Enhance SSL security: Public Key Pinning (HPKP)
Wikipedia: HTTP Public Key Pinning (HPKP) is a trust on first use security mechanism which protects websites from impersonation using fraudulent certificates issued by rogue or compromised certificate authorities.
Firefox implemented support for Public Key Pinning some months ago, Chrome is supporting it even longer.
My Feature Request to cPanel: Please make it easy for End-Users to generate the PIN for a Public SSL Key.
Currently it is simple to generate new SSL keys. But it is difficult to generate the Base64-encoded PINs, required to enter in the htaccess file.
I know it's possible to generate the PINs by accessing the server with PuTTY via SSH and the run
- openssl rsa -in my-key-file.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64
But the most End-Users have no idea how to do that.
It would be great, if cPanel would simply show the PINs directly on the page with the SSL key details. The it could just be copied and used.
Thank you.
For more details please see also: HTTP Public-Key-Pinning explained
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Displaying the Cert pin would be the minimum,
The real benefit would be adding the tools so HPKP could be automatically maintained for Let's Encrypt certificates. If the leaf cert is changing every 90 days - pinning the leaf each time is going to be repetitive.... Far better that when cpanel automatically renews the cert from Let's Encrypt, the HPKP pins can be updated at the same time....
Displaying the Cert pin would be the minimum,
The real benefit would be adding the tools so HPKP could be automatically maintained for Let's Encrypt certificates. If the leaf cert is changing every 90 days - pinning the leaf each time is going to be repetitive.... Far better that when cpanel automatically renews the cert from Let's Encrypt, the HPKP pins can be updated at the same time....
I agree with julian fletcher's comment.
There is no point on making a way to painless generate a pin if the cPanel does not put it in the right place each time the cert is renewed.
Let's bring it!
I agree with julian fletcher's comment.
There is no point on making a way to painless generate a pin if the cPanel does not put it in the right place each time the cert is renewed.
Let's bring it!
Hello, guysI agree with julian fletcher's comment.
Hello, guysI agree with julian fletcher's comment.
Replies have been locked on this page!