The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XML API :: Install SSL is cabundle required?

Discussion in 'cPanel Developers' started by morissette, Apr 29, 2014.

  1. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Is the cab option required?


    So even w/ a cabundle which I believe is just the csr, crt and key concated I get this in the cPanel error log:

    Code:
    <error>[an error occurred while processing this directive]</error>[2014-04-29 15:56:53 -0500] warn [xml-api] The system could not parse the certificate because o
    f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated
     at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724
     at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72
    
    This is my call:
    Code:
        my $status = make_request($auth, "installssl?user=$user&domain=$domain&cert=@cert&key=@key&cab=@bundle&ip=$dedicated_ip");
    
    Code:
    sub make_request {
      my $auth = shift;
      my $params = shift;
      my $url = "https://127.0.0.1:2087/xml-api/" . $params;
      my $ua = LWP::UserAgent->new();
      my $request = HTTP::Request->new( POST => $url );
      $request->header( Authorization => $auth );
      my $response = $ua->request($request);
      my $data = $response->content;
      my $xml = XML::Simple->new;
      $data = $xml->XMLin($data);
      if ( $data->{'status'} ) {
        return $data;
      } else {
        print "[!] Cpanel API returned an error: " . $data->{'statusmsg'} . "\n";
        exit;
      }
    }
    
    Statusmsg: [!] Cpanel API returned an error: The certificate appears to be invalid.


    Additional details:
    The SSL is self signed. Additionally it works installing with the SSL and Private Key via WHM.
     
    #1 morissette, Apr 29, 2014
    Last edited: Apr 30, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Have you tried using the input URL directly in your browser? You can URI encode the key and certificate before doing so. A utilitly such as Url Encode/Decode might be helpful.

    Thank you.
     
  3. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    I have tried both. Additionally I have tried URL Encoding the crt and key and inputing both though the browser and the script. Neither way works however if I go through the WHM installation it works fine.

    I get the same error either way:

    (Note: I removed the SSL data and KEY Data for obvious reasons.
    Code:
    <error>[an error occurred while processing this directive]</error>[2014-04-30 09:02:34 -0500] warn [xml-api] The system could not parse the certificate because o
    f an error: A critical error occurred while parsing the ASN.1 data: Cpanel::CPAN::Encoding::BER: corrupt data? data appears truncated
     at /usr/local/cpanel/Cpanel/SSL/Utils.pm line 724
     at /usr/local/cpanel/Cpanel/SSLInfo.pm line 72
            Cpanel::SSLInfo::fetchcabundle('-----BEGIN CERTIFICATE----------END CERTIFICATE-----') called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 288
            Cpanel::SSLInstall::real_installssl('disclose_user_data', 1, 'domain', 'domain.net', 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'ip', '192.254.227.207', 'ke
    y', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef) called at /usr/local/cpanel/Cpanel/SSLInstall.pm line 115
            Cpanel::SSLInstall::install_or_do_non_sni_update('domain', 'domain.net', 'ip', '192.254.227.207', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'cab', undef, 'crt', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'disclose_user_data', 1) called at /usr/local/cpanel/Whostmgr/XMLUI/SSL.pm line 120
            Whostmgr::XMLUI::SSL::installssl('user', 'domain', 'domain', 'domain.net', 'cert', '-----BEGIN CERTIFICATE----------END CERTIFICATE-----\x0A', 'key', '-----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----\x0A', 'ip', '192.254.227.207') called at whostmgr/bin/xml-api line 1843
            main::__ANON__(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3497
            main::runapp_v0(HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3547
            main::runapp('installssl', HASH(0x2df4020), HASH(0x2e0aa70)) called at whostmgr/bin/xml-api line 3421
    
    Before submitting the code I use the subroutine found at /usr/local/cpanel/Cpanel/SSL/Utils.pm to ensure the certificate is valid:

    Code:
    sub get_certificate_from_text {
        my ($text) = @_;
    
        $text =~ /^[^-]*(-+\s*BEGIN\s+CERTIFICATE\s*-+[^-]*-+\s*END\s+CERTIFICATE\s*-+)[^-]*$/ms;
        return ( 1, $1 ) if $1;
    
        _get_locale();
        return ( 0, $locale->maketext('The certificate text was not valid.') );
    }
    
    What am I missing?
     
  4. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    Additionally I get the following error when using /scripts/installssl:

    Code:
    [root@server]# /scripts/installssl
    What user is the SSL host for? user
    Which IP is the SSL host for? 192.254.227.207
    [SSL {user:domain} {IP:192.254.227.207}]
    Paste in your SSL certificate:
    -----BEGIN CERTIFICATE-----
    // Edited for privacy
    -----END CERTIFICATE-----
    Starting Install.....
    You cannot install SSL for the domain “domain.net” because neither you nor any of your owned accounts controls a domain with that name.
    
    When the domain exists on the server and I am running as the root user.
     
  5. morissette

    morissette Well-Known Member

    Joined:
    May 24, 2009
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Austin, TX
    cPanel Access Level:
    Root Administrator
    As an update it looks like I'm failing in:

    the validate_ssl_components subroutine in the /usr/local/cpanel/whostmgr/bin/xml-api binary, unfortunately failed attempts at reading the hexdump has led me to wait on you :)

    The crt and key match:
    Code:
    [root@server]# openssl x509 -noout -modulus -in domain.net.cert | openssl md5; \
    > openssl rsa -noout -modulus -in domain.key | openssl md5
    (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab
    (stdin)= d6d3f9c78192bfbc0e7a42b524dd65ab
    
    So your turn cPanel. Can you help a brother out?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thanks.
     
Loading...

Share This Page