Secure Socket Layer protocol is the web standard for network security and secure e-commerce web hosting authorization. It ensures secure transactions between web servers and browsers while using a third party, a Certificate Authority (CA), to identify one end or both ends of the transactions.
To connect to your Plesk server over a secure SSL connection, you will need a SSL certificate installed on the server side. When Plesk is installed, a default SSL certificate is uploaded automatically for the control panel, however, this certificate is not recognized by web browsers as the one signed by a Certification Authority. You can replace the default SSL certificate by either a self-signed certificate or the one signed by a recognized Certification Authority.
All SSL certificates in Plesk are stored in the SSL certificates repositories from where you can view properties of SSL certificates, add and remove the certificates to/from the repository. There is the server administrator’s repository located at the server management section of the control panel, and there are independent certificates repositories within each domain.
To access the administrator's repository of SSL certificates, on the Server Management screen, click 
Certificates. To access the repository within the specific domain, select the Domains shortcut in the navigation pane, locate the domain name in the list and click on its name. Click the Certificates icon in the Services group.
A list of available SSL certificates will open.
The SSL certificates are listed in a table with the following columns:
Certificate Signing (R)equest - an icon shown in color indicates that a Certificate Signing Request for a certificate is present in the repository.
Private (K)ey - an icon shown in color indicates that a private key for a certificate is stored in the repository.
(C)ertificate - an icon shown in color indicates that a certificate file is stored in the repository.
Certification (A)uthority - an icon shown in color indicates that a CA certificate is stored in the repository.
Certificate name - Name of the certificate displayed in the control panel. Click it to edit the name or upload the parts for the certificate.
Used - number of IP addresses that are assigned this certificate.
In order to implement SSL support within a virtual host, you should add a SSL certificate to SSL certificates repository and then assign the certificate to a specific IP address.
You can:
To use any of these options:
Access the SSL Certificates repository (Server > Certificates for Administrator's repository or Domains > Domain name > Certificates for certificates repository within a domain).
Click Add Certificate icon. The SSL certificate creation page will open. From this page you will be able to generate a self-signed certificate, generate certificate signing request, purchase a SSL certificate, upload the certificate you already have, or add the certificate parts to a certificate saved in the repository.
Note
When acquiring or generating new certificates, make sure that the values you enter into the fields 'domain name', 'e-mail address', 'state or province', 'location', 'organization name', and 'department name' do not exceed the limit of 64 symbols.
To generate a self-signed certificate follow these steps:
Specify the certificate name.
The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list (1024 bits are recommended for regular certificates).
Select a country from the drop-down list.
Specify the state or province, location (city).
Enter the appropriate organization name and department/division in the field provided.
Enter the Domain Name for which you wish to generate the self-signed certificate.
Specify the E-mail address.
Click the Self-Signed button. Your self-signed certificate will be immediately added to the repository.
To generate a certificate signing request (CSR) follow these steps:
Specify the certificate name.
The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.
Select the country from the drop-down list
Specify the state or province, location (city).
Enter the appropriate organization name and department/division in the field provided.
Enter the Domain Name for which you wish to generate the certificate signing request.
Click the Request button. A private key and certificate signing request will be generated and added to the repository. You will be able to add the other certificate parts later on.
Once the CSR is generated, you can download it to the local machine by clicking the corresponding Download icon in the list of certificates, and then send the Request part (including the BEGIN and END tags) of it to the Certification Authority that will generate an SSL certificate in accordance with the information you supplied in the CSR.
Make sure you do not send or show your Private Key (which might be stored inside the certificate file) to the Certification Authority or anybody else.
To purchase a new certificate through MyPlesk.com online store, follow these steps:
Specify the certificate name.
The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down box.
Select your country from the drop-down box.
Enter your State or Province, your Location (City), Organization Name (Company), organization department (division name)
Enter the Domain Name for which you wish to purchase a SSL certificate.
Enter the domain administrator's e-mail address in the appropriate field.
Make sure that all the provided information is correct and accurate, as it will be used to generate the private key. Then click the Buy Certificate button. Private key and certificate signing request will be generated (do not delete them!). MyPlesk.com login page will open in a new browser window.
