circumventing security warnings loging into Plesk

andor · 06-03-2007, 10:13 AM

Hi,

As you know when trying to login the Plesk control panel a warning is issued that states that the certificate is not valid and (especially IE makes a show out of it) that it is not advised to enter the site.

Personally I find it rather annoying explaining to my customers (I'm a reseller) that IE is wrong and that they should ignore all the warnings. HN helpsdesk says there is no way to prevent the errors from appearing. I find that hard to believe, however.

I wonder: if I buy a certificate for my (main) domain and install it in Plesk, and I have my clients login from my main domains' loginpage, would they be able to do so error free? Does anyone have experience with this? Any other ideas for solutions?

Thanks,
Andor

**RobbieLePommie** · 06-03-2007, 05:35 PM

Your solution is the only solution: you can log in to https://AnyDomainOnThatServer.com:8443 and it works. I've not actually tried using my own certificate for it, but if Plesk didn't deliver the right certificate then it's being naughty.

Note that there were some areas in Plesk where the URL was "absolute" and note "relative". This meant that it fell back on the domain used in the configuration. I don't know if those have been fixed or not.

andor · 06-04-2007, 02:14 AM

Well that's what I thought, that there must be something wrong. But HN says the overload of security warnings are more like a feature, not a bug

More so, the only way to get rid of them is to upgrade to a dedicated server where you can install your own certificate. Helpdesk says that with HN you can't install your own certificate on shared hosting, so control panel access without the invalid certificate warnings is simply impossible. I'm really sad, because I was so happy finally finding a excellent and affordable host, but this is - well - just really annoying.

I've asked them why then they can't install one certificate for the entire server, so people can access their control panels by IP without wading through all the warnings. There actually is a security certificate on the server that is made out to domain 'plesk'. That way it doesn't seem to serve any purpose. So why not replace that one with one made out to the server's IP? I find it hard to believe that I'm the only HN-customers finding it troublesome to resell accounts when IE tells my customers it's really unsafe to use their 'untrustworthy' control panels. :-S

**RobbieLePommie** · 06-04-2007, 07:11 AM

I've just noticed that you're on e Windows server - Unfortunately I can only answer this from a Linux point of view... so ignore my earler answer about it being possible as that's Linux. It may be on Windows, but if the techs say "no" then that's the only advice I've got.

However, I've just checked the details for Plesk for Windows and you CAN have certificates per domain.

I've also checked on a Windows account and you CAN go to https://yourdomain.com:8443 and log in that way. So I really don't see why you can't do it, unless some quirk of Plesk will only provide the generic certificate...

You can create yourself a certificate (do it for free - just don't use a trusting authority) and upload and point your browser at https://yourdomain.com:8443 and see if it works. It'll cost you nothing except a few minutes. I'm sure it'll work
**************
The generic certificate this is slightly historic and based on user's comments and feedback and debate at the time HostNexus started out. It took about a year for it to be settled on but there was a lot of discussion at the time. I can't remember the ins and outs, though.

andor · 06-04-2007, 07:59 AM

Hi Rob,

Thanks a lot for your help. I'm now trying to implement the certificate. Despite of what two different HN helpdesk people told me, Plesk does offer the possibility to create one within my shared hosting windows account.

A whole new world it is, the world of SSL and certificates, but I think I'm getting a grasp of it slowly but surely

But do I need to connect the certificate in some way to the loginpage, or is its mere presence in Plesk enough to make it work? I made a self-signing certificate, but in the certificate repository it says that that the certificate is used 0 times and login in to the CP without IE7 advising me to close the browser is still something I can only dream about. Now I'm trying to create a signed certificate; I've found a (free!) trusting authority on the web which will send me CA-component shortly, I'm curious if that'll work.

But just getting a valid certificate (made out to my domain) in the Plesk-repository should do the trick?

Thanks so much for your help!

Andor

**RobbieLePommie** · 06-04-2007, 06:21 PM

If you create the unsigned certificate, you'll still get a warning - but the warning relates to the fact it's unsigned and not "expired". So that's what you are looking for - will Plesk use the right certificate if you go to https://yourdomain.com:8443

If you're not sure, either post your domain here, or PM if you want to keep it quiet and I'll have a go and let you know if you're on a winner or not.

**MikeMann** · 06-04-2007, 11:54 PM

Creating a certificate (whether purchased or self-signed) and visiting yousite.com:8443 will not circumvent the certificate warning in either IE or Firefox (most likely any other browser) as it will still look for the plesk default certificate. However, Firefox has a plugin to disable certs based on mis-matched domains. In other words, you'll get a popup about the certificate not belonging to the domain you entered, and a check box to disable future warnings (use at your own risk).

**RobbieLePommie** · 06-05-2007, 06:17 AM

Thanks, Mike. That's settled that one....