Server cannot verify manually created SSL Certificates!!

DReade83

Well-Known Member
Oct 20, 2006
196
0
166
Cheshire, UK
Generated a new SSL cert, tried to install and:

Attempting to verify your certificate.....
Certificate verification failed!
Verifcation Result []
SSL Install aborted due to error.
Any idea what this means?
 

ddovidenko

Member
Dec 13, 2006
7
1
153
The problem is actually that their perl script check, take a look at /scripts/cPScript/SSLInfo.pm

if ( $cab =~ /BEGIN CERTIFICATE/ ) {
open( SSL, ">", "$sslroot/certs/cert_test.cabundle.${random}" );
chmod( 0600, "$sslroot/certs/cert_test.cabundle.${random}" );
print SSL $cab;
close(SSL);
my $cab_verify = $openssl->verifyfile( "$sslroot/certs/cert_test.cabundle.${random}" );
my $clean_cab_verify = _strip_ssl_warnings($cab_verify);
if ( $clean_cab_verify !~ /^ok/i && $clean_cab_verify !~ /^\//i ) {
return ( 0,
"Certificate bundle verification failed!\n"
. "<br>Verifcation Result [$clean_cab_verify]\n" );
}
}

my $crt_verify =
$openssl->verify( $crt, "$sslroot/certs/cert_test.cabundle.${random}" );
my $verify = _strip_ssl_warnings($crt_verify);
unlink("$sslroot/certs/cert_test.cabundle.${random}");

if ( $verify =~ /^ok/i || $verify =~ /^\//i ) {
return ( 1,
"Cerificate verification passed!\n"
. "<br>Verifcation Result [$verify]\n" );
}
else {
return ( 0,
"Certificate verification failed!\n"
. "<br>Verifcation Result [$verify]\n" );
}

You need to use /scripts/installssl to install ssl certs until there is a fix from cPanel.
 
Last edited:

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,481
35
208
cPanel Access Level
DataCenter Provider
The problem is actually that their perl script check, take a look at /scripts/cPScript/SSLInfo.pm

if ( $cab =~ /BEGIN CERTIFICATE/ ) {
open( SSL, ">", "$sslroot/certs/cert_test.cabundle.${random}" );
chmod( 0600, "$sslroot/certs/cert_test.cabundle.${random}" );
print SSL $cab;
close(SSL);
my $cab_verify = $openssl->verifyfile( "$sslroot/certs/cert_test.cabundle.${random}" );
my $clean_cab_verify = _strip_ssl_warnings($cab_verify);
if ( $clean_cab_verify !~ /^ok/i && $clean_cab_verify !~ /^\//i ) {
return ( 0,
"Certificate bundle verification failed!\n"
. "<br>Verifcation Result [$clean_cab_verify]\n" );
}
}

my $crt_verify =
$openssl->verify( $crt, "$sslroot/certs/cert_test.cabundle.${random}" );
my $verify = _strip_ssl_warnings($crt_verify);
unlink("$sslroot/certs/cert_test.cabundle.${random}");

if ( $verify =~ /^ok/i || $verify =~ /^\//i ) {
return ( 1,
"Cerificate verification passed!\n"
. "<br>Verifcation Result [$verify]\n" );
}
else {
return ( 0,
"Certificate verification failed!\n"
. "<br>Verifcation Result [$verify]\n" );
}

You need to use /scripts/installssl to install ssl certs until there is a fix from cPanel.


It doesn't appear to handle unchained ssl certs correctly in that build.
14823 appears to solve the problem.