• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

HOWTO: Install a different certificate for the Plesk Control Panel

hgtech@

New Pleskian
These instructions worked for me. Please let me know if anyone has any problems with them and I will be glad to update them and/or try to help you resolve it.

First things first, if this crashes something it's not my fault. MAKE A BACKUP FIRST!! If this is done improperly, you will most likely get an error similar to the following when trying to start Plesk Control Panel service (and the Plesk Control Panel will cease to work):

"Error 997 - at start service Apache2: Overlapping I/O operation is in progress. . ."

Request the new certificate:
Login to the Plesk Control Panel
Select Server under System
Click on certificates
Click add new certificate
Fill in the certificate name (this is for reference)
Fill in the domain name (this should be the domain you want to run Plesk's console from)
Click request
you are returned to the certificates page
Click on the certificate you just created
Find the CSR and use it to request a certificate (I use Comodo - InstantSSL)

Create the private key file:
Login to the Plesk Control Panel
Select Server under System
Click on certificates
Click Browse
Select your certificate and hit open
Copy the Private Key including the begin and end to notepad
Save the file as ssl.key
Put the ssl.key file in the c:\program files\swsoft\plesk\admin\conf directory on the server

Install your new certificate (after you have it of couse):
Login to the Plesk Control Panel
Select Server under System
Click on certificates
Click Browse
Select your certificate and hit open
Your certificate is installed

Install the CA Certificate (most everyone):
Login to the Plesk Control Panel
Select Server under System
Click on certificates
Click on the certificate you created
Click browse
Select your CA certificate and hit open
Your CA Certificate is installed

Install the CA Certificate (Comodo-InstantSSL Users):
Login to the Plesk Control Panel
Select Server under System
Click on certificates
Click on the certificate you created
Create a new notepad file called upload.txt (you can delete this in a sec)
Open ComodoSecurityServicesCA.crt using notepad
Paste the contents of the ComodoSecurityServicesCA.crt into upload.txt
Open GTECyberTrustRoot.crt using notepad
Paste the contects of the GTECyberTrustRoot.crt into upload.txt direclty after the guts from the other file
It should look something like this - no extra line breaks or spaces:

-----BEGIN CERTIFICATE-----
MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBF
zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1EqlzWI
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNIjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+
-----END CERTIFICATE-----


Copy the contents of your upload.txt file to the "Upload certificate as text box" in Plesk
Hit Send Text
Delete the upload.txt file if you so desire
Your CA Certificate is installed

Convert and relocate the certificate:
Apache - at least the plesk version - requires the certificates to be in a .pem format
Open the certificate you purchased
Select the details tab
Select copy to file
Choose DER encoded binary X.509 (.CER)
Set the file name to export.cer
Finish the export process
Copy the export.cer file to the c:\program files\swsoft\plesk\admin\bin directory on the server
Open a command prompt on the server
Change your directory to c:\program files\swsoft\plesk\admin\bin
Run openssl
At the openssl> prompt type: x509 -in export.cer -inform DER httpsd.pem
Hit enter
Copy the httpsd.pem file to the c:\program files\swsoft\plesk\admin\conf directory on the server
You can safely delete export.cer

Relocate and rename the intermediate (CA) certificate:
Copy the intermediate (CA) certificate to the same directory as httpd.conf and name it ca.txt

Verify permissions on the files (you probably won't need change anything here)
You need to verify that at MINIMUM (more won't hurt anything and probably shouldn't be changed) these permissions appear on httpsd.pem, ssl.key, and ca.txt
Administrator: Full Control
psaadm: Read access


Change the httpd.conf file in c:\program files\swsoft\plesk\admin\conf:
Modify existing entries / Add new entries directly following "SSLEngine On" until it looks like this:

SSLCertificateFile conf/httpsd.pem
SSLCertificateKeyFile conf/ssl.key
SSLCACertificateFile conf/ca.txt


Restart Plesk Control Panel
You can also either use Plesk Services Monitor (usually loads on the taskbar in the tray) to do this or simply reboot the server.

That should be it. This worked for me more than once and I hope its helpful to you guys. Good Luck!!

- Matt
 
Thawte 123 certificate

Just installed Thawte 123 certificate. The only little problem I had was that I forgot to select on the domain what certificate should be used.

So, the steps are:
Install certificate at the server level via Plesk
Then select domain name (the certificate is for) -- hosting setup – select certificate to be used… done deal!

I did consider buying networksolution’s certificate but since their certificate obstruct my browser to purchase it, I got the thawte 123.
 
Back
Top