Managing Shared SSL
SSL stands for “Secure Socket Layer” and you can use this feature to protect all data exchanged between your Web site and the client. Shared SSL is a means of secure Web server access without requiring users to purchase a digital key.
In this case, only one domain should have real SSL sertificate. We will call it Master SSL Domain. Other domains, which are set up to use Shared SSL will use its resources.
To choose the Master SSL Domain from the list of domains which have SSL support enabled, go to the Server > Shared SSL page. In order to do this, set the Enable shared SSL checkbox and choose, which domain you want to be the Master SSL Domain.
Creating a wildcard SSL certificate in Plesk
A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a “*” as the left most label (part) of a domain name, e.g. *.example.com.
A wildcard DNS record in a zone file looks similar to this example:
*.serverbuddies.com. 3600 IN MX 10 host1.serverbuddies.com.
This wildcard DNS record will cause DNS lookups on domain names ending in example.com that do not exist to have MX records synthesized for them. So, a lookup for the MX record for somerandomname.example.com would return an MX record pointing to host1.example.com.
Since version 8.0.1 Plesk allows to create and use certificates for Wildcard domain names (like *.serverbuddies.com.com).
Wildcard certificate can be created the same way that usual certificate is generated. The only difference that you specify the name with “*” sign in the left path, for example *.serverbuddies.com” domain name in the Wildcard certificate will match all this domain’s subdomains, like mail.serverbuddies.com, ftp.serverbuddies.com, etc
Setting up sendmail over SSL on Ensim Pro Control Panel for Linux
Login as root on your Ensim Pro Control Panel for Linux box
Backup your current sendmail conf file
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak
Prepare sendmail’s certificate
cd /usr/share/ssl/certs
make sendmail.pem
You will be prompted with several questions typical for SSL certificate generation)
Backup /usr/lib/opcenter/sendmail/install/sendmail.mc file
cp /usr/lib/opcenter/sendmail/install/sendmail.mc /usr/lib/opcenter/sendmail/install/sendmail.mc.bak
Edit /usr/lib/opcenter/sendmail/install/sendmail.mc file
vi /usr/lib/opcenter/sendmail/install/sendmail.mc
Uncomment the following lines to point to your generated certificate
define(`confCACERT_PATH’,`/usr/share/ssl/certs’)
define(`confCACERT’,`/usr/share/ssl/certs/ca-bundle.crt’)
define(`confSERVER_CERT’,`/usr/share/ssl/certs/sendmail.pem’)
define(`confSERVER_KEY’,`/usr/share/ssl/certs/sendmail.pem’)
Add DAEMON_OPTIONS to make sendmail listen on port 465
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s’)dnl
Rebuild sendmail conf file
m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/mail/sendmail.cf
Restart sendmail
/sbin/service sendmail restart
You can check if sendmail is listening on 465 port by issuing command
Reference: http://parallels.com
Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate in Ensim
Your certificate will be sent to you by email after you get that from SSl providers. The email message includes the web server certificate that you purchased in the body of the email message.
Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files. Name this file yourdomain.txt and save it in a convenient place.
These instructions apply for both Ensim Pro and Ensim 3.x.
1. Click SSL Settings - access to this link may differ depending on your version of Ensim:
If you are running Ensim Pro. In the shortcuts section of the Home page, click SSL Settings in the Web Server section:
Or if you are running Ensim 3.x, click the Services link on the left, then click the Edit button for the Apache Web Server service:
2. Then in the Apache Web Server Manager click the SSL Settings link.
Select Import at the bottom of the SSL Settings form.
3. Copy the contents of yourdomain.txt and paste it into the Certificate text box
Be sure to include —–BEGIN CERTIFICATE—– through —–END CERTIFICATE—–
4. Select Save.
5. To make security effective on your domain, restart the Web server. The domain is not secure until you do so.
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. Note: The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.
Creating your own SSL certificate for DirectAdmin
Note : that this is for the DirectAdmin connection on port 2222.
You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http on port 2
If you do not have your own certificates, you’ll need to create your own:
/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
And then
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after this change.
