Accessing Plesk Control Panel with https displays the following;
mydomain:8443 uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for plesk.
(Error code: sec_error_ca_cert_invalid)
You don’t need to buy another certificate, the certificate you now have is auto-generated by Plesk and will function just like any other SSL certificate. However, Plesk is not a ‘trusted authority’ in basically any browser, so whenever someone goes to your control panel they’ll get a warning, saying that someone who is untrusted (Plesk) made this certificate, and/or that the certificate name is not the same as the domain name. The only way to ‘fix’ this is to buy an SSL certificate.
1. Plesk created an SSL certificate for yourdomain.com. Now, when someone logs into https://yourdomain.com:8443 they will only get a warning saying that Plesk is untrusted. If they choose to accept this, the session will still be secured.
2. Plesk created an SSL certificate for yourbuzinessdomain.com. Now, when someone logs into https://yourcustomerdomain.com:8443 they will get a warning saying that Plesk is untrusted and that the name on the certificate doesn’t match the domain name they entered. If they choose to accept these warnings, the session will still be secured.
3. You bought an SSL certificate for yourbusinesdomain.com. Now, when someone logs into https://yourbusinesdomain.com:8443 they will not receive any warning. The session will be secured.
4. You bought an SSL certificate for yourbusinesdomain.com. Now, when someone logs into https://yourcustomerdomain.com:8443 they will receive a warning that the name of the certificate doesn’t match the domain name they entered. If they accept this, the session will still be secured.
So, ideally, you’d want scenario 3 to happen. All the above steps are just as secure, but scenario 3 looks the ‘finest’. Plesk itself doesn’t have any way of forcing people to use yourbusinesdomain.com to log in, though.
However, there is a way in Plesk that I have set up a domain called cp.mydomain.com. This domain redirects to https://mydomain.com:8443 and is hosted on a separate IP. Now, with the help of a firewall, you can block all incoming traffic for port 8443 on the IPs that other sites are hosted on. So, customers are forced to use the cp.mydomain.com link. They will get the login screen, and the correct SSL certificate, so they don’t see any errors.
– Tech Savvy.
To get more updates you can follow us on Facebook, Twitter, LinkedIn