• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

understanding SSL for domain

F

fabrizioi

Basic Pleskian
Hi all,

I don't know if is possible but I would like to create a scenario like this:

http://www.mydomain.com - web site
https://www.mydomain.com/backend - web site with my cms/control panel

I would like that only client with the client certificates can access to the https url for this domain (client must install in the browsers the client certificate)

I have the following configuration:
Centos5.4 32bit with plesk 9.3, 3 IP address on a dedicated server.

I have 2 domain and the plesk panel itself on IP address 01
I have another domain "mydomain" on IP address 02
I have enable the ssl option in the web hosting setup for the domain "mydomain".

From my linux office computer I have generated the ssl certificates with openssl, tested it, it work.
From plesk control panel -> mydomain I have uploaded 3 files from the section "upload certificates files" in the following order :

server-key.pem, server-cert.pem, ca-cert.pem

Now if I'm going to: https://www.mydomain.com after some browser alert I can see the plesk https welcome page.

In my mind I was expecting not to see the page because I haven't installed the client certificates in the browser.

Any help about it is very appreciate.

Bye
 
it work

Hi all,

After hard work and configuration I successfully configure the https scenario.

I share this because this is not documented.
This is not a complete how to but can be useful for reference.

In my situation I create the certificates and I'm be the CA for this.

First of all be sure to have an exclusive IP address configured for the domain you want to activate the ssl feature and be sure to have openssl installed.

create a folder for example in /home/myssl

Go to domain-> ssl cert -> add ssl cert
Compile the form at the top of the page and the click the request button.

Plesk generate the server key and the server csr.

Create two files in /home/myssl: server.key, server.csr. Copy past the code from plesk panel to the target files.

Continue to generate the certificates. This links could be valid resource to do this:
http://www.modssl.org/docs/2.8/ssl_faq.html
http://www.vanemery.com/Linux/Apache/apache-SSL.html

Could be nice to sign certificates with sign.sh.
For very strange reason this is not always installed with apache and let me crazy to find and configure it.
This links can be useful to do this
http://www.faqs.org/docs/securing/chap24sec195.html
http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap24sec196.html

Here you can wget the sign.sh working file
http://willert.dk/geek/ssl-make.html

After the certificates are created return to plesk.
Edit the prev certificate and upload server and ca cert.

Now be sure that in webhosting setup the domain have ssl options set to true and that the correct certificate is selected.
Also take a look in the IP address configuration.

At this point we thinks that everything work but is not true.

For some strange reason plesk continue to use the default certificates instead of the certificates called from domain/http.include

Do not try to include it in vhost_ssl.conf this type of directive seems to be not allowed in this file.

Following this kb, http://kb.odin.com/en/939, I think that now everything work.
No. When I'm going to https the domain from the browser the default certificate continue to be used.

After one day of investigation I have found that the default certificate is configured here: /etc/conf.d/*psa_httpd.conf.

The only solution I have found is to specify the correct certificates here, the same of http.include in other words.
After this I must move some directive form /etc/conf.d/ssl.conf (disabled via the kb) to *psa_httpd.conf.

Now I believe that all work, but this is not true.

I found that post data not work with ssl if SSLVerifyClient is set to verify.
Reference: https://issues.apache.org/bugzilla/show_bug.cgi?id=12355

So i need to set SSLVerifyClient to default value in *psa_httpd.conf.

After this I create the domain/vhost_ssl.conf and under the Location directive set SSLVerifyClient to the correct value.
this can be useful for advanced config. http://www.modssl.org/docs/2.8/ssl_howto.html.


Hope this help.

Bye

PS: sorry for my english
 
Hi, thanks for the info. I am trying the same thing. The additional problem I have is that I also want a server certificate installed on the domain, as it is for ecommerce.

Were you able to do this?

Incidently, there is nothing wrong with your English!
 
You must log in or register to reply here.

Similar threads

D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
731
deepnpisgah
D
nornagest
Question How to secure different access domains for Plesk
Replies
2
Views
1K
Peter Debik
P
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
858
f0rtem
f0rtem
D
Issue can only create webmail certificates
Replies
1
Views
429
deepnpisgah
D
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
809
Lenny
Lenny
Back
Top