Discussion in 'Plesk for Linux - 8.x and Older' started by omegauser, Feb 8, 2006.
Hi. How do you install a SSL Ceritificate in Plesk?? wich steps do I must take??? Thanks!
When you purchase a SSL certificate they send you a file that should have the public key and private key. Sometimes this will be done in separate files but is usally done in one. Once you have the SSL certificate file (you can open it in any text editor) go into Plesk and under your domain click Certificates > Add Certificate. Probably best to just copy each area into the text fields and save it. Remember that you need a unique IP for each SSL certificate you want to install. Plesk does not directly support SSL for subdomains (but it can be done). Once your certificate is up be sure to put files in your httpsdocs folder or alias your httpsdocs folder to httpdocs.
Thanks! Just have one question, in my plesk I need like 20 ceritificates for 20 domains, but my server has only 1 IP address! Can I use the same certificate for all domains? just purchasing it 20 times? Regards
No. Each certificate is signed by a Certificate Authority (CA) and is issued specifically for one domain. You know how the Plesk console throws a security error every time it is loaded? It's because their SSL certificate isn't signed by a CA. Your domains would start throwing errors in the same way because the SSL on the certificate doesn't match the domain it was issued to. Remember, you also need a dedicated IP per signed SSL certificate. All domains can be accessed via SSL using Plesk's built in unsigned certificate.
Please let me know this: If I purchase a SSL Certificate for my Server (20 domains and 1 IP Address) for 1 domain I would be not able to purchase another SSL for another domain because of the unique IP???? Thanks
That is correct. You can only have one SSL certificate on 1 IP. If you want multiple SSL certificates, your going to need to purchase additional IP's for each certificate you need.
Thanks for your help! Now that you have mention it, where you do purchase IP addresses? does an entity assigns the IP address? what if I want to buy a pool of Ips? Thanks
Your host should offer additional IPs. If they don't you should find one that does. I'd suggest 1and1 if you're looking for a switch.
A little confused, please help! If I have a block of 5 IP's and I set aside one IP for SSL, how can I assign a certifIcate for one of my domains to this exclusive IP? Would I have to assign the dedicated IP under the physical hosting department per the domain, and then add a new cert under DOMAINS>DOMAIN NAME>CERTIFICATE? I actually did this and the site didn't come up immediately, does the domain have to propogate first? I'm transferring this cert from another hosting company and they gave me the private key & certificate. Thanks, Greg
The SSL isn't tied to a particular IP but once you assign a SSL cert to a domain then any attempts to use https on any domain for that IP will try to use that certificate. All you need to do is assign an IP to your domain and install your cert. Just make certain that no other site using SSL has that same IP.
I know this thread is a few days old, but I just came up with a quesiton while reading this... Since you are only alloud to have one SSL per IP. Does it hold true if for example your Domain is on an internal IP (behind a Router)? In my current setup all the domains are on a shared ip behind my PIX firewall. If I were to add more internal IP address to the system, would that in fact allow me to have more then one SSL. Or does it simply not make a difference because you can only have one SLL per Valid IP? Just wondering if thats the case. If anyone could let me know, that would be great, as I will then have to redesign my network to elminate Invalid IP's and start using more Real IP's. Thanks
I know there is a way to share one IP and one certificate throughout all the sites on the same server. I have it setup on a managed box of mine but I don't know how it is done (trying to figure this out myself now). On my managed box, I have one domain I setup with tied to 1 IP and 1 certificate that is shared with all the other domains when needed on that server. Choose the domain name carefully and it can work well for you and save you a bundle (remember certs renew and additional IP costs will add up as well). Wish I could help you more and tell you exactly how it is done. If I find out I will post it here. If someone knows, it might help both of us. Something I did notice on a screen shot of the windows version of Plesk (I'm not a windows guy) was Plesk does have an option to share a certificate. Hope this helps, even if only a little. Art
having same problem I am having the same problem. My webserver sits behind a firewall and the server has a private ip address. I have installed my newly purchased cert for this domain via plesk control panel. However, when I attempt to go to the https area of this domain, the cert that comes up is a self signed cert that I created a long time ago and not the newly ca signed cert I purchased. Any suggestions, pointers will be appreciated. Dave
