cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!
This object is in archive! 

Support Elliptic Curve Cryptography (ECC)

Antony Holub shared this idea 6 years ago
Needs Feedback

We want to install the new ECC SSL certificate from Symantec but WHM/cPanel don't support Elliptic Curve Cryptography yet. Can I please request that you add this feature ASAP? Many thanks, Producer Loops Limited

Best Answer
photo

If your operating system supports the ECC ciphers, then those daemons that are built against it will support those ciphers. This includes Apache.


For example, RedHat/CentOS 5.x does *not* include ECC ciphers. However, RedHat/CentOS 6.x *does* include ECC ciphers.


This means that on a purely technical level, RedHat/CentOS 6.x with Apache is capable of serving these certificates.


However, since cPanel & WHM does not make any consideration for ECC certificates at this time, all things cPanel & WHM will refuse/reject/break on attempts to utilize an ECC certificate with it.


To state in no uncertain terms, ECC certificate are entirely unsupported and unsanctioned for use with cPanel & WHM servers at this time. It is in no way supported nor expected/guaranteed to work.


It is potentially possible, in an extremely manual and laborious way, to manually write over an ECC certificate to the various /etc/ssl/ locations so that Apache simply reads them there and thus functions. However, there are no guarantees that this would work. Even further, none of it would be supported by cPanel & WHM or cPanel staff.


For proper ECC certificate support, this feature request you're making will need to be implemented by cPanel, Inc.

Comments (4)

photo
1

If your operating system supports the ECC ciphers, then those daemons that are built against it will support those ciphers. This includes Apache.


For example, RedHat/CentOS 5.x does *not* include ECC ciphers. However, RedHat/CentOS 6.x *does* include ECC ciphers.


This means that on a purely technical level, RedHat/CentOS 6.x with Apache is capable of serving these certificates.


However, since cPanel & WHM does not make any consideration for ECC certificates at this time, all things cPanel & WHM will refuse/reject/break on attempts to utilize an ECC certificate with it.


To state in no uncertain terms, ECC certificate are entirely unsupported and unsanctioned for use with cPanel & WHM servers at this time. It is in no way supported nor expected/guaranteed to work.


It is potentially possible, in an extremely manual and laborious way, to manually write over an ECC certificate to the various /etc/ssl/ locations so that Apache simply reads them there and thus functions. However, there are no guarantees that this would work. Even further, none of it would be supported by cPanel & WHM or cPanel staff.


For proper ECC certificate support, this feature request you're making will need to be implemented by cPanel, Inc.

photo
4

I believe what the customer is actually asking for is for ECC support to be added to the WHM/cPanel interface. The idea being that he does not have to generate the ECC CSR via the command line.

photo
2

So the feature request would mean to add ECC SHA256 support?

Currently RSA SHA1 and RSA SHA256 are included. With SHA1 being on its way to the grave.

photo
1

Any news here?