1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

HOWTO: Install a different certificate for the Plesk Control Panel

Discussion in 'Plesk for Windows - 8.x and Older' started by hgtech@, Feb 1, 2005.

  1. hgtech@

    hgtech@ New Pleskian

    22
    57%
    Joined:
    Jan 31, 2005
    Messages:
    21
    Likes Received:
    0
    These instructions worked for me. Please let me know if anyone has any problems with them and I will be glad to update them and/or try to help you resolve it.

    First things first, if this crashes something it's not my fault. MAKE A BACKUP FIRST!! If this is done improperly, you will most likely get an error similar to the following when trying to start Plesk Control Panel service (and the Plesk Control Panel will cease to work):

    "Error 997 - at start service Apache2: Overlapping I/O operation is in progress. . ."

    Request the new certificate:
    Login to the Plesk Control Panel
    Select Server under System
    Click on certificates
    Click add new certificate
    Fill in the certificate name (this is for reference)
    Fill in the domain name (this should be the domain you want to run Plesk's console from)
    Click request
    you are returned to the certificates page
    Click on the certificate you just created
    Find the CSR and use it to request a certificate (I use Comodo - InstantSSL)

    Create the private key file:
    Login to the Plesk Control Panel
    Select Server under System
    Click on certificates
    Click Browse
    Select your certificate and hit open
    Copy the Private Key including the begin and end to notepad
    Save the file as ssl.key
    Put the ssl.key file in the c:\program files\swsoft\plesk\admin\conf directory on the server

    Install your new certificate (after you have it of couse):
    Login to the Plesk Control Panel
    Select Server under System
    Click on certificates
    Click Browse
    Select your certificate and hit open
    Your certificate is installed

    Install the CA Certificate (most everyone):
    Login to the Plesk Control Panel
    Select Server under System
    Click on certificates
    Click on the certificate you created
    Click browse
    Select your CA certificate and hit open
    Your CA Certificate is installed

    Install the CA Certificate (Comodo-InstantSSL Users):
    Login to the Plesk Control Panel
    Select Server under System
    Click on certificates
    Click on the certificate you created
    Create a new notepad file called upload.txt (you can delete this in a sec)
    Open ComodoSecurityServicesCA.crt using notepad
    Paste the contents of the ComodoSecurityServicesCA.crt into upload.txt
    Open GTECyberTrustRoot.crt using notepad
    Paste the contects of the GTECyberTrustRoot.crt into upload.txt direclty after the guts from the other file
    It should look something like this - no extra line breaks or spaces:

    -----BEGIN CERTIFICATE-----
    MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBF
    zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1EqlzWI
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNIjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+
    -----END CERTIFICATE-----


    Copy the contents of your upload.txt file to the "Upload certificate as text box" in Plesk
    Hit Send Text
    Delete the upload.txt file if you so desire
    Your CA Certificate is installed

    Convert and relocate the certificate:
    Apache - at least the plesk version - requires the certificates to be in a .pem format
    Open the certificate you purchased
    Select the details tab
    Select copy to file
    Choose DER encoded binary X.509 (.CER)
    Set the file name to export.cer
    Finish the export process
    Copy the export.cer file to the c:\program files\swsoft\plesk\admin\bin directory on the server
    Open a command prompt on the server
    Change your directory to c:\program files\swsoft\plesk\admin\bin
    Run openssl
    At the openssl> prompt type: x509 -in export.cer -inform DER httpsd.pem
    Hit enter
    Copy the httpsd.pem file to the c:\program files\swsoft\plesk\admin\conf directory on the server
    You can safely delete export.cer

    Relocate and rename the intermediate (CA) certificate:
    Copy the intermediate (CA) certificate to the same directory as httpd.conf and name it ca.txt

    Verify permissions on the files (you probably won't need change anything here)
    You need to verify that at MINIMUM (more won't hurt anything and probably shouldn't be changed) these permissions appear on httpsd.pem, ssl.key, and ca.txt
    Administrator: Full Control
    psaadm: Read access


    Change the httpd.conf file in c:\program files\swsoft\plesk\admin\conf:
    Modify existing entries / Add new entries directly following "SSLEngine On" until it looks like this:

    SSLCertificateFile conf/httpsd.pem
    SSLCertificateKeyFile conf/ssl.key
    SSLCACertificateFile conf/ca.txt


    Restart Plesk Control Panel
    You can also either use Plesk Services Monitor (usually loads on the taskbar in the tray) to do this or simply reboot the server.

    That should be it. This worked for me more than once and I hope its helpful to you guys. Good Luck!!

    - Matt
     
  2. metoo

    metoo Guest

    0
     
    Thawte 123 certificate

    Just installed Thawte 123 certificate. The only little problem I had was that I forgot to select on the domain what certificate should be used.

    So, the steps are:
    Install certificate at the server level via Plesk
    Then select domain name (the certificate is for) -- hosting setup – select certificate to be used… done deal!

    I did consider buying networksolution’s certificate but since their certificate obstruct my browser to purchase it, I got the thawte 123.
     
Loading...