back       next
Home » Blogs » wizap's blog

Comodo / PositiveSSL / InstantSSL Multi-domain SSL certificate installation on Plesk

Submitted by wizap on Thu, 04/03/2008 - 23:38.

If you're short of IP addresses and hosting multiple domains on a single IP requiring SSL connection to all domains, then a good solution would be to get the Multi-Domain certificate from Comodo, which is a single certificate containing more than one domain name, and that certificate is for a single server installation.

However, the use of Host Headers (which is how you can use a single IP for more than one SSL enabled domain) is not recommended for E-Commerce sites.

The multi-domain certificate can only be purchased from one of the Comodo resellers, or can apply to become one yourself.

To order the certs, you will need to first generate a Certificate Signing Request Key. This is easily done via Plesk admin UI.

  1. Login to the Plesk Control Panel.
  2. From the left hand menu, select 'Server'.
  3. Click on 'Certificates'.
  4. Click on the 'Add New Certificate' item.
  5. Fill out the information on the page. All items noted by red asterisks must be filled in
  6. Press the 'Request' button.
  7. You will then be returned to the Certificates menu. From the list at the bottom of the page, click on the certificate name that you just created. Mid-way down the page, there is a box. Copy the content of this box labelled 'CSR'.
  8. Paste the CSR into the order screen when purchasing the SSL certificate.

Shortly after ordering, the SSL certificate is emailed to you zipped along with the below CA certs:

  1. AddTrustExternalCARoot.crt
  2. PositiveSSLCA.crt
  3. UTNAddTrustServerCA.crt

The CA certs need to be concatenated and uploaded to Plesk as one single certificate and should follow the same order.

$ cat PositiveSSLCA.crt > CA.crt
$ cat UTNAddTrustServerCA.crt >> CA.crt
$ cat AddTrustExternalCARoot.crt >> CA.crt

Those files are available for download from Comodo's support site as well.

The order you place the contents of those files into a new file is important, and should be followed as outlined above. No blank lines should be added between the certificate contents when you copy the contents of the existing CA certs into a new file. You then provide this new file to Plesk when it asks for the CA Certificate.

In order to install the certificate, go back to the Certificate area in Plesk and upload or copy/paste the certs into the relevant areas.

Return to the Server Page and go to the IP address section. Click on the relevant IP address and apply the newly installed certificate.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
»

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

SSL Virtual Host Configuration

Submitted by sandip on Sat, 06/28/2008 - 01:31.

Below is example apache virtual host configuration file:

NameVirtualHost 192.168.1.2:443

#
# host.domain1.tld:443
#
<VirtualHost 192.168.1.2:443>
  ServerName host.domain1.tld
  UseCanonicalName Off
  DocumentRoot /var/www/vhosts/host.domain1.tld/web
  CustomLog /var/log/httpd/vhosts/host.domain1.tld/ssl_access_log combined
  ErrorLog /var/log/httpd/vhosts/host.domain1.tld/ssl_error_log
  SSLEngine on
  SSLVerifyClient none
  SSLCertificateFile /var/www/vhosts/host.domain1.tld/ssl/host.domain1.tld.pem
</VirtualHost>

#
# host.domain2.tld:443
#
<VirtualHost 192.168.1.2:443>
  ServerName host.domain2.tld
  UseCanonicalName Off
  DocumentRoot /var/www/host.domain2.tld/web
  CustomLog /var/log/httpd/vhosts/host.domain2.tld/ssl_access_log combined
  ErrorLog /var/log/httpd/vhosts/host.domain2.tld/ssl_error_log
  SSLEngine on
  SSLVerifyClient none
  SSLCertificateFile /var/www/vhosts/host.domain2.tld/ssl/host.domain2.tld.pem
</VirtualHost>

Note: The SSLCertificateFile are just dummy certificates as the actual certificate will be in the main "/etc/httpd/conf.d/ssl.conf" file.

A self-signed pem certificate is easy created via the below "make_cert.sh" script:

#!/bin/sh
# make_cert.sh
umask 077

answers() {
        echo --
        echo SomeState
        echo SomeCity
        echo SomeOrganization
        echo SomeOrganizationalUnit
        echo subscriptions.bioethika.com
        echo root@localhost.localdomain
}

if [ $# -eq 0 ] ; then
        echo $"Usage: `basename $0` filename [...]"
        exit 0
fi

for target in $@ ; do
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
        trap "rm -f $PEM1 $PEM2" SIGINT
        answers | /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 9999 -out $PEM2 2> /dev/null
        cat $PEM1 >  ${target}
        echo ""   >> ${target}
        cat $PEM2 >> ${target}
        rm -f $PEM1 $PEM2
done

»

Why not for e-ccomerce sites?

Submitted by Anonymous on Thu, 06/19/2008 - 05:14.

Why is the use of Host Headers not recommended for E-Commerce sites?

Thx,
Jose

»

Post new comment

  • Lines and paragraphs break automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.