PLESK 7.5 RELOADED > Administering Domains

Domain SSL Certificates Repository Management

Plesk enables you to upload a Secure Socket Layer (SSL) Certificate, generate a Certificate Signing Request (CSR), and/or generate a Self-signed Certificate. Each certificate represents a set of rules used when exchanging encrypted information between two computers. Certificates ensure secure communications; this is especially important when handling e-commerce transactions and other private transmittals. Only authorized users can access and read an encrypted data stream.

Notes on Certificates:

  • You can acquire SSL certificates from various sources. We recommend using the CSR option within Plesk. You can also purchase the certificate through the My.Plesk.com (MPC) web site.

  • If using a SSL certificate issued by a certificate authority other than Thawte or Verisign, a rootchain certificate is required to appropriately identify and authenticate the certificate authority that has issued your SSL certificate.

  • Once you have obtained a SSL certificate or a certificate part, you can upload it through Plesk using the instructions, which follow in this section.

IMPORTANT

When you add a certificate, it is not installed automatically onto the domain or assigned to an IP address, but only added to the Certificate repository.

You can assign a certificate to an IP address at the IP pool, and during hosting creation on an exclusively granted IP.

Accessing the Domain SSL Certificates Repository

To access the Domain certificates repository page, click the Certificates icon at the Domain administration page. The certificates repository page will open displaying the list of available certificates:

The four icons, preceding the certificate name in the list, indicate the present parts of a certificate. The icon displayed in the R column indicates that the Certificate Signing request part is present in the certificate, the icon in the K column indicates that the private key is contained within the certificate, the icon in the C column indicates that the SSL certificate text part is present and the icon in the A column indicates that CA certificate part is present. The number in the Used column indicates the number of IP addresses the certificate is assigned to.

Uploading a certificate file with finding the appropriate private key

After you have received your signed SSL certificate from the certificate authority you can upload it from the Certificate repository page. First make sure that the certificate file has been saved on your local machine or network. Use the Browse button to locate the certificate. Click Send File. The existing certificate with appropriate private key will be found and the certificate part will be added to the repository.

Changing a certificate name

To change a certificate name follow these steps:

  1. At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

  2. Click in the Certificate name field and edit the name as desired.

  3. Click Set.

Viewing purchased certificates

After you have purchased your certificates through the control panel you can utilize the View Certs function to view the information about your SSL certificate(s).

Downloading a certificate to the local machine

To download the certificate to the local machine, click on the icon, corresponding to the required certificate. Select the location when prompted, specify the file name and click Save to save it.

Removing a certificate from repository

To delete one or several certificates from the repository, at the certificate repository page, select the corresponding checkboxes, and click Remove Selected.

Adding a certificate to the repository

To add a certificate to repository, click the Add Certificate icon at the Domain certificate repository page. The SSL certificate creation page will open. On this page you can generate a self-signed certificate, certificate-signing request, purchase a SSL certificate, and add the certificate parts to an existing certificate.

NOTE

When acquiring or generating new certificates, make sure that the values you enter into the fields 'domain name', 'email address', 'state or province', 'location', 'organization name', and 'department name' do not exceed the limit of 64 symbols.

Generating a self-signed certificate

To generate a self-signed certificate follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

  3. Select a country from the drop-down list.

  4. Specify the state or province, location (city).

  5. Enter the appropriate organization name and department/division in the field provided.

  6. Enter the Domain Name for which you wish to generate the self-signed certificate.

  7. Specify the E-mail address.

  8. Click the Self-Signed button. Your self-signed certificate will be immediately generated and added to the repository.

Generating a Certificate Signing Request

To generate a certificate signing request (CSR) follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

  3. Select a country from the drop-down list.

  4. Specify the state or province, location (city).

  5. Enter the appropriate organization name and department/division in the field provided.

  6. Enter the Domain Name for which you wish to generate the certificate signing request.

  7. Specify the E-mail address.

  8. Click the Request button. A certificate signing request will be generated and added to the repository. You will be able to add the other certificate parts later on.

Purchasing a Certificate

To purchase a new certificate follow these steps:

  1. Specify the certificate name.

  2. The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

  3. Select your country from the drop-down list.

  4. Enter your State or Province, your Location (City), Organization Name (Company), organization department (division name)

  5. Enter the Domain Name for which you wish to purchase a SSL certificate.

  6. Enter the domain administrator's e-mail address in the appropriate field.

  7. Select the Buy Cert button. You will be taken step by step through the purchase procedure. It is important to note that you must make sure that all the provided information is correct and accurate, as it will be used to generate the private key.

When using Plesk to purchase your SSL certificate you will receive the certificate file via e-mail from the certificate signing authority. Follow the instructions in the Uploading a certificate file with finding the appropriate private key section to upload the certificate to the repository.

Uploading certificate parts

If you have already obtained a certificate containing private key and certificate part (and may be a CA certificate), follow these steps to upload it:

  1. At the certificate repository page, click the Add Certificate icon. You will be taken to the SSL certificate creation page.

  2. In the Upload certificate files section of the page, use the Browse button to locate the appropriate certificate file or a required certificate part.

    NOTE

    Your certificate can be contained within one or several files, so you may upload the certificate by parts or as a single file, selecting it in several fields (Plesk will recognize the appropriate certificate parts and upload them correspondingly).

  3. Click Send File. This will upload your certificate parts to the repository.

You can upload an existing certificate in two ways:

  1. Choose a file from the local network and click the Send File button (.TXT files only).

  2. Type in or paste the certificate text and private key into the text fields and click the Send Text button.

Uploading a CA certificate

For the certificates purchased through certificate signing authorities other than Verisign or Thawte you will receive what is typically called a CA Certificate, or rootchain certificate. The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:

  1. At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

  2. Use the Browse button, within the section related to the certificate uploading, to locate the appropriate CA Certificate file.

  3. Click Send File. This will upload your CA Certificate to the repository.

You can upload an existing certificate in two ways:

  1. Choose a file from the local network and click the Send File button (.TXT files only).

  2. Type in or paste the CA certificate text into the text field and click the Send Text button.

Generating a CSR using an existing private key

A situation may occur in some cases, that you have a certificate in the repository, which has only the private key part and the other parts are missing due to some reasons. To generate a new Certificate Signing Request using the existing private key, follow these steps:

  1. At the certificate repository page, select from the list a certificate, which has the private key part only. You will be taken to the SSL certificate properties page.

  2. Click Request.

Removing a certificate part

After you have uploaded a CA certificate part (rootchain certificate), you are able to remove it. To do so, follow these steps:

  1. At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

  2. Click on the Remove button located next to the CA certificate field.


to top