How do I manage my SSL certificates in the Plesk control panel?

Answer by: Taylor Giddens, Aplus.Net Technical Support

Plesk enables you to upload a Secure Socket Layer (SSL) Certificate, generate a Certificate Signing Request (CSR), and/or generate a Self-signed Certificate. Each certificate represents a set of rules used when exchanging encrypted information between two computers. Certificates ensure secure communications; this is especially important when handling e-commerce transactions and other private transmittals. Only authorized users can access and read an encrypted data stream. If your client intends to implement SSL support for a virtual host domain, you can grant permission for SSL capabilities to the domain. Or, your client can implement the SSL certificate by self-administering his/her domain.

Notes on Certificates:

·         You can acquire SSL certificates from various sources. We recommend using the CSR option within Plesk. You can also purchase the certificate through the My.Plesk.com (MPC) web site.

·         If using a SSL certificate issued by a certificate authority other than Thawte or Verisign, a rootchain certificate is required to appropriately identify and authenticate the certificate authority that has issued your SSL certificate.

·         Once you have obtained a SSL certificate or a certificate part, you can upload it through Plesk using the instructions, which follow in this section.

IMPORTANT

When you add a certificate, it is not installed automatically onto the domain or assigned to an IP address, but only added to the Certificate repository.

You can assign a certificate to an IP address at the Client’s IP pool, at the IP aliasing management page, and during hosting creation on an exclusively granted IP.

Accessing the Domain SSL Certificates Repository

To access the Domain certificates repository page, click on the CERTIFICATES button at the Domain administration page. The certificates repository page will open displaying the list of available certificates.

The four icons, preceding the certificate name in the list, indicate the present parts of a certificate. The icon displayed in the R column indicates that the Certificate Signing request part is present in the certificate, the icon in the K column indicates that the private key is contained within the certificate, the icon in the C column indicates that the SSL certificate text part is present and the icon in the A column indicates that CA certificate part is present.

Uploading a certificate file with searching for the appropriate private key

After you have received your signed SSL certificate from the certificate authority you can upload it from the Certificate repository page. First make sure that the certificate file has been saved on your local machine or network. Use the Browse button to locate the certificate. Click SEND FILE. The existing certificate with appropriate private key will be found and the certificate part will be added to the repository.

Sorting the list of certificates

You can sort this list by certificate name clicking on the Certificate name column title, or by clicking on the R, K, C, A column titles to sort the list by CSR, Private Key, Certificate or CA certificate parts presence respectively.

Searching in the repository

You have an option of searching for a certificate by a certain pattern. It may help you in case you have a great number of certificates stored in the repository and you need to work with a particular one. To search through the list, type the pattern string into the text input field and click SEARCH. If there were any items found matching the entered pattern string, they will all be displayed in the form of a reduced list. The button SHOW ALL will revert to displaying the whole list.

Changing a certificate name

To change a certificate name follow these steps:

1.      At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

2.      Click in the Certificate name field and edit the name as desired.

3.      Click SET.

Viewing purchased certificates

After you have purchased your certificates through the control panel you can utilize the VIEW CERTS option to view the information about your SSL certificate(s).

Downloading a certificate to the local machine

To download the certificate to the local machine, click on the diskette icon, corresponding to the required certificate. Select the location when prompted, specify the file name and click Save to save it.

Removing a certificate from repository

To delete one or more certificates from the repository, at the certificate repository page, check the checkboxes in the Sel column and click the REMOVE SELECTED button.

Adding a certificate to the repository

To add a certificate to repository, click on the ADD button at the Domain certificate repository page. The SSL certificate creation page will open. On this page you can generate a self-signed certificate, certificate-signing request, purchase a SSL certificate, and add the certificate parts to an existing certificate.

