Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Storage Change in cPanel 68

Discussion in 'Security' started by sparek-3, Apr 11, 2018.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,596
    Likes Received:
    60
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Prior to cPanel 68, installed SSL storage information was in the YAML file:

    /var/cpanel/ssl/installed/ssl.db

    This does not appear to be the case starting with cPanel 68. I found where the release notes state that the SSL Storage system was changed in cPanel 68, to an sqlite database.

    I do see that the sqlite database:

    /var/cpanel/ssl/apache_tls/.index.sqlite

    now exists. Before I dig too deep into this. Is this information correct?

    If I was previously parsing /var/cpanel/ssl/installed/ssl.db for SSL information, I now need to change this to read from the /var/cpanel/ssl/apache_tls/.index.sqlite sqlite database?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    372
    Likes Received:
    20
    Trophy Points:
    93
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    We did move to a SQLite storage format for this. The following shows the tables within that database


    Code:
    sqlite> .databases
    seq  name             file
    ---  ---------------  ----------------------------------------------------------
    0    main             /var/cpanel/ssl/apache_tls/.index.sqlite
    1    temp
    sqlite> .tables
    metadata            vhost_certificates
    sqlite>
    I also confirmed that rebuilding the installed SSL db with /usr/local/cpanel/scripts/rebuildinstalledssldb does indeed update /var/cpanel/ssl/apache_tls/.index.sqlite where /var/cpanel/ssl/installed/ssl.db is not being updated.


    Thank you,
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,596
    Likes Received:
    60
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    I suppose the better solution would be to use the fetch_ssl_vhosts API call. This will retrieve information from the database, regardless of which storage mechanism is being used.

    I never thought to check on an API call for this.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    372
    Likes Received:
    20
    Trophy Points:
    93
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    Being unaware of what you're doing I am sorry I didn't recommend that before. That would be the more advisable solution - the likelihood of the API for that changing is much less than the storage method, though now with SQLite I don't believe it will be changing in the near future either way.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,596
    Likes Received:
    60
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    No worries, this is something I should have thought of before posting. All is good now.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    372
    Likes Received:
    20
    Trophy Points:
    93
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Either way, happy to hear that you found a solution!

    Thanks!
     
Loading...

Share This Page