• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Import Plesk SSL into Chrome

QWeb Ric

QWeb Ric

Basic Pleskian
Hi,

Chrome/Chromium don't offer to "remember this password" if using https with a self signed, or no, certificate, which is pretty frustrating when your job requires regular logins to various Plesk installations!

The trick, apparently, is to import your self signed certificates into Chrome's chrome://settings/certificates list, so I'm trying to do this with Plesk's default panel certificate.

From Tools & Settings -> SSL Certificates, I've hit the 'Download the Panel's SSL Certificate' link to get the .pem file but when I import this into Chrome I'm asked to provide the password it was encrypted with. Where would I find this password? Or do I need to replace the default with my own self-signed?

Thanks.
 
You've downloaded the the whole certificate including the private key.

In Plesk click on the certificate name, and scroll down to the part labelled "Certificate" copy that to clipboard and paste into a text file on your desktop called Plesk.crt, then right click the file and install, making sure to install in "Trusted Root CA's" (Assuming you are using Windows desktop).

I hope that helps
Kind regards

Lloyd
 
Hi Lloyd,

Thanks. I'm using GNU/Linux and the KDE desktop but I tried what you suggested - copying just the certificate part to a new .crt file and installing this into my systems trusted certificates (using Kleopatra though, since this is KDE), but Chrome doesn't seem to pick this up. I also tried importing in to Chrome as per my original post but using the new .crt file and again Chrome wants the encryption password. Any further ideas?

Thanks.
 
Did you click the "Server" or "CA" tab in Chromium Certificate Manager? It opens in "Personal" hence asking for a Private Key.

Hope it help
Kind regards

Lloyd
 
I was using the "Your certificates" tab actually. I've now tried from the server tab and the import doesn't give any error, but also doesn't add anything to the list (whether I use the full download or just the certificate part). The default certificate doesn't include a CA part so I can't try importing the authority.

I suppose the easiest approach would be to create my own self signed certificate, import the CA into Chrome and replace the default certificate of Plesk with one signed by me. The problem here though is that only 3 of these Plesk servers are ours - there are tonnes of others that I use quite regularly that belong to other agencies or are directly owned by our clients, so I can't really replace those...

Thanks.
 
Yeah "Your Certificates" is "Personal", sorry was thinking of windows.

You need to import the domain.crt file with...

Code: 
$ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "cert_nickname" -i /tmp/domain.crt

Where /tmp/ contains the crt file.
That works on Ubuntu 14 and Chromium.

Thread at Google - https://code.google.com/p/chromium/wiki/LinuxCertManagement

Maybe that will help
Regards

Lloyd
 
Last edited:
Thanks Lloyd,

I had to recompile nss as utils was disabled in the previous compile, but after that the command above ran successfully. I don't see my certificate in Chrome though and it's still showing as an insecure page + not offering to save the password. Additionally, if I try to list the installed certificates I get the following error:

$ certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

I'm not having much luck with these things!
 
Yeah I had to install libnss3-tools on Ubuntu 14 LTS Desktop to be able to import with Trusted flag.

Check this out...
http://serverfault.com/questions/414578/certutil-function-failed-security-library-bad-database

And then run the above command to import, your certificate should then appear in "Servers" in Chrome Certificate Manager.
Or you can run...

Code: 
certutil -d sql:$HOME/.pki/nssdb -L

To list the certificates installed.

I hope that helps
Kind regards

Lloyd
 
You must log in or register to reply here.

Similar threads

P
Question Sync SSL certificates between 2 servers
Replies
7
Views
782
Kaspar@Plesk
Kaspar@Plesk
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
527
Leta
L
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
3K
Butcher
B
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
2K
Lenny
Lenny
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
945
Kaspar@Plesk
Kaspar@Plesk
Back
Top