Generating a self-signed certificate

To generate a self-signed certificate follow these steps:

1.      At the Certificate repository page, click on the ADD button. The certificate creation page will open.

2.      Specify the certificate name.

3.      The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

4.      Select a country from the drop-down list

5.      Specify the state or province, location (city).

6.      Enter the appropriate organization name and department/division in the field provided.

7.      Enter the Domain Name for which you wish to generate the self-signed certificate.

8.      Specify the E-mail address.

9.      Click on the SELF-SIGNED button. Your self-signed certificate will be immediately added to the repository.

Generating a Certificate Signing Request

To generate a certificate signing request (CSR) follow these steps:

1.      At the Certificate repository page, click on the ADD button. The certificate creation page will open.

2.      Specify the certificate name.

3.      The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

4.      Select a country from the drop-down list

5.      Specify the state or province, location (city).

6.      Enter the appropriate organization name and department/division in the field provided.

7.      Enter the Domain Name for which you wish to generate the certificate signing request.

8.      Click the REQUEST button. A certificate signing request will be generated and added to the repository. You will be able to add the other certificate parts later on.

Purchasing a Certificate

To purchase a new certificate follow these steps:

1.      Specify the certificate name.

2.      The Bits selection allows you to choose the level of encryption of your SSL certificate. Select the appropriate number from the drop-down list.

3.      Select your country from the drop-down list.

4.      Enter your State or Province, your Location (City), Organization Name (Company), organization department (division name)

5.      Enter the Domain Name for which you wish to purchase a SSL certificate.

6.      Enter the domain owner's e-mail address in the appropriate field.

7.      Select the BUY CERT button. You will be taken step by step through the purchase procedure. It is important to note that you must make sure that all the provided information is correct and accurate, as it will be used to generate the private key.

When using Plesk to purchase your SSL certificate, you will receive the certificate file via e-mail from the certificate signing authority. Follow the instructions in the Uploading a certificate file with searching for the appropriate private key section to upload the certificate to the repository.

Uploading certificate parts

If you have already obtained a certificate containing private key and certificate part (and may be CA certificate), follow these steps to upload it:

1.      At the certificate repository page, click on the ADD button. You will be taken to the SSL certificate creation page.

2.      In the Upload certificate files section of the page, use the Browse button to locate the appropriate certificate file or a required certificate part.

NOTE

Your certificate can be contained within one or several files, so you may upload the certificate by parts or as a single file, selecting it in several fields (Plesk will recognize the appropriate certificate parts and upload them correspondingly).

1.      Click SEND FILE. This will upload your certificate parts to the repository.

2.      You can upload an existing certificate in two ways:

3.      Choose a file from the local network and click on the SEND FILE button (.TXT files only).

4.      Type in or paste the certificate text and private key into the text fields and click on the SEND TEXT button.

Uploading a CA certificate

For the certificates purchased through certificate signing authorities other than Verisign or Thawte you will receive what is typically called a CA Certificate, or rootchain certificate. The CA Certificate is used to appropriately identify and authenticate the certificate authority, which has issued your SSL certificate. To upload your CA Certificate, follow these steps:

1.      At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

2.      Use the Browse button, within the section related to the certificate uploading, to locate the appropriate CA Certificate file.

3.      Click SEND FILE. This will upload your CA Certificate to the repository.

You can upload an existing certificate in two ways:

1.      Choose a file from the local network and click on the SEND FILE button (.TXT files only).

2.      Type in or paste the CA certificate text into the text field and click on the SEND TEXT button.

Generating a CSR using an existing private key

A situation may occur in some cases, that you have a certificate in the repository, which has only the private key part and the other parts are missing due to some reasons. To generate a new Certificate Signing Request using the existing private key, follow these steps:

1.      At the certificate repository page, select from the list a certificate, which has the private key part only. You will be taken to the SSL certificate properties page.

2.      Click REQUEST.

Removing a certificate part

After you have uploaded a CA certificate part (rootchain certificate), you are able to remove it. To do so, follow these steps:

1.      At the certificate repository page, select a certificate from the list. You will be taken to the SSL certificate properties page.

2.      Click on the REMOVE button located next to the CA certificate field.