• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SSL SHA-256 / TLS 1.2- & HTTP/1.1

Roderic

Roderic

New Pleskian
Centos 6 & Plesk 12.5 with latest updates

Hello, I've got a few clients using PayPal and they got a message from PayPal saying they need to update 2 things to keep using PayPal.

How can I upgrade the SSL Certificates to SHA-256, TLS to 1.2 and HTTP/1.1.?
And is it a good idea to upgrade TLS and HTTP to the latest version or not?

Thanks in advance :)
 
I have in the meanwhile and I've done everything that's in there. But I don't know if I'm good to go now.

This is what PayPal says:
  • Discontinue support for secure connections that require validation with the VeriSign G2 Root Certificate; only validate with the VeriSign G5 Root Certificate.
  • Use a stronger algorithm by upgrading from SHA-1 to SHA-2 (256).
Does the first point mean I just need to get another certificate? Or do I need to change something in Plesk? Bit lost on that one.. Except that I know that it is using the G2 currently.
 
What this means is your SSL certificate needs to be upgraded to 2048-bit, you can have your SSL certificates re-keyed from 1024-bit to 2048-bit by the SSL provider.
 
I'm in need of some related help. I have an A rating right now but there are some issues. SSL/TLS Server Test | High-Tech Bridge

I've used the following ssh commands to success.
# plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
# plesk sbin sslmng --protocols="TLSv1.1 TLSv1.2"

I get an A rating. but no PCI compliance. When I remove the TLSv1.1, I get an A+ rating with PCI compliance but also a warning that TLSv1.1 must be active to be compliant with HIPAA guidance. So, how to enable TLSv1.1 and get an A+ rating eludes me.

I then try modifying the ciphers in this file: /etc/httpd/conf.d/ssl.conf but nothing seems to change when I do that.

SSLCipherSuite EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AES:!ECDSA:!NULL:!MD5:!DSS:!3DES
SSLHonorCipherOrder on
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
<IfModule mod_ssl.c>SSLCipherSuite HIGH:!aNULL:!MD5</IfModule>


Do I have to update the following files with protocols and ciphers?
/usr/local/psa/admin/conf/templates/custom/nginxWebmailPartial.php
/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
/usr/local/psa/admin/conf/templates/custom/server/nginxVhosts.php

Server version: Apache/2.2.15 (Unix)
Plesk Onyx v17.5.3
CentOS 6.9

Thanks.
 
You must log in or register to reply here.

Similar threads

W
Issue PositiveSSL not installed, but payed
Replies
1
Views
684
AYamshanov
AYamshanov
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
2K
Butcher
B
AndyM
Question How to apply an SSL Let's Encrypt certificate to a custom port?
Replies
4
Views
3K
AndyM
AndyM
A
Issue Urgent - TLS Issue with paypal
Replies
7
Views
1K
Bitpalast
Bitpalast
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
2K
iainh
I
Back
Top