Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL Storage Change in cPanel 68

Discussion in 'Security' started by sparek-3, Apr 11, 2018.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Prior to cPanel 68, installed SSL storage information was in the YAML file:

    /var/cpanel/ssl/installed/ssl.db

    This does not appear to be the case starting with cPanel 68. I found where the release notes state that the SSL Storage system was changed in cPanel 68, to an sqlite database.

    I do see that the sqlite database:

    /var/cpanel/ssl/apache_tls/.index.sqlite

    now exists. Before I dig too deep into this. Is this information correct?

    If I was previously parsing /var/cpanel/ssl/installed/ssl.db for SSL information, I now need to change this to read from the /var/cpanel/ssl/apache_tls/.index.sqlite sqlite database?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    We did move to a SQLite storage format for this. The following shows the tables within that database


    Code:
    sqlite> .databases
    seq  name             file
    ---  ---------------  ----------------------------------------------------------
    0    main             /var/cpanel/ssl/apache_tls/.index.sqlite
    1    temp
    sqlite> .tables
    metadata            vhost_certificates
    sqlite>
    I also confirmed that rebuilding the installed SSL db with /usr/local/cpanel/scripts/rebuildinstalledssldb does indeed update /var/cpanel/ssl/apache_tls/.index.sqlite where /var/cpanel/ssl/installed/ssl.db is not being updated.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    I suppose the better solution would be to use the fetch_ssl_vhosts API call. This will retrieve information from the database, regardless of which storage mechanism is being used.

    I never thought to check on an API call for this.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    Being unaware of what you're doing I am sorry I didn't recommend that before. That would be the more advisable solution - the likelihood of the API for that changing is much less than the storage method, though now with SQLite I don't believe it will be changing in the near future either way.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,762
    Likes Received:
    116
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    No worries, this is something I should have thought of before posting. All is good now.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,137
    Likes Received:
    222
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Either way, happy to hear that you found a solution!

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice