• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Safari can't open the page because Safari can't establish a secure connection

T

Tko

Guest
I recently updated Plesk from 10.0.0 to 10.2.0. I had a lot of problems with the upgrade, but after scouring the forums I ended up getting the upgrade through. Now, all of a sudden, I am not able to log in to the admin interface using Safari. If I enter the URL:

https://<myhost>:8443

then I get the error: "Safari can't open the page because Safari can't establish a secure connection to the server"

If I enter the URL:

http://<myhost>:8443/

then I am told that the server requires a client certificate to validate me.

The server has got a STAR certificate from Comodo, and it has worked fine in the past. I have tried to reboot, reapply the cert and changing to a self-signed cert with no result.

If I use Firefox, then I get in fine?

Any suggestions?

Best regards,

Jes
 
Gotta love Plesk's undocumented features... I'm experiencing the same issue. It seems Safari is the only browser that asks a user to select a certificate if a website requests one from the client. This is quite annoying, since most of my customers don't understand this and it is totally unnecessary. I myself had to put in quite some effort to figure out what it was all aboutI didn't know that servers could request client certificates.

Anyway, I have no clue how to disable it. Digging through Plesk's settings didn't result into anything. Has anyone been able to resolve this issue yet? Again, this issue does not relate to the standard 'untrusted certificate' warning you get when connecting to https://yourpleskinstall:8443/, but it relates to Plesk asking the user to supply a certificate to verify its identity.

See attached image for a screenshot of the browser's dialog window.
 

Attachments

  • wtf.jpg
    wtf.jpg
    58.1 KB · Views: 15
Login failures

I'm running into this too, attempting to login to my Plesk control panel on Media Temple. Works fine in Firefox, but Safari prompts me for a "client certificate" and, whether I cancel, or select a random client cert (I have one from iChat), I am simply returned to the login screen. No errors, nothing.

MediaTemple support claims to have no idea what's going on, and they seem to know nothing about the request for a client certificate. Really?!?

What IS going on here, and how do I make it stop?
 
I don't think we as end-users can make it stop. It's a flawed implementation on Parallels' side and it needs to be fixed. But since they're too busy pretending to have a nosebleed in regard to the recent mass-hacks of Plesk installations, don't count on a fix any time soon. Oh hell, any time at all.
 
As I can see, the problem caused by SSO, which is used for Billing integration with Plesk.

Here is the solution:
1. Open /usr/share/sso/sso-ssl-conf.sh
2. Replace the line:
echo 'ssl.req-client-cert = "enable"'
with line:
echo 'ssl.req-client-cert = "disable"'
3. Restrart sw-cp-server: /etc/init.d/sw-cp-server restart
 
After applying this fix, Safari doesn't present the dialog where it asks the user for a client certificate anymore. However, Plesk still refuses to log the user in. No apparent error message when trying to log in, it just presents the login screen over and over again. Tried emptying Safari's cache and restarting the browser, to no avail.

Firefox still works. Logging in using the same credentials actually logs the user in.
 
Up

Seconding Leon's experience. I no longer get the certificate request, but I can't log in either.

How is it that this isn't a widespread issue? Surely there are more than 2-3 Safari users using Plesk...
 
Try to clear browser cache. Looks like need to go to Safari -> Preferences -> Privacy -> Remove All Websites Data. Probably this could help you.
 
Hm, I can confirm the problem.
As a quick workaround if you don't use Billing you can disable SSO by using the command: /usr/local/psa/bin/sso -d
 
Hmmm. Thanks, but I'm not sure the problem even manifests itself UNLESS you're using Billing (which I am).

I'm glad you've been able to confirm the problem, at least. Any chance of a fix anytime soon? It's a bit annoying, as you can imagine, to have to avoid my default browser for all my Plesky administration...
 
You must log in or register to reply here.

Similar threads

R
Question "This site can’t provide a secure connection" in Chrome and Edge
Replies
6
Views
6K
rcacciato
R
P
Resolved Can't accessing Plesk log in page over HTTPS
Replies
4
Views
1K
Patashoow
P
marvin
Issue IMAP requires security certificate? Maybe?
2 3
Replies
40
Views
7K
Peter Debik
P
C
Question Strange SNI (?) issue related to IPv6 (?)
Replies
2
Views
1K
Carbon Dioxide
C
michaeljoseph01
Question Trouble securing both plesk and email
Replies
1
Views
1K
Kaspar
K
Back
Top