Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP + cURL + SSL query

Discussion in 'Security' started by imcjd, Apr 12, 2016.

  1. imcjd

    imcjd Member

    Joined:
    Apr 12, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi,

    I have a query with using cURL (SSL version) with PHP + cPanel. Using cURL with SSL you supposedly need to provide a bundle of trustable root certificates.

    Using the following code:

    PHP:
    curl_setopt($curlSessionCURLOPT_SSL_VERIFYPEER1);
    I am not providing a certificate bundle and it still seems to work. So that's weird for starters?

    Regardless I provide a bundle from /etc/pki/tls/certs/ca-bundle.crt:

    PHP:
    curl_setopt($curlSessionCURLOPT_CAINFO'/etc/pki/tls/certs/ca-bundle.crt');
    Now my question is, is it safe to use the ca-bundle.crt in this directory? Does cPanel update this as and when required?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,791
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, it's acceptable to use the /etc/pki/tls/certs/ca-bundle.crt file for cURL. cURL should use this file by default, but you can verify this by running a test cURL command with the verbose flag on your server. EX:

    Code:
    curl -v 'https://test.domain.tld/index.php' > test.index.html
    Could you elaborate more on the question about the update of this file from cPanel? What's the behavior you are expecting?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. imcjd

    imcjd Member

    Joined:
    Apr 12, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for the response.

    I just wondered if cPanel ever takes responsibility for updating the ca-bundle.crt file or it's left to the OS? As I understand it, the root certificates referenced in that file get updated semi-regularly thus the file needs to be kept up-to-date?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,791
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    The file you are referring to is controlled and updated by your operating system. For example, here's the output that shows which package is associated with the file:

    Code:
    # rpm -qf /etc/pki/tls/certs/ca-bundle.crt
    ca-certificates-2015.2.6-70.1.el7_2.noarch
    
    As far as automatically populating the CABundle field when installing a SSL certificate through cPanel/WHM, that's handled through an external cPanel repository.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice