Article ID: 127430, created on Nov 14, 2015, last review on Nov 14, 2015

  • Applies to:
  • Plesk Automation 11.5

Symptoms

How to change self-signed SSL certificate for ProFTP service on Apache Service node?

Resolution

In order to change expired self-signed certificate for ProFTP on Apache Service node please do the following:

  1. Login to to Apache node via ssh as root and check current certificate location. For example:

    [root@apachenode ~]# grep TLSRSACertificate /etc/proftpd.conf
            TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
            TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
    
  2. Create backup of original file:

    [root@apachenode ~]# cp -p /usr/local/psa/admin/conf/httpsd.pem{,.bak}
    
  3. Login to PA Management node as root and create certificate for required service node:

    [root@managementnode ~]# /usr/local/ppa/bin/agent_certmng -c -type sn -hostid <number_of_service_node>
    

    Note: <number_of_service_node> you can obtain from GUI PA > Infrastructure > Service Nodes or using ppa.sn_list all command in SSH on PA Management node.

  4. Two files sn_<number>.crt and sn_<number>.key will be created. Place both files in certificate file:

    [root@managementnode ~]# cat  sn_<number>.crt sn_<number>.key > httpsd.pem
    
  5. Copy new certificate file on required service node.

  6. Change permissions on original file on Apache node:

    [root@apachenode ~]# chmod 0700 /usr/local/psa/admin/conf/httpsd.pem
    
  7. Replace expired certificate file with new certificate and change permissions back:

    [root@apachenode ~]# cp -rp httpsd.pem /usr/local/psa/admin/conf/httpsd.pem
    [root@apachenode ~]# chmod 0400 /usr/local/psa/admin/conf/httpsd.pem
    
  8. Restart the internal sw-cp-server and xinitd services by running the following command:

    [root@apachenode ~]# /etc/init.d/sw-cp-server restart
    [root@apachenode ~]# /etc/init.d/xinetd restart
    

Search Words

TLSRSACertificateKeyFile

Expired ftp SSL

replace service node certificate

change SSL certificate

SSL for FTP

httpsd.pem

TLSRSACertificateFile

33a70544d00d562bbc5b17762c4ed2b3 caea8340e2d186a540518d08602aa065 e0aff7830fa22f92062ee4db78133079

Email subscription for changes to this article
Save as PDF