知識庫

如何使用證書保護伺服器服務 (control panel login/webmail/owa)?

You may use any of our SSL Certificates to establish a secured connection for such services as cPanel/WHM/Webmail. A single certificate will be able to cover ports 2083, 2087 and 2096.

One of the domain validated certificates may be used, as they do not require any paperwork and are issued within a few minutes after you receive a confirmation email to one of the approver email addresses.

Before installing a SSL certificate for these services, you will need to generate a CSR code and have your SSL certificate activated and issued. You can find instructions on how to generate a CSR code here.

Once the certificate is issued, follow these steps to get everything set:

Login to WHM » Service Configuration » Manage Service SSL Certificates » cPanel/WHM/Webmail Service. Under 'Install new Certificate' check the box with the service you want to secure and proceed to the boxes below.

Secure_services_1.jpg

Secure_services_2.jpg

The 'Certificate' box should contain the SSL certificate sent to you by the Certificate Authority. The 'Private key' box is for the RSA Private key you got during CSR code generation.

Note: even though the box says CA Bundle is optional, you need to install it, otherwise your hostname will return errors.

After you fill in all the boxes, click on the Install button.

Secure_services_3.jpg

The following instructions can be used for any service on this page, not just the cPanel/WHM/Webmail Service, but all the services will only work for the server name.

Usually it is necessary to install the certificate on such server service as cPanel or WHM so that the owners of the domains hosted on your server access their cPanel/WHM account by secure https protocol. Once the certificate is installed for the servername, it is necessary to set up the redirect rules for the cPanel/WHM accounts to the server name. The redirect is set up in Home » Server Configuration » Tweak Settings » Redirection.

The Always redirect to SSL, Non-SSL redirect destination and SSL redirect destination options apply when visitors attempt to access their accounts by these URLs:
- www.example.com/cpanel and www.example.com:2083
- www.example.com/webmail and www.example.com:2096
- www.example.com/whm and www.example.com:2087

The redirect will not work if you use the following links:
- cpanel.example.com
- webmail.example.com
- whm.example.com

The default value for Always redirect to SSL is set to Off. If you enable it, please note that you would need to enable the 'Require SSL' option in the 'Security' section of the Tweak Settings interface; your customers will be redirected to HTTPS:// and will not be able to log into their accounts via HTTP.

In SSL redirect destination select Hostname. The 'Non-SSL redirect destination' will not be used as the redirect to SSL has higher priority.

After the changes are saved, your customers will be redirected to https://server-hostname.tld:2083 (:2087, :2096) if they try to connect to www.example.com:2083 or any other links mentioned above.

By this time you will have the server certificate installed and thus server-hostname.tld already secured.

To be sure that the Certificate works as expected, you will need to clear cache in your browser before testing the login URL, especially if your browser remembers that your self-signed certificate is safe, and try to connect to the required service through https:// .

To use the SSL Certificate as a Service one in Plesk, you need to update a default Certificate that was generated during Plesk installation.

Once the certificate for the domain name is installed in Plesk, it should be assigned to the required services. A new enabled SSL Certificate can be found in the list* and you need to click on 'Secure control panel' if you have Plesk 8.2 or later, otherwise click 'Install' if you have an older Plesk version.

* For Parallels Plesk Panel version 7.x, 8.x:

Server -> Certificates

For Parallels Plesk Panel version 9.x:

Settings -> SSL Certificates

For Parallels Plesk Panel version 10.x:

Tools & Utilities -> SSL Certificates