Article ID: 120468, created on Mar 7, 2014, last review on Sep 29, 2016

  • Applies to:
  • Plesk Automation 11.5

Symptoms

A provider wants to install an SSL certificate on PA billing for the Linux Control Panel server.

Resolution

In PA billing for Linux, the SSL certificate is configured using standard directives in the Apache configuration file /etc/httpd/conf.d/ssl.conf on the PA billing application server, namely - SSLCertificateFile and SSLCertificateKeyFile (optional).

In the default installation, the value of SSLCertificateFile directive is set to /usr/local/bm/etc/httpd/www.crt, so one may put the PEM-encoded SSL certificate and private key into the file /usr/local/bm/etc/httpd/www.crt. Alternatively, the private key may be put into a separate file, and the path to this file may be provided in the Apache directive SSLCertificateKeyFile.

After SSL certificate is changed, the Apache web server must be restarted:

~# /etc/init.d/httpd restart

Chain SSL Certificate

If the SSL certificate is issued by Certification Authority (CA), which is not included in the list of web browser trusted authorities, customers are shown an alarming warning upon opening the Online Store or the PA billing Control Panel for the first time. The warning message states that the site SSL certificate is unknown (for their browsers) and asks whether to trust the SSL certificate or not.

However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.

A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.

The chain SSL certificate is configured with the SSLCertificateChainFile directive, which should point to the file with the certificate chain. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.

Additional information

Refer to Apache documentation for more details about configuring SSL certificates:

Search Words

billing cannot display plesk automation

change billing certificate

install billing certificate

Change PA billing certificate

33a70544d00d562bbc5b17762c4ed2b3 e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF