Installing a Server Digital Certificate Please note that these files were adapted from online resources available at http://www.plesk.com/html/ssl-certificate-products/psa/doc.htm Important: Installation is a two step process - ensure you follow both steps listed below: Step 1: Upload your SSL certificate Upload a New SSL Certificate After you are emailed your certificate, two other certificates will be necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and the intermediate CA IPSCA CLASEA1. It is essential that these certificates also be installed on your webserver in order to establish correct SSL connections with your customer's browsers. Should they be required, you may download these certificates individually or collectively as a bundled file below: IPSServidores.crt IPSCACLASEA1.crt IPS-IPSCABUNDLE.CRT 1. Firstly you need to create a SSL Certificate block text. To do this open your Certificate in a text editor such as notepad. 2.       When you applied for a Certificate your Plesk console will have emailed you a CSR and a Private Key. Locate the email and copy the Private Key (not the CSR) into the text file you have just created containing your SSL Certificate. It should look something like: -----BEGIN RSA PRIVATE KEY----- [[ENCODED BLOCK OF TEXT]] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [[ENCODED BLOCK OF TEXT]] -----END CERTIFICATE----- Make sure the -----BEGIN CERTIFICATE----- etc are still displayed within the text file. Save this file as a TXT file somewhere easily accessible from your Plesk console. 3.       In Plesk access the domain management function by clicking on the Domains button at the top of the PSA interface. The Domain List page appears. 4.       Click the domain name that you want to work with. The Domain Administration page appears. 5.       Click the Certificate button. The SSL Certificate page appears. 6.       In the Uploading Certificate File section click browse and locate the saved file just created. 7.       Then, click Send File to copy the certificate to the server. Or, if you want to type in the text of the certificate without downloading a specific file, click in the text box and enter and paste the certificate information. 8.       Click Send Text to implement the text on the server. When you download the certificate to the server, PSA checks for errors. If an error is detected, PSA restores the old version of the SSL certificate, and PSA warns you to update the certificate. At this point, you can try again to enter text or to download the certificate file. When you are satisfied that the SSL certificate is correctly implemented, click Up Level to return to the Domain Administration page. Step 2: Uploading the Rootchain Certificate To ensure your Certificate is trusted by all browsers you need to install a rootchain certificate for the domain: 1.       Access the domain management function by clicking on the Domains button at the top of the PSA interface. The Domain List page appears. 2.       Click the domain name that you want to work with. The Domain Administration page appears. 3.       Click the Certificate button. The SSL Certificate setup page appears. 4.       The icon next to Use rootchain certificate for this domain appears on this page. 5.       If the icon is [ON] then the rootchain certificate will be enabled for this domain. If the icon is [X] this function will be disabled. 6.       Ensure the icon is [X] before continuing to step 7. 7.       To upload your rootchain certificate, first make sure that it has been saved on your local machine or network IPS-IPSCABUNDLE.CRT . Use the Browse button to search for and select the appropriate rootchain certificate file. 8.       Then click the Send File button. This will upload your rootchain certificate to the server to assure proper authentication of the Instant SSL certificate authority. 9.       Click the icon button again to set it to the [ON] state. 10.    When you are satisfied that the rootchain certificate is correctly implemented, click Up Level to return to the Domain Administration page. Advanced Notes on Certificates: ·         In order to use SSL certificates for a given domain, the domain MUST be set-up for IP-Based hosting. ·         When an IP-based hosting account is created with SSL support, a default SSL certificate is uploaded automatically. However, this certificate will not be recognized by a browser as one that is signed by a certificate signing authority. ·         If the given domain has the www prefix enabled, you must set-up your CSR or self-signed certificate with the www prefix included. If you do not, you will receive a warning message when trying to access the domain with the www prefix. ·         All certificates are located in the ../vhosts/'domain name'/cert/httpsd.pem file. Where this directory reads "domain name", you must enter the domain name for which the certificate was created. PROBLEMS WITH SOME PLESK VERSION: If after following our installation instructions you still have problems with your certificate, you can do the following: 1) In your server You can create the following file  /home/httpd/vhosts/YOUR_DOMAIN.COM/conf/vhost_ssl.conf 2) Put into it your needed directives (see our installation documents on apache) 3) Then, run the following command to rebuild apache config to include your vhost_ssl.conf into domain's VirtualHost section. "/usr/local/psa/admin/sbin/my_apci_rst -a -v" This should fix your installation problems

  return to the top

© 1995 - 2007 ipsCA, IPS Certification Authority, S.L. all Rights reserved. Our CPS summarized or complete, CRLs, Root Certificates and legal documents   can be found in our repository Read our  Privacy Policy and Terms of Use