• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Import Plesk SSL into Chrome

QWeb Ric

QWeb Ric

Regular Pleskian
Hi,

Chrome/Chromium don't offer to "remember this password" if using https with a self signed, or no, certificate, which is pretty frustrating when your job requires regular logins to various Plesk installations!

The trick, apparently, is to import your self signed certificates into Chrome's chrome://settings/certificates list, so I'm trying to do this with Plesk's default panel certificate.

From Tools & Settings -> SSL Certificates, I've hit the 'Download the Panel's SSL Certificate' link to get the .pem file but when I import this into Chrome I'm asked to provide the password it was encrypted with. Where would I find this password? Or do I need to replace the default with my own self-signed?

Thanks.
 
You've downloaded the the whole certificate including the private key.

In Plesk click on the certificate name, and scroll down to the part labelled "Certificate" copy that to clipboard and paste into a text file on your desktop called Plesk.crt, then right click the file and install, making sure to install in "Trusted Root CA's" (Assuming you are using Windows desktop).

I hope that helps
Kind regards

Lloyd
 
Hi Lloyd,

Thanks. I'm using GNU/Linux and the KDE desktop but I tried what you suggested - copying just the certificate part to a new .crt file and installing this into my systems trusted certificates (using Kleopatra though, since this is KDE), but Chrome doesn't seem to pick this up. I also tried importing in to Chrome as per my original post but using the new .crt file and again Chrome wants the encryption password. Any further ideas?

Thanks.
 
Did you click the "Server" or "CA" tab in Chromium Certificate Manager? It opens in "Personal" hence asking for a Private Key.

Hope it help
Kind regards

Lloyd
 
I was using the "Your certificates" tab actually. I've now tried from the server tab and the import doesn't give any error, but also doesn't add anything to the list (whether I use the full download or just the certificate part). The default certificate doesn't include a CA part so I can't try importing the authority.

I suppose the easiest approach would be to create my own self signed certificate, import the CA into Chrome and replace the default certificate of Plesk with one signed by me. The problem here though is that only 3 of these Plesk servers are ours - there are tonnes of others that I use quite regularly that belong to other agencies or are directly owned by our clients, so I can't really replace those...

Thanks.
 
Yeah "Your Certificates" is "Personal", sorry was thinking of windows.

You need to import the domain.crt file with...

Code: 
$ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "cert_nickname" -i /tmp/domain.crt

Where /tmp/ contains the crt file.
That works on Ubuntu 14 and Chromium.

Thread at Google - https://code.google.com/p/chromium/wiki/LinuxCertManagement

Maybe that will help
Regards

Lloyd
 
Last edited:
Thanks Lloyd,

I had to recompile nss as utils was disabled in the previous compile, but after that the command above ran successfully. I don't see my certificate in Chrome though and it's still showing as an insecure page + not offering to save the password. Additionally, if I try to list the installed certificates I get the following error:

$ certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

I'm not having much luck with these things!
 
Yeah I had to install libnss3-tools on Ubuntu 14 LTS Desktop to be able to import with Trusted flag.

Check this out...
http://serverfault.com/questions/414578/certutil-function-failed-security-library-bad-database

And then run the above command to import, your certificate should then appear in "Servers" in Chrome Certificate Manager.
Or you can run...

Code: 
certutil -d sql:$HOME/.pki/nssdb -L

To list the certificates installed.

I hope that helps
Kind regards

Lloyd
 
You must log in or register to reply here.

Similar threads

Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
504
Polli
Polli
C
Resolved Plesk Extensions does not appear
Replies
2
Views
347
conor
C
P
Question Sync SSL certificates between 2 servers
Replies
7
Views
1K
Kaspar@Plesk
Kaspar@Plesk
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
2K
Leta
L
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
3K
Butcher
B
Back
Top