2014 June

How to create a CSR (Certificate Signing Request) in Plesk

Adding an SSL certificate in Plesk is a multi-step process. Understanding what SSL is and how it works will make this process much easier.

Understanding SSL

What is SSL

Secure Socket Layer (SSL) Certificates are used to encrypt all data sent from your server to the client, and from the client back to the server. The use of SSL is strongly recommended when allowing a user to enter sensitive information such as passwords or credit card data into a form. Without the use of SSL, the data is transmitted over the Internet in a plain text format that a malicious users could read without issue. By using SSL, the data is encrypted, rendering the data virtually impossible to read.

Once applied to a website, the encryption is used when accessing the website using https://domain.com instead of the standard, unencrypted http://domain.com. You might notice the ‘s’ in ‘https’ stands for “secure”.

 

How SSL Works

SSL works by encrypting the information from the server to the user by utilizing encryption keys. A private key on the server is used to encrypt the data and a public key that is provided in the SSL certificate is used to un-encrypt the data. Conversely, information sent by the user is encrypted using the certificate and that information can only be un-encrypted by the private key on the server.

Because only the public key can un-encrypt the information encrypted by the private key and only the private key can un-encrypt data sent by the public key, it is extremely important that they remain in pairs. You cannot mix public an private keys from different certificates.

 

SSL Certificate Descriptions

There are a maximum of 4 certificates, depending on your situation.

CSR: Certificate Signing Request

This certificate is used to request an SSL certificate from a trusted provider such as Comodo, Verisign, Godaddy, etc. When ordering an SSL Certificate from a Trusted Provider, you must copy and paste the entire certificate, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–”

Example CSR
—–BEGIN CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
aabbcTHIS+IS+NOT+A+REAL+CERTIFICATE++DO+NOT+USE+THIS+EXAMPLEaabc
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
—–END CERTIFICATE REQUEST—–

 

Private Key

The Private Key is the glue successfully installing an SSL Certificate on your website. This certificate is used to create the CSR, which in turn, is used to create the Public Key. The Public and Private keys then work together to create a secure connection between the server and the user’s browser. The Private Key and Public Key must match in order for the connection to work correctly.

 

SSL or Public Key

This key might also be referred to as the SSL Certificate. This is the certificate you receive back from a Trusted Provider after submitting the CSR. The Public keys works with the Private Key to encode the information transmitted between the server and the user’s browser.

 

CA (Certificate Authrority)

The CA Certificate is provided by a Trusted Provider when purchasing an SSL Certificate. This certificate lets the browser know the SSL certificate was issued by a trusted provider and prevents the browser from displaying warning messages.

CA Certificate files are often provided in pairs, so do not be surprised if you get 2 files. Both of these must be pasted into the CA Certificate file in order to work correctly

 

Overview

The basic steps to installing an SSL certificate include:
1. Create a CSR (Certificate Signing Request)
2. Submit the CSR to a Trusted Provider (also known as a Certificate Authority) and purchase the SSL.
3. Upload the SSL files to the server.
4. Apply the new certificate to your domain.

 

Create the CSR

Open Advanced Domain Options

Open the Advanced Options for the domain you’re going to add SSL to.

How to view Advanced Domain Options

Advanced Domain Options are used to set the following settings:

Website Scripting and Security, PHP Settings, Web Server Settings, Applications, File Manager, Web Statistics, DNS Settings, Secure Your Sites (SSL), Password protecting directories, Website copying, Viewing Logs and creating web users along with information about how to move a site from development to productions and how to close a site from production to a development environment.

To access a Domain’s Advanced Settings:

From the Home screen, click “Domains” then click the link for the Domain name.

plesk-domains-domainname

 

Click the “Websites & Domains” tab, then scroll down the page until you locate the correct Domain.  (Unless you have added additional domains or subdomains to the subscription, this will be the only domain listed.)

At the bottom of the containing box, click the small arrow at the bottom center to display the advanced domain options.

advanced-settings-1

 

advanced-settings-2

 

Click “Secure Your Sites”

Inside the Advanced Options, click the “Secure Your Sites”

secure-your-site

 

SSL Certificates

On the SSL Certificates page, under the Tools heading, click “Add SSL Certificate”

ssl-certificates-pg

 

Add SSL Certificate

Under Add SSL Certificate, you’ll need to fill out the CSR Request form.

Certificate Name: Enter a unique name for the certificate.  You can use any name you wish as long as it is unique.  I recommend using the domain name and the current year.

Country: Select the country the business is based in from the dropdown box.

State or province: Enter the state or province of the business

Location (city): Enter the city the business is located in.

Organization name (company): Enter your business name.

Organization department or division name: This setting is optional.  If you wish, you may enter a department.  Examples might include IT, Marketing or Sales

Domain name: Enter the domain name.  If you are applying the certificate to a specific subdomain (sales.domain.com or blog.domain.com), make sure you enter the exact subdomain.

Email: Enter your contact email address.

