Posts Tagged ‘CA’

Commercial SSL certificates with SolusVM

Monday, February 6th, 2012

When you install SolusVM it generates a self signed SSL certificate for use with the end user control panel and admin interface, however it would be wise to purchase a certificate from a commercial certificate authority to prevent man in the middle attacks (and get rid of annoying browser warning messages).

There are two different methods of installing SSL certificates in SoluSVM depending on if you are using the original Lighttpd web-server or the new Nginx option.

For Lighttpd, you need to place the Base64 encoded DER form of both the private key and the x509 certificate in /usr/local/solusvm/ssl/solusvm.pem and then restart the Lighttpd web-server.

You may need to edit /etc/lighttpd/lighttpd.conf and set “ssl.ca-file” to be the path to the Base64 encoded DER form of the x509 certificate intermediate certificate for your Certificate Authority.

For Nginx, you place the Base64 encoded DER form of both the private key in /usr/local/solusvm/ssl/nginxcert.key and the Base64 encoded DER form of x509 certificate in /usr/local/solusvm/ssl/nginxcert.pem then restart the Nginx web-server.

If you need to include an intermediate certificate for your Certificate Authority, then this also goes in the /usr/local/solusvm/ssl/nginxcert.pem file in Base64 encoded DER form.

Parallels Plesk 9 and SSL certificates signed by an intermediate Certificate Authority (CA)

Wednesday, February 9th, 2011

Parallels Plesk 9 doesn’t seem to like installing certificates signed by an intermediate Certificate Authority (which is becoming more and more common and will be all certificates in the next year or two) through the SSL certificates part of the Plesk interface available to both administrators and end users.

A work around to this seems to be to install the CA bundle (both the root CA and the intermediate CA certificates) together and then install your certificate separately, otherwise you will just receive an error saying that the certificate was not signed by the certificate authority.