PLESK 7.5 RELOADED > Administering Domains

Managing SSL Certificates

Secure Socket Layer protocol is the web standard for network security and secure e-commerce web hosting authorization. It ensures secure transactions between web servers and browsers while using a third party, a Certificate Authority (CA), to identify one end or both ends of the transactions.

Within each domain, there are independent certificate repositories, from where you can view properties of SSL certificates, add and remove certificates to/from the repository.

To access the repository within the specific domain, click the domain name in the list, and then click the Certificates icon in the Tools group.

A list of available SSL certificates will open.

The SSL certificates are listed in a table with the following columns:

  • Certificate Signing (R)equest - an icon shown in color indicates that a Certificate Signing Request for a certificate is present in the repository.

  • Private (K)ey - an icon shown in color indicates that a private key for a certificate is stored in the repository.

  • (C)ertificate - an icon shown in color indicates that a certificate file is stored in the repository.

  • Certification (A)uthority - an icon shown in color indicates that a CA certificate is stored in the repository.

  • Certificate name - Name of the certificate displayed in the control panel. Click it to edit the name or upload the parts for the certificate.

  • Used - number of IP addresses that are assigned this certificate.

Adding SSL Certificates to Repository

In order to implement SSL support within a virtual host, you should add a SSL certificate to SSL certificates repository and then assign the certificate to a specific IP address.

You can:

  • generate a self-signed certificate,

  • generate a certificate signing request, and purchase an SSL certificate from certification authority,

  • buy a certificate via MyPlesk.com online store.

To use any of these options:

  1. Access the SSL Certificates repository (Domain name > Certificates).

  2. Click Add Certificate icon. The SSL certificate creation page will open. From this page you will be able to generate a self-signed certificate, generate certificate signing request, purchase a SSL certificate, upload the certificate you already have, or add the certificate parts to a certificate saved in the repository.

Note

When acquiring or generating new certificates, make sure that the values you enter into the fields 'domain name', 'e-mail address', 'state or province', 'location', 'organization name', and 'department name' do not exceed the limit of 64 symbols.

Generating a Self-signed Certificate

To generate a self-signed certificate follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list (1024 bits are recommended for regular certificates).

  3. Select a country from the drop-down list.

  4. Specify the state or province, location (city).

  5. Enter the appropriate organization name and department/division in the field provided.

  6. Enter the Domain Name for which you wish to generate the self-signed certificate.

  7. Specify the E-mail address.

  8. Click the Self-Signed button. Your self-signed certificate will be immediately added to the repository.

Generating a Certificate Signing Request

To generate a certificate signing request (CSR) follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

  3. Select the country from the drop-down list

  4. Specify the state or province, location (city).

  5. Enter the appropriate organization name and department/division in the field provided.

  6. Enter the Domain Name for which you wish to generate the certificate signing request.

  7. Click the Request button. A private key and certificate signing request will be generated and added to the repository. You will be able to add the other certificate parts later on.

Once the CSR is generated, you can download it to the local machine by clicking the corresponding Download icon in the list of certificates, and then send the Request part (including the BEGIN and END tags) of it to the Certification Authority that will generate an SSL certificate in accordance with the information you supplied in the CSR.

Make sure you do not send or show your Private Key (which might be stored inside the certificate file) to the Certification Authority or anybody else.

Purchasing Certificates Using MyPlesk.com Online Store

To purchase a new certificate through MyPlesk.com online store, follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down box.

  3. Select your country from the drop-down box.

  4. Enter your State or Province, your Location (City), Organization Name (Company), organization department (division name)

  5. Enter the Domain Name for which you wish to purchase a SSL certificate.

  6. Enter the domain administrator's e-mail address in the appropriate field.

  7. Make sure that all the provided information is correct and accurate, as it will be used to generate the private key. Then click the Buy Certificate button. Private key and certificate signing request will be generated (do not delete them!). MyPlesk.com login page will open in a new browser window.