When it comes to installing SSL certs there is no difference between private and public. What IP address does Plesk, internally, think your current domains are on? (Server -> IP addresses) Are they in one of the usual private ranges or are they on public ranges? If you are using public IPs in Plesk and you want more than one domain to have a certificate then you need more than one public IP. If you are using private IPs then you need more than one private IP. It gets more complicated though with private IPs because I think you might need an equivalent number of public IPs to match the private IPs unless your host does something clever. Your firewall will not know which private IP address to direct traffic coming in to otherwise. It is late at night and I get easily confused on this topic so forgive me if I'm talking rubbish on the private IP front. Irrespective of all that, to get your ssl cert to work correctly the key is to do several things: Step 1: EITHER Put the domain you want to have the SSL certificate on its own IP. First, via Server -> IP Addresses make one of your IPs an Exclusive IP, then go into the *Client* account, click on IP Pool and get that IP into the Client's IP pool. Then go into the Domain, click on Setup and make the IP for that domain the Exclusive one you just added. This step is vital because it links the domain to the IP address. OR (If you have only one IP address but lots of domains sharing it and you only need one of those domains to have the certificate - e.g. to stop the certificate errors when clients log in to the Plesk control panel) Make that domain the default domain for that IP. To do this, just go to Server -> IP addresses and click on the hyperlinked number under the Hosting column for the IP. This displays a list of all domains sharing that IP. You can then put the blob in next to the appropriate domain name and click on the Set As Default button. That domain is now the "master" domain for that IP address. Any visitors to that IP address will see that domain, for example. And of course it allows you to use an SSL cert with that domain. xxxxxxxx Step 2 Now install your certificate for the domain. Step 3: Now go back to Server -> IP Addresses and this time just click on the IP address. You will see a drop down of certificates where you can choose the one you want to use for that IP address. Choose the one you just installed. This step is vital as it links the certificate to the IP address (and you previously linked the Domain to the IP address). Step 4: You are basically done. You have linked the Domain to the IP address in Step 1, and the Certificate to the IP address in Step 3. So the circle is closed. But you may need to restart Plesk, or just Apache to get all this to "take". So either use something like service httpd restart or service psa restart or both (or service psa stopall then server psa start) and see what happens. You may also need to close your browser and open it again in order to see the new certificate is installed correctly.
Thank you kindly Faris. Just exactly what I needed to know. Got it working. Dave
I have a similar problem and hope that someone can advise: I currently have a single shared IP with a number of domains on it. One new client needs SSL for his own e-commerce. Before seeing this article, I did the following: CP>domains>www.theirdomain.com>certificates and there I put in a certificate called theirdomain with the key allocated by geotrust. From all the above, it seems as if ideally, I must first purchase another IP address and then host www.theirdomain.com on that IP, with the certificate duly allocated. Is that right? (I am waiting for my host to come back with availability & cost of additional IP addresses). From what faris says, it seems as if I could do it by making www.theirdomain.com the default. However, because I have loaded the certificate under the domain, and not under server>certificate, what can I do to change the location of the certificate? Am I able to create a new certificate at the sever level? Would this cause an error with a duplicated certificate (at both domain and server level)? When I go to server>ip address, the certificate called "theirdomain" does not appear - any specific reason why? Once this is done, is there a way of checking it before we re-point the name servers from where they are at present? Thanks in advance for any help.
I found that you do need a separate IP for each ecommerce site. I install the certificates on the server side and associate them with a unique IP address. Then I go to the individual domain and under setup, I select the exclusive IP address. That's it in a nutshell. Let me know if you need a more detailed answer. BTW: IP addresses should not cost you much (I don't get charged for mine, I just need to justify them). Hope this helps, Art
Not sure if what I have done is right, but the original SSL certificate was set up under domain>theirdomain.com. I have created a new SSL certificate on server>certificates, copying the private key and the certificate key from domains>theirdomain.com>certificates. I then assigned that certificate to the exclusive IP address for that domain. Is this right, and is there any way that I can check it?
Separate names with a comma.