Installing SSL Certificates

[epretorious]

Using the Certificates Interface I created a private key and certificate signing request (CSR).

I then sent the private key and the CSR to Thawte for signing.

After the certificate had been signed, I installed the certificate using the Certificates Interface but I did not upload a CA certificate. (The Certificate Interface indicated that it is not required.) Everything looks good but the server is still sending the Default Certificate when visitors access the site using HTTPS.

1. Do I have to upload the CA certificate?
2. What is a CA certificate?
3. How do get the CA certificate?

 

[jamesyeeoc]

Please read the sections on SSL Certificates in the Admin Guide:

http://download1.sw-soft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-admins-guide-html/ch03s12.html

Make sure you follow the Plesk Admin Manual section on Installing it to the CP, Assigning the certificate to the IP/domain, and Default Cert.

1. Do I have to upload the CA certificate?

You don't have to but since you are paying for a Thawte, you should.

2. What is a CA certificate?

The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate.

3. How do get the CA certificate?

From Thawte. They should have emailed you appropriate instructions on how to obtain your CA certificate based upon the exact certificate product purchased.

 

[epretorious]

The Admin Guide directs admin's to...

To assign SSL certificates to domains:

* When setting up or modifying physical hosting settings, go to Domains > click the icon to the left of the domain name you need > select the required SSL certificate from the SSL certificate drop-down box.

...but when viewing the Physical Hosting Setup Page for the domain there is NO drop-down box.

Am I overlooking something?

 

[epretorious]

FWIW: /home/httpd/vhosts/<domain>/conf/httpd.includes contains...

SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/certQLD8906

and /usr/local/psa/var/certificates/certQLD8906 contains...

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA66Qmb77icVA1/oaLIJPpes8EFJOUf3/QcmuwuH/PFDhidHha
blahblahblah
bSE3fyg27magy9I3HrPK0R8NTQVaOGrgwQsRarrYm2Oe2kJaNwU7
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIEfDCCA2SgAwIBAgIEQtg+nDANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEBhMC
blahblahblah
GXySMvoDNcmFPiGzjeLygMKyWES0SnMzjTdJtCwAyHRzCvel4JiHQYxrs8HKBHiH
-----END CERTIFICATE-----

 

[jamesyeeoc]

...but when viewing the Physical Hosting Setup Page for the domain there is NO drop-down box.

Am I overlooking something?

You do have this domain assigned to an EXCLUSIVE IP, not a shared IP, right?

It will only show a pull down if there are more than 1 certificates available for the domain to choose from (ie. if you create multiple certs for the client). If you only have one certificate assigned to the domain, then it should default to that one (since it's the only one). Of course, I could just be misunderstanding which part of the process you are at....

 

[epretorious]

I just found the section in the Admin Guide that addresses that point. I had been attempting to use an SSL cert. with a domain using a shared IP. IMHO: the CP should recognize that the domain uses a shared IP and prevent the admin. from even attempting to install a certificate for that domain.

Oh well. Lesson learned.