cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

CPanel to add support for ECDSA (ECC) HTTPS SSL certificates

Brian Young shared this idea 5 years ago
Open Discussion

I would like to ask CPanel to add support for ECDSA (ECC) HTTPS SSL certificates.


I created a self signed ECDSA SSL cert for testing, but the "Install an SSL Certificate on a Domain" page in CPanel would not acknowledge it as a legitimate cert.


Apache 2.2 and 2.4 supports it, I was able to configure two different standalone linux servers one with Apache httpd 2.4 and one 2.2 to use the same cert.


If you don't know what ECDSA is:


https://www.namecheap.com/support/knowledgebase/article.aspx/9503/38/what-is-an-ecc-elliptic-curve-cryptography-certificate


Thank you very much.

Best Answer
photo

As of cPanel & WHM version 92, the product supports ECDSA. More information is available in the release notes.

Comments (4)

photo
1

Any news here?

photo
1

I believe that since Let's Encrypt is coming up ...there's no need for a feature like this one here.

photo
1

I disagree, many companies will not use Let's Encrypt. We have no plans to, but I would use ECC SSL certificates today if I could.

photo
3

Let's Encrypt itself supports ECDSA, which sounds like a pretty good argument to support it in cPanel itself.


It is much faster on the CPU to generate and sign, which would help with servers with hundreds of domains.


As pointed out in OP, the underlying services in cPanel already support ECDSA, it is the cPanel services that seem to be the blocker here.

photo
photo
2

This has become a more serious issue with the latest litespeed updates removing all support for PCI Compliant Ciphers that work with IE11 on Windows 7.

While it's all well and good to just palm it off as, 'people shouldn't use old software', it's the reality of the world that a lot of users DO use Windows 7 with IE 11, it's native browser.

Since Litespeed don't support the secure Ciphers that cPanel provides, we need to be able to install ECC certs in order to have a functioning product, which currently we don't.

Is there any updates on this at all?

photo
1

There needs to be a delicate balance between telling people what they're using is not good enough, and allowing insecure communications.


Yes, there will always be an affected group -- but people on Windows 7 need to be informed they're using relic software and insecure systems and be guided to update their browsers and keys as appropriate.

photo
1

Fair enough, in which case RSA is a relic and insecure system and cPanel should be guided to replace it with ECC.

I feel your response doesn't really help this cause. We have well over 100,000 customers each of which might have 1,000s of customers, so if your solution is to reach out to any and all of them, and not just the ones reaching out, your solution isn't really that great is it?


While my motivation is pressing due to Win7/IE11, because while in an ideal world everyone would be on the newest, we don't live in an ideal world. Also the issue is actually to do with ECC support which is there to replace RSA in the same way that Win10 replaced Win7.

photo
1

I have no problem with cPanel not supporting old unsupported operating systema like Windows 7.

But there is also problems with IE11 on Windows 8.1.

Windows 8.1 is the only mainstream Microsoft OS supported to the year 2023 and IE11 is only secure with ECC.

Not even the newest Windows 10 version 2004 have support after 2021.

cPanel ugently need to support ECC or there is no access for customers with IE11 on Windows 8.1.

I have never heard of any company to ditch support for currently active Windows Systems and not 3 years before end of life: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet

photo
1

Hello Cyber Guyen!


Starting with Version 88, cPanel is no longer supporting Internet Explorer 11, as outlined here:


https://blog.cpanel.com/internet-explorer-11-end-of-support-in-cpanel-version-88/


The issue isn't with the operating system itself, but the actual web browser. You shouldn't experience any issues using browsers such as Chrome, FireFox or Microsoft Edge.

photo
1

There is no reason not to support both ECDSA and RSA. I am a developer for a black-box appliance and I recently added support for both RSA and ECDSA on the web server (you can serve both, and if the device doesn’t support ECDSA, it falls back to the RSA certificate and ciphers). My use case requires RSA, and ECDSA is optional (as I need to support legacy OSes in my black-box product).

photo
photo
1

As of cPanel & WHM version 92, the product supports ECDSA. More information is available in the release notes.