Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicWeb Servers
Properties
Category Web Servers
Tags ssl

cPanel to add support for ECDSA (ECC) HTTPS SSL certificates

Brian Young shared this idea 9 years ago
Completed

I would like to ask cPanel to add support for ECDSA (ECC) HTTPS SSL certificates.


I created a self signed ECDSA SSL cert for testing, but the "Install an SSL Certificate on a Domain" page in CPanel would not acknowledge it as a legitimate cert.


Apache 2.2 and 2.4 supports it, I was able to configure two different standalone linux servers one with Apache httpd 2.4 and one 2.2 to use the same cert.


If you don't know what ECDSA is:


https://www.namecheap.com/support/knowledgebase/article.aspx/9503/38/what-is-an-ecc-elliptic-curve-cryptography-certificate


Thank you very much.

34 I like this idea 0  
Best Answer
photo
Aila 4 years ago

As of cPanel & WHM version 92, the product supports ECDSA. More information is available in the release notes.

Replies (4)

photo
1
Igor Sobrenome 8 years ago

Any news here?

Reply
photo
1
GoZEN Host 8 years ago

I believe that since Let's Encrypt is coming up ...there's no need for a feature like this one here.

Reply
photo
1
Brian Young 8 years ago

I disagree, many companies will not use Let's Encrypt. We have no plans to, but I would use ECC SSL certificates today if I could.

photo
3
Alex @ Serversaurus 8 years ago

Let's Encrypt itself supports ECDSA, which sounds like a pretty good argument to support it in cPanel itself.


It is much faster on the CPU to generate and sign, which would help with servers with hundreds of domains.


As pointed out in OP, the underlying services in cPanel already support ECDSA, it is the cPanel services that seem to be the blocker here.

photo
photo
2
Brad S 4 years ago

This has become a more serious issue with the latest litespeed updates removing all support for PCI Compliant Ciphers that work with IE11 on Windows 7.

While it's all well and good to just palm it off as, 'people shouldn't use old software', it's the reality of the world that a lot of users DO use Windows 7 with IE 11, it's native browser.

Since Litespeed don't support the secure Ciphers that cPanel provides, we need to be able to install ECC certs in order to have a functioning product, which currently we don't.

Is there any updates on this at all?

Reply
photo
1
Martin eaps 4 years ago

There needs to be a delicate balance between telling people what they're using is not good enough, and allowing insecure communications.


Yes, there will always be an affected group -- but people on Windows 7 need to be informed they're using relic software and insecure systems and be guided to update their browsers and keys as appropriate.

photo
1
Brad S 4 years ago

Fair enough, in which case RSA is a relic and insecure system and cPanel should be guided to replace it with ECC.

I feel your response doesn't really help this cause. We have well over 100,000 customers each of which might have 1,000s of customers, so if your solution is to reach out to any and all of them, and not just the ones reaching out, your solution isn't really that great is it?


While my motivation is pressing due to Win7/IE11, because while in an ideal world everyone would be on the newest, we don't live in an ideal world. Also the issue is actually to do with ECC support which is there to replace RSA in the same way that Win10 replaced Win7.

photo
1
Cyber Guyen 4 years ago

I have no problem with cPanel not supporting old unsupported operating systema like Windows 7.

But there is also problems with IE11 on Windows 8.1.

Windows 8.1 is the only mainstream Microsoft OS supported to the year 2023 and IE11 is only secure with ECC.

Not even the newest Windows 10 version 2004 have support after 2021.

cPanel ugently need to support ECC or there is no access for customers with IE11 on Windows 8.1.

I have never heard of any company to ditch support for currently active Windows Systems and not 3 years before end of life: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet

photo
1
Gregory Young 4 years ago

There is no reason not to support both ECDSA and RSA. I am a developer for a black-box appliance and I recently added support for both RSA and ECDSA on the web server (you can serve both, and if the device doesn’t support ECDSA, it falls back to the RSA certificate and ciphers). My use case requires RSA, and ECDSA is optional (as I need to support legacy OSes in my black-box product).

photo
photo
1
Aila 4 years ago

As of cPanel & WHM version 92, the product supports ECDSA. More information is available in the release notes.

Reply
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.