• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

How to disable SNI in Plesk Panel 12?

yabado

yabado

Regular Pleskian
I have several clients still using WinXP.
How do I disable SNI for SSL certificates ( and just use old IP way )?
 
Or, is there a way to leave it on and still have a IP based SSL work on older WinXP browsers?
 
Yes, just assign different IPs per domain in good old way and assign different certificates. It shall work
 
Sergey,

I already have that setup, but the certificates do not work in WinXP browsers nonetheless. The domain's PTR is in place and everything. Is there a trick to getting this to work? I have been told that since the server suppports SNI, that is why the certificates are not being trusted from old browsers. What is the trick?
 
OK, instead of creating the certificate in the hosting settings for the subscription ( Secure your Sites ), should I set it up as a system wide certificate and bind it to an available IP address? Then make sure that site uses that IP address?
 
Hello Yabado,
In the installation of your SSLs, did you also install the Root CA?
We & many PP users have used SNI but not experienced the problems you are facing with Windows ..Perhaps its another problem other than SNI.
 
Hello Yabado,
Please give me a sample domain name with the SSL error I look at the error here ...
 
I have again tested it with WinXP + IE 8. But still I didn't get any notifications / warnings or errors.
What version of IE are you using?
 
Hi yabado,

first of all, please consider to fix your server vulnerability. According to my tests, your server is vulnerable to the POODLE attack. Please see the => KB - article 123 160 <= for suggestions and explanations. As well, consider reading the forum thread: SSL POODLE / SSLv3 bug ( Parallels Forum - Link )


To solve the SNI - issue for XP - users there are only two work - arounds:

Host each domain on a single IP or/and use certificates with the "SubjectAltName" field.​
 
Why are we having to do this? Shouldn't Plesk fix all these vulnerabilities with an update?
 
Hi yabado,

Plesk software HELPS to make server administration easier, but it doesn't replace a server administrator, yabado. As you might notice, the Poodle vulnerabilities are not based on Plesk software - they are based on SSL protocols, which are not part of Plesk.
 
I made the necessary changes to the main ssl apache conf file, but it does not seem to change things?
Do I need to dig down and edit the existing vhost conf files to remove the sslv3 ?
 
Hi yabado,

please review the mentioned KB - article again and please read as well the mentioned thread. If you go step-by-step and follow the mentioned suggestions ( as well in the thread! ), you won't have any issues. If you do have issues, please include errors from error - logs and/or depending configuration files, so that we might help with additional suggestions to solve your issues.


The possible issues because of missing configurations are countless, so we might only guess, what's missing or misconfigured... so it is really essential, to include error messages, to help you. Don't forget as well to restart the several services, when you changed configuration files of them and post the ouput of any command you use to check your configuration.

To check your apache/nginx configuration, you can as well use the suggestion from the KB - article:

You can verify whether SSLv3 is disabled using the following command:

openssl s_client -connect localhost:465 -ssl3
Click to expand...
 
You must log in or register to reply here.

Similar threads

flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
670
flederwiesel
flederwiesel
P
Resolved Disable output buffering
Replies
4
Views
386
Patashoow
P
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
537
Polli
Polli
LionKing
Issue Cloudflare's proxy function and SSL certificates
Replies
18
Views
4K
WebHostingAce
WebHostingAce
K
Resolved Plesk panel update fails with "certificate has expired"
Replies
3
Views
557
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top