Resolved (in command line) how i can assign plesk certificate

[webjfg]

Hi,

Today i have install a new certification for my plesk panel (geotrust rapidssl) everithing work fine, but when i click to set as plesk certificate, nothing... 1 minut after the page refresh and i have a connection error.

the message is : This site can not provide a secure connection

ERR_SSL_PROTOCOL_ERROR

thank you

(pesk 12.5 lattest update, centos 6.5)

 

[UFHH01]

Hi webjfg,

Plesk provides great documentations, as for example:

Command Line Utilities Overview ( Plesk 12.5 online documentation for CLI commands )

... where you could find:

certificate: SSL Certificates ( Plesk 12.5 online documentation for CLI commands )

plesk bin certificate -ac "CERTIFICATE_NAME_AS_SET_WHEN_YOU_CREATED_THE_CERTIFICATE" -admin example.com -ip <YOUR PLESK IP>

or

/usr/local/psa/bin/certificate -ac "CERTIFICATE_NAME_AS_SET_WHEN_YOU_CREATED_THE_CERTIFICATE" -admin example.com -ip <YOUR PLESK IP>


For more possible command strings for the "certificate utility", pls. use:

plesk bin certificate --help OR plesk bin certificate -h​

or

/usr/local/psa/bin/certificate --help OR /usr/local/psa/bin/certificate -h​

Sometimes, you could experience issues, when changing the default certificate to secure your Plesk Control Panel, while you use the secure https - port "8443". Pls. keep in mind, that you are always able to use "http" for your Plesk Control Panel, if you use port "8880" instead of "8443".
Pls. make sure, that the Plesk services "sw-cp-server" and "sw-engine-fpm" are running and restart it, if you experience "hanging processes" ( command over the command line as root: service sw-cp-server restart && service sw-engine restart ).


Consider to post log - file - entries from you Plesk Control Panel, if you would like help with further investigations:

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

Sometimes, it is as well a good idea to change the log - level, to get more informations in psa - log - files:

How to enable/disable debug logging in Plesk 11.5 and up? ( KB - article 120 101 )​

 

[webjfg]

Hi

i have connect with port 8880 and try to re-assign the certificato tu plesk and it don't work.
i see nothing special in the sw-cp-server log .

if i try a connection from command line i have this
openssl s_client -connect www.xxxxxxxx.com:8443
CONNECTED(00000003)
139866276591432:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size:s3_both.c:512:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 16460 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1472173335
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

my certification if the default one (for domain & IP)

 

[UFHH01]

Hi webjfg,

looks to me like an "openssl" issue. Pls. either consider to upgrade it, or to use a stable openssl version. Large RSA key lengths can cause such issues.

 

[Bitpalast]

"excessive message size" could be caused by using a wrong file content as a certificate.

Check whether your private key, certificate and certificate chain files are all in place. It may not be enough to install the cert. Rather put decrypted private key, certificate and certificate chain file (if any) of your issuer into a .pem file and use that pem file when you install a new certificate.

The same applies to installing a certificate in the plesk GUI. The certificate itself is normally not enough to get it up and running. Also check that you have the private key and a possible certificate chain file in place.

 

[webjfg]

Hi i have resolve my problem.
the CA certificate i use is to big, i have found the good one and everithing is Ok now
thank UFHH01 for the hint of the large RSA KEY