• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • The ImunifyAV extension is now deprecated and no longer available for installation.
    Existing ImunifyAV installations will continue operating for three months, and after that will automatically be replaced with the new Imunify extension. We recommend that you manually replace any existing ImunifyAV installations with Imunify at your earliest convenience.

Import Plesk SSL into Chrome

QWeb Ric

QWeb Ric

Regular Pleskian
Hi,

Chrome/Chromium don't offer to "remember this password" if using https with a self signed, or no, certificate, which is pretty frustrating when your job requires regular logins to various Plesk installations!

The trick, apparently, is to import your self signed certificates into Chrome's chrome://settings/certificates list, so I'm trying to do this with Plesk's default panel certificate.

From Tools & Settings -> SSL Certificates, I've hit the 'Download the Panel's SSL Certificate' link to get the .pem file but when I import this into Chrome I'm asked to provide the password it was encrypted with. Where would I find this password? Or do I need to replace the default with my own self-signed?

Thanks.
 
You've downloaded the the whole certificate including the private key.

In Plesk click on the certificate name, and scroll down to the part labelled "Certificate" copy that to clipboard and paste into a text file on your desktop called Plesk.crt, then right click the file and install, making sure to install in "Trusted Root CA's" (Assuming you are using Windows desktop).

I hope that helps
Kind regards

Lloyd
 
Hi Lloyd,

Thanks. I'm using GNU/Linux and the KDE desktop but I tried what you suggested - copying just the certificate part to a new .crt file and installing this into my systems trusted certificates (using Kleopatra though, since this is KDE), but Chrome doesn't seem to pick this up. I also tried importing in to Chrome as per my original post but using the new .crt file and again Chrome wants the encryption password. Any further ideas?

Thanks.
 
Did you click the "Server" or "CA" tab in Chromium Certificate Manager? It opens in "Personal" hence asking for a Private Key.

Hope it help
Kind regards

Lloyd
 
I was using the "Your certificates" tab actually. I've now tried from the server tab and the import doesn't give any error, but also doesn't add anything to the list (whether I use the full download or just the certificate part). The default certificate doesn't include a CA part so I can't try importing the authority.

I suppose the easiest approach would be to create my own self signed certificate, import the CA into Chrome and replace the default certificate of Plesk with one signed by me. The problem here though is that only 3 of these Plesk servers are ours - there are tonnes of others that I use quite regularly that belong to other agencies or are directly owned by our clients, so I can't really replace those...

Thanks.
 
Yeah "Your Certificates" is "Personal", sorry was thinking of windows.

You need to import the domain.crt file with...

Code: 
$ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "cert_nickname" -i /tmp/domain.crt

Where /tmp/ contains the crt file.
That works on Ubuntu 14 and Chromium.

Thread at Google - https://code.google.com/p/chromium/wiki/LinuxCertManagement

Maybe that will help
Regards

Lloyd
 
Last edited:
Thanks Lloyd,

I had to recompile nss as utils was disabled in the previous compile, but after that the command above ran successfully. I don't see my certificate in Chrome though and it's still showing as an insecure page + not offering to save the password. Additionally, if I try to list the installed certificates I get the following error:

$ certutil -L
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

I'm not having much luck with these things!
 
Yeah I had to install libnss3-tools on Ubuntu 14 LTS Desktop to be able to import with Trusted flag.

Check this out...
http://serverfault.com/questions/414578/certutil-function-failed-security-library-bad-database

And then run the above command to import, your certificate should then appear in "Servers" in Chrome Certificate Manager.
Or you can run...

Code: 
certutil -d sql:$HOME/.pki/nssdb -L

To list the certificates installed.

I hope that helps
Kind regards

Lloyd
 
You must log in or register to reply here.

Similar threads

P
Question Sync SSL certificates between 2 servers
Replies
7
Views
1K
Kaspar@Plesk
Kaspar@Plesk
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
1K
Leta
L
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
3K
Butcher
B
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
2K
Lenny
Lenny
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
2K
Kaspar@Plesk
Kaspar@Plesk
Back
Top