Once you have filled in the form, click Request.

csr-form

Access Your CSR

After your CSR is generated you will be returned to the SSL Certificates page with a notice saying the new SSL certificate was added.

To view the CSR, scroll down the page under Certificates and click on the certificate name you created in the previous step.

You’ll notice to the right of the certficate, there are some small icons under the letters R, K, C and A. These represent the certificate files that have been created. R=Certificate Signing Request, K=Private Key, C=Public Key and A=Signing Authority. The icons that are displayed in full color represent the files that have been created and the icons that appear greyed out represent the missing certificates.

csr-complete

 

“Change Properties of SSL Certificate” Page

On the “Change Properties of SSL Certificate” page, scroll down the page until you see “CSR” .  The text displayed starting with “- – – – – BEGIN CERTIFICATE REQUEST- – – – -” through “- – – – -END CERTIFICATE REQUEST- – – – -” is the text you will provide to a 3rd party certificate provider.  Copy the entire text, including the Begin Certificate and End Certificate lines.

-----BEGIN CERTIFICATE REQUEST-----
 MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEPMA0GA1UE
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 LmNvZGVyb3RyYWluaW5nLmluZm8xJjAkBgkqhkiG9w0BCQEWF2NvZHlAY29kZXJv
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Ij1egAZp380U8gcUU99DQqTjrXOtc7PBEOg4jdIrpoII/K5SoaaJ7oyQH5TH4rDM
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 bNSkZVi7zlv1Hmn3Gxo73ik64WwmWlNeylAFlmX15F5pT7sjXLWfynukBCh4fscF
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Aktmq2mSKWzlh1f0OVLYgjbf2SdqcQgDIf81D7U34q7tmL72bUdBbrjJiE2+9pa4
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 fmLhurzt+e4m0fgl4gh8z/YjcmZaX9THQkHJxp0gd0A1xkm0SkvJ38QHwkuNpDBp
 Yx/CVhzfIzSi3yJuCwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAKxFgaWdqiws
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 Gf4iV0WKen2Z9Ssu3nhESf/pt9WSZWsB6b0R8ZGROkDu1WZ60wgN1OvhQaSARqVX
 ThIsIsAfAkeCeRtIfIcAte+dOnOtUsEtHiStExT/ThIsIsAfAkeCeRtIfIcAte+d
 lUpupKEK5Q4=
 -----END CERTIFICATE REQUEST-----

 

 

By admin on June 26, 2014 | Plesk | A comment?

Understanding SSL

What is SSL

Secure Socket Layer (SSL) Certificates are used to encrypt all data sent from your server to the client, and from the client back to the server. The use of SSL is strongly recommended when allowing a user to enter sensitive information such as passwords or credit card data into a form. Without the use of SSL, the data is transmitted over the Internet in a plain text format that a malicious users could read without issue. By using SSL, the data is encrypted, rendering the data virtually impossible to read.

Once applied to a website, the encryption is used when accessing the website using https://domain.com instead of the standard, unencrypted http://domain.com. You might notice the ‘s’ in ‘https’ stands for “secure”.

 

How SSL Works

SSL works by encrypting the information from the server to the user by utilizing encryption keys. A private key on the server is used to encrypt the data and a public key that is provided in the SSL certificate is used to un-encrypt the data. Conversely, information sent by the user is encrypted using the certificate and that information can only be un-encrypted by the private key on the server.

Because only the public key can un-encrypt the information encrypted by the private key and only the private key can un-encrypt data sent by the public key, it is extremely important that they remain in pairs. You cannot mix public an private keys from different certificates.

 

SSL Certificate Descriptions

There are a maximum of 4 certificates, depending on your situation.

CSR: Certificate Signing Request

This certificate is used to request an SSL certificate from a trusted provider such as Comodo, Verisign, Godaddy, etc. When ordering an SSL Certificate from a Trusted Provider, you must copy and paste the entire certificate, including “—–BEGIN CERTIFICATE REQUEST—–” and “—–END CERTIFICATE REQUEST—–”

Example CSR
—–BEGIN CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
aabbcTHIS+IS+NOT+A+REAL+CERTIFICATE++DO+NOT+USE+THIS+EXAMPLEaabc
HQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v
Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV
IlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr
WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J
cIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl
4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH
Q0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D
6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn
—–END CERTIFICATE REQUEST—–

 

Private Key

The Private Key is the glue successfully installing an SSL Certificate on your website. This certificate is used to create the CSR, which in turn, is used to create the Public Key. The Public and Private keys then work together to create a secure connection between the server and the user’s browser. The Private Key and Public Key must match in order for the connection to work correctly.

 

SSL or Public Key

This key might also be referred to as the SSL Certificate. This is the certificate you receive back from a Trusted Provider after submitting the CSR. The Public keys works with the Private Key to encode the information transmitted between the server and the user’s browser.

 

CA (Certificate Authrority)

The CA Certificate is provided by a Trusted Provider when purchasing an SSL Certificate. This certificate lets the browser know the SSL certificate was issued by a trusted provider and prevents the browser from displaying warning messages.

