cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Enhance SSL security: Public Key Pinning (HPKP)

benny@cpanel.net shared this idea 5 years ago
Open Discussion

Wikipedia: HTTP Public Key Pinning (HPKP) is a trust on first use security mechanism which protects websites from impersonation using fraudulent certificates issued by rogue or compromised certificate authorities.


Firefox implemented support for Public Key Pinning some months ago, Chrome is supporting it even longer.


My Feature Request to cPanel: Please make it easy for End-Users to generate the PIN for a Public SSL Key.


Currently it is simple to generate new SSL keys. But it is difficult to generate the Base64-encoded PINs, required to enter in the htaccess file.


I know it's possible to generate the PINs by accessing the server with PuTTY via SSH and the run

  1. openssl rsa -in my-key-file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64

But the most End-Users have no idea how to do that.


It would be great, if cPanel would simply show the PINs directly on the page with the SSL key details. The it could just be copied and used.


Thank you.


For more details please see also: HTTP Public-Key-Pinning explained

Comments (3)

photo
4

Displaying the Cert pin would be the minimum,

The real benefit would be adding the tools so HPKP could be automatically maintained for Let's Encrypt certificates. If the leaf cert is changing every 90 days - pinning the leaf each time is going to be repetitive.... Far better that when cpanel automatically renews the cert from Let's Encrypt, the HPKP pins can be updated at the same time....

photo
1

I agree with julian fletcher's comment.


There is no point on making a way to painless generate a pin if the cPanel does not put it in the right place each time the cert is renewed.


Let's bring it!

photo
1

Hello, guysI agree with julian fletcher's comment.

Leave a Comment
 
Attach a file