Ooops!! Looks like I didn't do a good job searching, just came across this thread (http://forums.deftechgroup.com/showthread.php?t=392&highlight=8443) that looks like it answers the question. Sorry!


Hello all, first post!

I have added a new SSL cert from StartCom.org to my PowerVPS server. I have successfully installed the cert through Plesk and it works for normal https:// calls to the domain.

My problem now is getting it to override/replace the cert used when accessing port 8443 for logging into the Plesk control panel. I have jumbled around in the /usr/local/psa directories and replaced any key/certs there with my cert but still after rebooting the VPS it still uses the EXPIRED vz61.defenderhosting.com cert.

Any ideas how to use my cert for port 8443? Can it be done from shell or do I need to make this a support ticket?

You cannot change that cert on port 8443 as it applies to all VPS on that server and virtuozzo listens on that port (even non-plesk vps get a response on port 8443). If you use a different port for plesk you can use your own (contact support for details).

BTW, as soon as we figure out an anonymous domain name were going to get a wildcard cert and use that on all ports used by virtuozzo (including 8443 and the power panel) .

charles

You cannot change that cert on port 8443 as it applies to all VPS on that server and virtuozzo listens on that port (even non-plesk vps get a response on port 8443). If you use a different port for plesk you can use your own (contact support for details).

Just to add to the post I linked above, it was quite easy after all! After submitting a support ticket the tech gave instructions as well as offering to make the change. I made the necessary edits to the psa's httpsd.conf file and restarted. After a little head scratching and a quick reply back to support, the new port was opened up on the firewall and my users can now login to their plesk panels using the cert for my domain. Yeah! :D

BTW, as soon as we figure out an anonymous domain name were going to get a wildcard cert and use that on all ports used by virtuozzo (including 8443 and the power panel) .

Important correction to my first post: the expired cert was only on the Power Panel login, the plesk logins were using the default 'plesk' certs.

I really don't mind the warning on port 4643 as I am the only one using that. It was the plesk panel logins I was concerned with and thanks to the fantastic PowerVPS support, it is all working now! :cool:

Just to add to the post I linked above, it was quite easy after all! After submitting a support ticket the tech gave instructions as well as offering to make the change. I made the necessary edits to the psa's httpsd.conf file and restarted. After a little head scratching and a quick reply back to support, the new port was opened up on the firewall and my users can now login to their plesk panels using the cert for my domain. Yeah! :D

Could you run down the steps?

This is what I did:


Added the httpsd.custom.include config file with:
Listen 2443
Added this port incoming and outgoing to the firewall.


When I first made this change, the 2443 page brought up a different login screen than 8443 adding a language dropdown box. This is what I assume is the proxy response. Username 'root' is disabled, but 'admin' works. Not that it really matters, but did this happen to you?

After tinkering around to get some other apps working, using 2443 redirects to 8443. This probably has something to do with the 'ServerName' variable, and is also not important at this stage.

But going back a bit, I also noticed that port 8443 continued to serve even when I changed the 'listen' variable inside the httpsd.conf and when I replaced 8443 in the firewall with the new port.

Now, I changed the firewall ports from inside the power panel, and I bet APF is still running and the two are probably conflicting with each other. That explains why 8443 might still be open (does it?), but why would the psa server still respond when I changed the 'listen' variable (as apposed to adding one in httpsd.custom.include)?

This confused me, but since none of it really matters for securities sake, I haven't worried about trying to figure it out yet. And not that it's broken either, but curiousity man, it's a powerful thing.

Anyway, I'd be interested to hear how you accomplished the port change.

Mike