  8. Register or login to an existing MyPlesk.com account and you will be taken step by step through the certificate purchase procedure.

  9. Choose a certificate type to purchase.

  10. Click Proceed to Buy and order the certificate. In the Approver E-Mail drop-down box, please select the correct Approver e-mail.

    Note

    The approver e-mail is an e-mail address that can confirm that certificate for specific domain name was requested by an authorized person.

  11. Your certificate request will be processed by GeoTrust, Inc., then you'll be asked for confirmation from GeoTrust, Inc., and the certificate will be sent to you by e-mail.

  12. When you receive your SSL certificate, save it on your local machine or network.

  13. Return to the SSL Certificates repository (Domain name > Certificates).

  14. Click the Browse button in the middle of the page and navigate to the location of the saved certificate. Select it, and then click Send File. This will upload and install the certificate against the corresponding private key.

Uploading Certificates or Certificate Parts to SSL Certificates Repository

If you have already obtained a certificate containing private key and certificate data (and may be CA certificate), follow these steps to upload them:

  1. At the SSL certificates repository, click the Add Certificate icon to create a new certificate, or click the certificate name in the list to modify an existing certificate.

  2. Upload the certificate data in any of the two ways:

    • Upload the three certificate parts as files: choose the files from the local machine or network and click Send File.

    • Upload the three certificate parts as text: copy them to the clipboard and paste into the input fields, and click Send Text.

Uploading CA Certificates

For the certificates purchased through some certification authorities you may need to install a so-called a CA Certificate or rootchain certificate. The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:

  1. At the SSL certificates repository, select a certificate from the list. You will be taken to the certificate properties page.

  2. Use the Browse button, within the section related to the certificate uploading, to locate the appropriate CA Certificate file and click Send File, or copy the CA certificate contents to the clipboard, paste them into the corresponding input field and click the Send Text button.

Generating CSR Using an Existing Private Key

A situation may occur in some cases, that you have a certificate in the repository, which has only the private key part and the other parts are missing due to some reasons. To generate a new certificate signing request using the existing private key, follow these steps:

  1. At the SSL certificates repository, select from the list a certificate, which has the private key part only. You will be taken to the SSL certificate properties screen.

  2. Click Request.

Removing Certificate Parts

After you have uploaded a CA certificate part (rootchain certificate), you are able to remove it. To do so, follow these steps:

  1. At the SSL certificates repository, click on the certificate name in the list.

  2. Click the Remove button located next to the CA certificate field.

Assigning SSL Certificates to IP Addresses and Domains

When you add a certificate to repository, it is not installed automatically onto the domain or assigned to an IP address, but rather saved for the future uses. You can assign a certificate to an IP address from your IP pool management screen, or during hosting setup on an exclusively granted IP.

To assign SSL certificates to IP addresses:

  • If domain's IP is exclusively allocated to you, then go to IP Pool > domain's IP address > select the required SSL certificate name from the SSL certificate drop-down box.

To assign SSL certificates to domains:

  • From the list of domains located at the bottom of your home page, click the Physical hosting icon to the left of the domain name you need and then select the required SSL certificate from the SSL certificate drop-down box.

Viewing Information on SSL Certificates Purchased through MyPlesk.com

If you purchased SSL certificates from MyPlesk.com online store, you can use a link in the Plesk control panel to track your certificate orders and view the details on certificates:

  1. In the SSL certificates repository, click View Certificates.

  2. In the new browser window that will open, enter the login and password for access to your MyPlesk.com account.

  3. You will be taken to the Certificates section of the online store.

Downloading SSL Certificates from Repository

To download any certificate from the repository to your local machine, in the list of certificates, click the Download icon corresponding to the required certificate name. Select the location when prompted, specify the file name and click Save to save it.

Removing SSL Certificates from Repository

To delete one or more certificates from the repository, at the certificate repository, select the corresponding check boxes and click Remove Selected.


to top