1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to install wildcard SSL certificate?

Discussion in 'Plesk for Linux - 8.x and Older' started by twrs, May 19, 2005.

  1. twrs

    twrs Guest

    0
     
    Hi guys,

    How to install a wildcard SSL certificate for a domain in Plesk?

    Do we need to install it for each subdomain or just need to install it on the primary/master domain once? I prefer the latter though :)

    Thanks in advance!
     
  2. twrs

    twrs Guest

    0
     
    Anyone please?
     
  3. tommytwotoes

    tommytwotoes Guest

    0
     
    well bassically plesk lacks in alot of areas... and this has been one from it appears several versions ,,, plesk does not support its customers they just take their money.


    you have to create a key and csr from the command line ... I am in the process of doing this as i speak ... and what is amusing is that it appears that i cant even load the files into plesk after i ma done .. thus their whole certificate management thing is totally useless... they probably like it this way especially if you did not buy the certificate through them.

    http://www.faqs.org/docs/Linux-HOWTO/SSL-Certificates-HOWTO.html#AEN244
     
  4. tommytwotoes

    tommytwotoes Guest

    0
     
    ya its official plesk is offically worthless...

    god its one thing after another.. .buy a expensive product ot make your life easy and it jsut makes it harder with one BS thing after the other... I am going to look at buying domain names like pleskisworthless.com
    and pleskhell.com

    funny thing is they know its true and they are laughing all the way to the bank.
     
  5. tommytwotoes

    tommytwotoes Guest

    0
     
    the admins of this message board...
    dont even respond cause they are ashamed.
     
  6. tommytwotoes

    tommytwotoes Guest

    0
     
    here is the deal on what you need to do if you dont want to just throw plesk out al together...


    1. Install OpenSSL, if not found on your server. If you run RedHat Linux Enterprise Server run "up2date openssl". If you run FreeBSD run "cd /usr/ports/security/openssl && make all install clean".

    2. Create a RSA key for your Apache server:



    If you have a different path, cd to your server’s private key directory
    3. Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver: Warning: If you lose or forget the passphrase, you must purchase another certificate.

    openssl genrsa -des3 -out domainname.key 1024

    You could also create a private key without file encryption:

    openssl genrsa -out domainname.key 1024

    Note: We recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key

    4. Type the following command to create a CSR with the RSA private key (output will be PEM format):

    openssl req -new -key domainname.key -out domainname.csr

    * Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 3.

    5. Do not enter extra attributes at the prompt.

    Warning: Leave the challenge password blank (press )

    Note: If you would like to verify the contents of the CSR, use the following command:

    openssl req -noout -text -in domainname.csr

    Create a backup of your private key!



    #########################
    1. Copy the certificate to the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).

    2. Open the httpd.conf file in a text editor. you will notice that plesk creates all these include statments... blah blah go to /hom/httpd/vhosts/yourdomain.com/conf/
    you will see a httpd include file... open that up... well make backups of everything first...


    3. you will have a lines about 20 down that have somethign that look like this:
    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /usr/local/psa/var/certificates/xxxxxxxxx
    get rid of that last line and replace with the following two lines... ignore them talking about not modfying this file etc... its apparent they dont know what they are doing so dont let them tell you what to do... keep in mind in these lines below you can interchange the directory path to where you put your certificates.

    SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt (or server.crt)
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key (or server.key)

    4 Save the changes and exit the editor.


    5 Start or Restart your apache web server using one of the following commands:
    By default:
    /usr/local/apache/bin/apachectl startssl
    or
    /usr/local/apache/bin/apachectl restart

    Other commands:
    /usr/sbin/httpd startssl or restart
    /usr/sbin/httpsd startssl or restart
    service httpd start

    you may be prompted to enter in your passphrase for the cert... you will have to do this everytime you restart apache... fun i know but what ever... you could have also made one without the pass phrase..

    basically all that is what ya need to do ... i notice you posted this a long time ago and got no help from the plesk/swsoft people and you probably gave up, but hey just in case some other poor schmuck that bought plesk needs this info here it is. sadly it would have been easy for them to automate this but you know that would require listening to their customers and actually coding something.. .and well that aint gonna happen, since well they already have your money.
     
  7. dtoshack

    dtoshack Guest

    0
     
    I am using Plesk 7.5.4 on Redhat Enterprise and I have found that the SSLCertificate property in the file:
    /hom/httpd/vhosts/yourdomain.com/conf/httpd.include

    is ignored, and the global configuration file found here:
    /etc/httpd/conf/httpd.include

    is used instead, which means changes will be replaced whenever anybody edits their setup configuration. In any case, both of these files are renewed every time you edit a domain setup.

    Rather than editing either of these files I prefer the following approach:



    1. Follow all steps up to the
    ############### of the previous post.

    2. Create a SSL Certificate for the required domain through the plesk interface and upload or paste the key and certificate you created in the previous post. Then click OK.

    3. Enter "Setup" of the domain through the Plesk interface and select an exclusive unused IP and your new certificate under the "IP" header.

    4. Make sure the "SSL Support" check box is checked. Then click OK.

    Restart Apache as per previous post after #### step 5.

    As long as you don't edit the actual certificate through the interface again nothing will be overwritten by Pest, I mean Plesk!


    Cheers,
    David
     
Loading...