chris0147, Nov 1, 2018
    Last edited by a moderator: Nov 2, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @chris0147


    Where are you sending it for validation and how are you generating the key? Usually that error is only seen when you're sending the standard 2048bit key somewhere that's expecting a 1024bit key.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. chris0147

    chris0147 Well-Known Member

    Joined:
    Aug 28, 2015
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    London
    cPanel Access Level:
    Root Administrator
    @cPanelLauren

    I am sending it for validation on the site called: dkimvalidator.com.

    It will tell me that if my site have pass the test or not.

    The DKIM key that I have generated from port25.com. I have changed from 2048bit key to 1024bit key and I am getting this:

    Code:
    Validating Signature
    
    result = fail
    Details: OpenSSL error: data too large for key size
    
    Do you know why I am getting the error?

    I have checked on my other domain and it works fine so this domain I am using have a bit of problem so I need to get something to be looking at.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    I don't know why you're receiving the error but it's not something specific to cPanel. You're generating the key using a separate site and checking it using a separate site. You can generate a DKIM key in cPanel by going to cPanel>>Email>>Authentication
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. chris0147

    chris0147 Well-Known Member

    Joined:
    Aug 28, 2015
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    London
    cPanel Access Level:
    Root Administrator
    @cPanelLauren: Thank you for your advice. When I generated the DKIM key in cPanel, I can see the warnings I am getting:

    In order to ensure that SPF or DKIM takes effect, you must confirm that this server is an authoritative nameserver for “mydomain.com”. If you need help, contact your hosting provider.

    Warning: cPanel is unable to verify that this server is an authoritative nameserver for “mydomain.com”.


    Do you know why I am getting the warnings and how I can fix it??
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @chris0147

    If the DNS for the domain isn't managed by your server (meaning the nameservers aren't pointed to the server) then you can generate the DKIM through cPanel but you'll need to add the record where DNS for the domain is hosted.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. chris0147

    chris0147 Well-Known Member

    Joined:
    Aug 28, 2015
    Messages:
    87
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    London
    cPanel Access Level:
    Root Administrator
    @cPanelLauren: Thank you for your reply.

    Do you mean GoDaddy where I got my domain from or where I got my VPS from?

    Thank you.
     
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @chris0147

    I mean essentially wherever the nameservers are pointed to. If you're using GoDaddy's DNS for the nameservers then you'd need to go there to add the record generated for you. Ultimately it sounds like the VPS isn't authoritative for the domain so chances are it's something that's going to need to be added at the registrar.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice