Accessing Plesk Control Panel with https display the following
mydomain:8443 uses an invalid security certificate.
(Error code: sec_error_ca_cert_invalid)
You don’t need to buy another certificate, the certificate you now have is auto-generated by Plesk and will function just like any other SSL certificate. However, Plesk is not a ‘trusted authority’ in basically any browser, so whenever someone goes to your controlpanel they’ll get a warning, saying that someone who is untrusted (plesk) made this certificate, and/or that the certificate name is not the same as the domain name. The only way to ‘fix’ this is to buy a SSL certificate.
1. Plesk created a SSL certificate for yourdomain.com. Now, when someone logs into https://yourdomain.com:8443 they will only get a warning saying that Plesk is untrusted. If they choose to accept this, the session will still be secured.
2. Plesk created a SSL certificate for yourbuzinessdomain.com. Now, when someone logs into https://yourcustomerdomain.com:8443 they will get a warning saying that Plesk is untrusted, and that the name on the certificate doesn’t match the domain name they entered. If they choose to accept these warnings, the session will still be secured.
3. You bought a SSL certificate for yourbusinesdomain.com. Now, when someone logs into https://yourbusinesdomain.com:8443 they will not receive any warning. The session will be secured.
4. You bought a SSL certificate for yourbusinesdomain.com. Now, when someone logs into https://yourcustomerdomain.com:8443 they will receive a warning that the name of the certificate doesn’t match the domain name they entered. If they accept this, the session will still be secured.
So, ideally, you’d want scenario 3 to happen. All the above steps are just as secure, but scenario 3 looks the ‘finest’. Plesk itself doesnt have any way of forcing people to use yourbusinesdomain.com to login, though.
However there is a way in Plesk that I have setup a domain called cp.mydomain.com. This domain redirects to https://mydomain.com:8443 and is hosted on a seperate IP. Now, with the help of a firewall, you can block all incoming traffic for port 8443 on the IPs that other sites are hosted on. So, customers are forced to use the cp.mydomain.com link. They will get the login screen, and the correct SSL certificate, so they don’t see any errors.
– Tech Savvy.