CA Certificate files are often provided in pairs, so do not be surprised if you get 2 files. Both of these must be pasted into the CA Certificate file in order to work correctly
By admin on | Http | A comment?

Install ownCloud Desktop Sync Client in Linux

Install OwnCloud Desktop Sync Client in Linux

Ubuntu

 

sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud-client.list"
sudo apt-get update
sudo apt-get install owncloud-client

Additional References

http://software.opensuse.org/download/package?project=isv:ownCloud:desktop&package=owncloud-client

http://owncloud.org/sync-clients/

By admin on June 11, 2014 | ownCloud | A comment?

How to View Advanced Domain Options in Plesk

Advanced Domain Options are used to set the following settings:

Website Scripting and Security, PHP Settings, Web Server Settings, Applications, File Manager, Web Statistics, DNS Settings, Secure Your Sites (SSL), Password protecting directories, Website copying, Viewing Logs and creating web users along with information about how to move a site from development to productions and how to close a site from production to a development environment.

To access a Domain’s Advanced Settings:

From the Home screen, click “Domains” then click the link for the Domain name.

plesk-domains-domainname

 

Click the “Websites & Domains” tab, then scroll down the page until you locate the correct Domain.  (Unless you have added additional domains or subdomains to the subscription, this will be the only domain listed.)

At the bottom of the containing box, click the small arrow at the bottom center to display the advanced domain options.

advanced-settings-1

 

advanced-settings-2

By admin on June 7, 2014 | Plesk | A comment?

How to setup WHM with Codero Nameservers

This article will walk you through the steps of setting up WHM for the very first time using Codero’s nameservers (ns1.codero.com and ns2.codero.com) for your DNS Management.

 

Log In

Log into WHM.  You will need to use https://IP.ADD.RE.SS:2087 to access the login screen.

Username: root
Password: The root password provided with your server.  This is also the ssh root password.

whm-1

 

Step 1: End User Agreement

Read the End User License Agreement then click I Agree/Go to Step 2

whm-2

 

Step 2: Setup Networking

Contact Information

Enter your administrator’s email address. This is the address email sent from your server will be delivered to. It is important that is a working and monitored email address.

whm-2a

 

Hostname

Select a Fully Qualified Domain Name (FQDN) for your server. This is usually a subdomain of your primary business domain name that defines the server. Some good examples would be server.mydomain.com, mail.mydomain.com, or webserver.mydomain.com.

It is not recommended to use an actual working domain name for your hostname, such as www.mydomain.com or simply domain.com
Make a note of the hostname you select and use this for the reverse DNS on your server’s primary IP address.
http://www.howtowebhost.com/how-to-set-reverse-dns-rdns/

whm-2b

 

Resolvers

Resolver IPs are used to convert domain names to IP addresses. Using the wrong Resolver IPs can drastically reduce the performance of your server.

Primary Resolver: 69.64.66.11
Secondary Resolver: 69.64.66.10

whm-2c

 

Main Network/Ethernet Device

To best determine the device to use, log into your server with ssh, then run the ifconfig command. Locate the line with your primary IP address. The line directly above it will show the correct device.

whm-2da

Example:

# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:12:34:56:78:9A  
          inet addr:64.150.180.1  Bcast:64.255.255.255  Mask:255.0.0.0

In this example the correct device is eth1. To change the default, you will need to select Other from the dropdown, then manually type in the correct device name.

whm-2db

After you have completed all of these steps, click the Save & Go to Step 3 button.

 

Step 3: Setup IP Addresses

Adding additional IPs is beyond the scope of this article. Click Skip This Step and Use Default Settings.

 

Step 4: Nameservers

Since we will be using the Codero nameservers, ns1.codero.com and ns2.codero.com, int the Nameserver Configuration window, select (*) Disabled, then scroll to the bottom of the page and click .

whm-2e

 

Step 5: Services

FTP
Select Pure-FTPD

(*) Pure-FTPD

Mail Configuration
Select Dovecot and check “Convert Mailbox Format

(*) Dovecot
[X] Convert mailbox settings file format to new mai server's format during migration

 
Configure cPHulk

cPHulk is great for protecting your server against brute force attacks, however it can also block legitimate users from accessing their accounts, including the root user.

Use the values shown in the image below to prevent “accidental” lock outs from blocking these users for extended periods of time.

whm-2fc

 
Install common set of Perl Modules
It is generally not necessary to install the Perl Modules. Leave this unchecked.

[ ] Provide modules to /usr/bin/perl formerly provided by checkpermodules

 
After you have completed all of these steps, click the Save and Go to Step 6 button.

 

Step 6: Quotas

Select (*) Use files system quotas then click Finish Setup Wizard

whm-2fc

 

Feature Showcase

Use all the defaults on this page. Scroll to the bottom of the page and click By admin on June 6, 2014 | Control Panels, WHM / cPanel | A comment?