• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs General server certificate shown to clients with wrong e-mail address (of other user account) when clients look into SSL/TLS details

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
Username: Peter Debik

TITLE

General server certificate shown to clients with wrong e-mail address (of other user account) when clients look into SSL/TLS details

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS 7.9, Obsidian latest MU

PROBLEM DESCRIPTION

The server uses a Let's Encrypt certificate for the server login URL
https://<hostname>:8443
That certificate was made out to the server's administrator email address
[email protected]

The certificate is selectable as the default certificate option in each customer account like
"Let's Encrypt certificate (other repository)"
When selected and checked against its content, it is the correct general server certificate that is being used for host protection.

But: When you go to the SSL/TLS settings, this certificate displays a false administrator email address in the top row where the "Let's Encrypt" certificate details are given (rightmost colum, "E-Mail Address"). It does not display the server administrator's email address who is actually responsible for managing this certificate, but it displays a seemingly random address of another user account like [email protected].

This does not influence the technical quality of the certificate, but it is a privacy issue, because now all users on the same system can see that a user with an email address [email protected] is also on the same system.

STEPS TO REPRODUCE

see problem description

ACTUAL RESULT

When selecting the general server certificate in a subscription and viewing SSL/TLS properties, a user's email address is displayed as the certificate owner.

EXPECTED RESULT

The server admin's address (who owns the server certificate) should be displayed.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Hello @Peter Debik!

Thank you for your post. Unfortunately, i couldn't reproduce it on test server. I've got no attributes in this case.
Please, contact our Support Contact Us. We need a more detailed look to your server configuration.

Untitled.png
 
cepesh84 said:
Hello @Peter Debik!

Thank you for your post. Unfortunately, i couldn't reproduce it on test server. I've got no attributes in this case.
Click to expand...
Then your test server apparently has other issues you really should fix.

Also, how did you get there? I see "Home > Extensions" at the top of the screenshot. When I go through Websites & Domains -> (any domain) SSL/TLS certificates, I see ... oh, actually I see the path of the previous major function I accessed, in this case "Mail > Email addresses". Another bug.
 
cepesh84 said:
Hello @Peter Debik!

Thank you for your post. Unfortunately, i couldn't reproduce it on test server. I've got no attributes in this case.
Please, contact our Support Contact Us. We need a more detailed look to your server configuration.
Click to expand...

I was able to easily reproduce the same issue on all of our other hosts. You can see it like this:
1) Subscriptions > Select any subscription
2) "Websites & Domains" > "Hosting Settings"
3) Choose "other repository" certificate from the certificates drop down and "OK"
4) "Websites & Domains" > "SSL/TLS certificates"
 
@Peter Debik, yes i did the same things, but i've got different results. My results could be considered as expected behavior (we just don't show email of different person, which is good). So it would be great if i have an access to one of your servers which has a wrong behavior. Then we can understand a difference in configuration of my and your servers so we will have clear steps to reproduce. That is why i asked you to contact our support department.
 
You must log in or register to reply here.

Similar threads

H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
nethubonline
Resolved "plesk bin certificate -u" change SMTP port setting unexpectedly
Replies
2
Views
830
Sebahat.hadzhi
Sebahat.hadzhi
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
482
Polli
Polli
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
2K
mow
M
P
Resolved SSL issue for some visitors, but not all
Replies
2
Views
2K
pieterpost
P
Back
Top