• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved [SOLVED] Problem with SSL Settings

X

X00LA

New Pleskian
Hello,

I'm new in Plesk and I got some problems to get https working right.
My certs working fine but I want to enable session caching, forward secrecy and custom DH parameters. I searched the last days and tested many different solutions, but I always get errors and the activation failed.
When I change the template files in /usr/local/psa/admin/conf/templates/custom/domain the settings will appear in the generated configs, but does'nt get activated.
I test the configs with ssllabs.com/ssltest but I got always the same result.
I changed the settings to enable caching, when I want to enable it, apache crashes.
When I change the settings for forward secrecy, nothing will happen. The settings appear in the generated configs but they did'nt get activated.
I added the dhparams to my cert file, but there is no change in the result of the ssltest.
It's a pain to get some things working in Plesk. That's not what I had imagined as I switched to it.

I hope someone can help me with this problems.

I use Ubuntu 14.04, Apache 2.4.7, OpenSSL 1.0.2g.

Thank's
 
Hi X00LA,
the templates you need to edit for domains are...

Domains
/opt/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
/opt/psa/admin/conf/templates/custom/server/nginxVhosts.php

Webmail
/opt/psa/admin/conf/templates/custom/nginxWebmailPartial.php

DHParam: I find it better to create a file and add the directive to the templates.
Code: 
ssl_dhparam                 /etc/ssl/dh/RSA2048.pem;

Session Cache: can be set in the templates too..
Code: 
ssl_session_cache                  shared:SSL:5m;
Ciphers (from Qualys):
Code: 
ssl_ciphers                 EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;


As for Apache, I just edit...

/etc/apache2/mods-available/ssl.conf
Code: 
    SSLProtocol all -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite  EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

And restart apache, and regenerate domain config...
/opt/psa/admin/bin/httpdmng--reconfigure-all
Click to expand...


From there you can add OCSP (in Additional Nginx Directives), HSTS and HPKP (in Additional HTTPS Directives) on a per domain basis.
Any other questions post away and I'll be happy to help.
Regards

Lloyd
 
Hi Loyd,

thank you for your help.
Now it works like it should.
This answer safes me many hours. I was dump to do not ask earlier here.

A "BIG" Thank you!

X00LA
 
You must log in or register to reply here.

Similar threads

J
Issue PHP JIT not enabling with plesk performance booster
Replies
6
Views
2K
JohnWest
J
C
Question SSL certificate location for Prosody import
Replies
7
Views
2K
Kaspar
K
P
Issue ./reconfigurator ip_map_file_name giving errors
Replies
0
Views
431
pimnl
P
M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
907
MHC_1
M
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
1K
kaw.one
kaw.one
Back
Top