Register or login to an existing MyPlesk.com account and you will be taken step by step through the certificate purchase procedure.
Choose a certificate type to purchase.
Click Proceed to Buy and order the certificate. In the Approver E-Mail drop-down box, please select the correct Approver e-mail.
Note
The approver e-mail is an e-mail address that can confirm that certificate for specific domain name was requested by an authorized person.
Your certificate request will be processed by GeoTrust, Inc., then you'll be asked for confirmation from GeoTrust, Inc., and the certificate will be sent to you by e-mail.
When you receive your SSL certificate, save it on your local machine or network.
Return to the SSL Certificates repository (Server > Certificates for Administrator's repository or Domains > Domain name > Certificates for certificates repository within a domain).
Click the Browse button in the middle of the page and navigate to the location of the saved certificate. Select it, and then click Send File. This will upload and install the certificate against the corresponding private key.
If you have already obtained a certificate containing private key and certificate data (and may be CA certificate), follow these steps to upload them:
At the SSL certificates repository, click the Add Certificate icon to create a new certificate, or click the certificate name in the list to modify an existing certificate.
Upload the certificate data in any of the two ways:
For the certificates purchased through some certification authorities you may need to install a so-called a CA Certificate or rootchain certificate. The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:
At the SSL certificates repository, select a certificate from the list. You will be taken to the certificate properties page.
Use the Browse button, within the section related to the certificate uploading, to locate the appropriate CA Certificate file and click Send File, or copy the CA certificate contents to the clipboard, paste them into the corresponding input field and click the Send Text button.
A situation may occur in some cases, that you have a certificate in the repository, which has only the private key part and the other parts are missing due to some reasons. To generate a new certificate signing request using the existing private key, follow these steps:
At the SSL certificates repository, select from the list a certificate, which has the private key part only. You will be taken to the SSL certificate properties screen.
Click Request.
To install the signed SSL certificate you received from the certification authority:
Save the certificate file on your local machine or network.
Login to the Plesk Control Panel.
Select the Server shortcut in the navigation pane.
Click Certificates.
Click the Browse button in the middle of the page and navigate to the location of the saved certificate. Select it, then click Send File, this will upload and install the certificate against the corresponding private key.
The certificate will appear in the list at the bottom of the page. Select the check box corresponding to this certificate, and click Setup.
When you add a certificate to repository, it is not installed automatically onto the domain or assigned to an IP address, but rather saved for the future uses. You can assign a certificate to an IP address at the server’s IP pool, client's IP pool, or during hosting setup on an exclusively granted IP.
To assign SSL certificates to IP addresses:
If domain's IP is allocated exclusively to a single client, then go to Clients > your client name > IP Pool > domain's IP address > select the required SSL certificate name from the SSL certificate drop-down box.
If domain's IP is shared among many clients, then go to Server > IP Addresses > domain's IP address > select the required SSL certificate name from the SSL certificate drop-down box.
To assign SSL certificates to domains:
Whenever you decide to change the type of IP address from exclusive to shared, you may encounter a tricky situation that should be considered: you assign an IP address exclusively to a client, who then purchases an SSL certificate and assigns it to this IP address. Now, if you change the type of this IP address from exclusive to shared, this individual SSL certificate will become shared among other users of this IP. The owner of the SSL certificate will surely not be happy with it.
To avoid such situations, you can select an SSL certificate that will be assigned to the addresses that change the type from exclusive to shared and to all newly created IP addresses. To assign the default certificate, in the administrator’s repository, select the check box corresponding to the required certificate and click Default.
If you purchased SSL certificates from MyPlesk.com online store, you can use a link in the Plesk control panel to track your certificate orders and view the details on certificates:
In the Administrator's repository of SSL certificates, click View Certificates.
In the new browser window that will open, enter the login and password for access to your MyPlesk.com account.
You will be taken to the Certificates section of the online store.
To download any certificate from the repository to your local machine, in the list of certificates, click the Download icon corresponding to the required certificate name. Select the location when prompted, specify the file name and click Save to save it.
To download the certificate currently installed to the control panel, click the Download icon in the Tools group. Select the location when prompted, specify the file name and click Save to save it.