Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

XML API :: Install SSL is cabundle required?

Discussion in 'cPanel Developers' started by morissette, Apr 29, 2014.

  1. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Is the cab option required?


    So even w/ a cabundle which I believe is just the csr, crt and key concated I get this in the cPanel error log:

    Code:
    <error>[an error occurred while processing this directive]</error>[2014-04-29 15:56:53 -0500] warn [xml-api] The system could not parse the certificate because o
    f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated
     at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724
     at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72
    
    This is my call:
    Code:
        my $status = make_request($auth, "installssl?user=$user&domain=$domain&cert=@cert&key=@key&cab=@bundle&ip=$dedicated_ip");
    
    Code:
    sub make_request {
      my $auth = shift;
      my $params = shift;
      my $url = "https://127.0.0.1:2087/xml-api/" . $params;
      my $ua = LWP::UserAgent->new();
      my $request = HTTP::Request->new( POST => $url );
      $request->header( Authorization => $auth );
      my $response = $ua->request($request);
      my $data = $response->content;
      my $xml = XML::Simple->new;
      $data = $xml->XMLin($data);
      if ( $data->{'status'} ) {
        return $data;
      } else {
        print "[!] Cpanel API returned an error: " . $data->{'statusmsg'} . "\n";
        exit;
      }
    }
    
    Statusmsg: [!] Cpanel API returned an error: The certificate appears to be invalid.


    Additional details:
    The SSL is self signed. Additionally it works installing with the SSL and Private Key via WHM.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 morissette, Apr 29, 2014
    Last edited: Apr 30, 2014
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Have you tried using the input URL directly in your browser? You can URI encode the key and certificate before doing so. A utilitly such as Url Encode/Decode might be helpful.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    I have tried both. Additionally I have tried URL Encoding the crt and key and inputing both though the browser and the script. Neither way works however if I go through the WHM installation it works fine.

    I get the same error either way:

    (Note: I removed the SSL data and KEY Data for obvious reasons.
    Code:
    <error>[an error occurred while processing this directive]</error>[2014-04-30 09:02:34 -0500] warn [xml-api] The system could not parse the certificate because o
    f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated
     at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724
     at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72
            Cpanel::SSLInfo::fetchcabundle('-----BEGIN CERTIFICATE----------END CERTIFICATE-----') called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 288
            Cpanel::SSLInstall::real_installssl('disclose_user_data', 1, 'domain', 'domain.net', 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'ip', '192.254.227.207', 'ke
    y', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef) called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 115
            Cpanel::SSLInstall::install_or_do_non_sni_update('domain', 'domain.net', 'ip', '192.254.227.207', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef, 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'disclose_user_data', 1) called at /usr/local/cpanel/Whostmgr/XMLUI/SSL.pm line 120
            Whostmgr::XMLUI::SSL::installssl('user', 'domain', 'domain', 'domain.net', 'cert', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'ip', '192.254.227.207') called at whostmgr/bin/xml-api line 1843
            main::__ANON__(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3497
            main::runapp_v0(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3547
            main::runapp('installssl', HASH(0x2df4020), HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3421
    
    Before submitting the code I use the subroutine found at /usr/local/cpanel/Cpanel/SSL/Utils.pm to ensure the certificate is valid:

    Code:
    sub get_certificate_from_text {
        my ($text) = @_;
    
        $text =~ /^[^-]*(-+\s*BEGIN\s+CERTIFICATE\s*-+[^-]*-+\s*END\s+CERTIFICATE\s*-+)[^-]*$/ms;
        return ( 1, $1 ) if $1;
    
        _get_locale();
        return ( 0, $locale->maketext('The certificate text was not valid.') );
    }
    
    What am I missing?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Additionally I get the following error when using /scripts/installssl:

    Code:
    [root@server]# /scripts/installssl
    What user is the SSL host for? user
    Which IP is the SSL host for? 192.254.227.207
    [SSL {user:domain} {IP:192.254.227.207}]
    Paste in your SSL certificate:
    -----BEGIN CERTIFICATE-----
    // Edited for privacy
    -----END CERTIFICATE-----
    Starting Install.....
    You cannot install SSL for the domain “domain.net” because neither you nor any of your owned accounts controls a domain with that name.
    
    When the domain exists on the server and I am running as the root user.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    66
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    As an update it looks like I'm failing in:

    the validate_ssl_components subroutine in the /usr/local/cpanel/whostmgr/bin/xml-api binary, unfortunately failed attempts at reading the hexdump has led me to wait on you :)

    The crt and key match:
    Code:
    [root@server]# openssl x509 -noout -modulus -in domain.net.cert | openssl md5; \
    > openssl rsa -noout -modulus -in domain.key | openssl md5
    (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab
    (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab
    
    So your turn cPanel. Can you help a brother out?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice