The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP + cURL + SSL query

Discussion in 'Security' started by imcjd, Apr 12, 2016.

  1. imcjd

    imcjd Member

    Joined:
    Apr 12, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi,

    I have a query with using cURL (SSL version) with PHP + cPanel. Using cURL with SSL you supposedly need to provide a bundle of trustable root certificates.

    Using the following code:

    PHP:
    curl_setopt($curlSessionCURLOPT_SSL_VERIFYPEER1);
    I am not providing a certificate bundle and it still seems to work. So that's weird for starters?

    Regardless I provide a bundle from /etc/pki/tls/certs/ca-bundle.crt:

    PHP:
    curl_setopt($curlSessionCURLOPT_CAINFO'/etc/pki/tls/certs/ca-bundle.crt');
    Now my question is, is it safe to use the ca-bundle.crt in this directory? Does cPanel update this as and when required?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, it's acceptable to use the /etc/pki/tls/certs/ca-bundle.crt file for cURL. cURL should use this file by default, but you can verify this by running a test cURL command with the verbose flag on your server. EX:

    Code:
    curl -v 'https://test.domain.tld/index.php' > test.index.html
    Could you elaborate more on the question about the update of this file from cPanel? What's the behavior you are expecting?

    Thank you.
     
  3. imcjd

    imcjd Member

    Joined:
    Apr 12, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for the response.

    I just wondered if cPanel ever takes responsibility for updating the ca-bundle.crt file or it's left to the OS? As I understand it, the root certificates referenced in that file get updated semi-regularly thus the file needs to be kept up-to-date?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The file you are referring to is controlled and updated by your operating system. For example, here's the output that shows which package is associated with the file:

    Code:
    # rpm -qf /etc/pki/tls/certs/ca-bundle.crt
    ca-certificates-2015.2.6-70.1.el7_2.noarch
    
    As far as automatically populating the CABundle field when installing a SSL certificate through cPanel/WHM, that's handled through an external cPanel repository.

    Thank you.
     
Loading...

Share This Page