Article ID: 8443, created on Apr 15, 2010, last review on Oct 18, 2014

  • Applies to:
  • Operations Automation 5.5
  • Operations Automation 5.4
  • Operations Automation 5.3
  • Business Automation 4.4

How to install an SSL certificate on the Parallels Operations Automation (POA) Control Panel website

  1. Linux-based Control Panel server

    1.1 Exclusive IP address

    1.2 Shared IP address

  2. Windows-based Control Panel server

    2.1 Exclusive IP address

    2.2 Shared IP address

Resolution

During the SSL certificate purchase, select the proper webserver type (if asked):

  • Apache + mod_ssl (for Linux-based Control Panel server)
  • Microsoft IIS (for Windows-based Control Panel server)

Let's assume that the POA Control Panel is accessible at http://cp.provider.com. Provided that you already have the SSL certificate and corresponding private key, perform the steps below to install the certificate on the POA Control Panel (CP) website.

The correct actions depend on the web hosting type (Apache or IIS) and the website IP address type (shared or exclusive).

1. Linux-based Control Panel server

First, check which type of IP address the Control Panel website is using in POA (shared or exclusive):

  • Log in to the POA Provider Control Panel.

  • Click the Hosting CP link to log in to the Provider Hosting Control Panel.

  • Find the Control Panel website in the list of the Provider's websites and click on it.

  • Click the Web Hosting Settings link.

  • Find the IP address type in the Basic Settings section:

Basic Settings

If you do not see the IP address type in the POA Control Panel, enable the Show website IP address and type parameter in the Provider Control Panel at System Director > Configuration Manager > System Properties > CCP Layout.

1.1. Control Panel website uses exclusive IP address

Install an SSL certificate using POA Control Panel

  1. In the POA Provider Hosting Control Panel, click on the CP website.

  2. Click the Web Hosting Settings link.

  3. Switch to the SSL tab.

  4. Click the Install certificate button and follow instructions in the wizard.

1.2. Control Panel website uses shared IP address

Install an SSL certificate using the instructions below

  1. Log in to the server where POA Control Panel is working via SSH as root. In this case, it is cp.provider.com.

  2. Create the httpsd.pem file in the home directory and put both the private key and the certificate itself in this file. It will look like:

     -----BEGIN RSA PRIVATE KEY-----
     MIICXQIBAAKBgQC9lYqCdzK1pI8+QJUIzdxRXZkhZxTF00Ez4ZuoUX11mKOc+tD3
     [ PRIVATE KEY PART ]
     IuJmZxxu+BoDsTHkGbvEUlIsIwD3726U32s3E+39q7GT
     -----END RSA PRIVATE KEY-----
    
     -----BEGIN CERTIFICATE-----
     MIIERzCCAy+gAwIBAgILAQAAAAABFYV2+oMwDQYJKoZIhvcNAQEFBQAwcTELMAkG
     [ CERTIFICATE PART ]
     1hSck70KzDQoNeMLpNnL5vNERJGm9347RxCatepJPEM4gCMn1dCfdxjPuA==
     -----END CERTIFICATE-----
    

    Note: It should be the real private key and certificate (together in one file).

  3. Create a backup of the currently installed SSL certificate so you can roll back to the old certificate. You can use the following command (that will create the file httpsd.pem.bak-YYYY-MM-DD):

    # cp /usr/local/pem/etc/apache/httpsd.pem /usr/local/pem/etc/apache/httpsd.pem.bak-`date -I`

  4. Copy the httpsd.pem file you created in step 2 to /usr/local/pem/etc/apache/httpsd.pem:

    # cp -f httpsd.pem /usr/local/pem/etc/apache/httpsd.pem

  5. If an intermediate SSL certificate is used, then put its contents into the /usr/local/pem/etc/apache/httpsd.pem_ca file and add the corresponding Apache directive, SSLCACERTIFICATEFILE, into the /usr/local/pem/etc/apache/httpd.conf_pem.override file:

    <IFMODULE mod_ssl.c> SSLCACERTIFICATEFILE /usr/local/pem/etc/apache/httpsd.pem_ca </IFMODULE>

  6. Restart the Apache server:

    # /etc/init.d/pemhttpd restart

  7. Open the URL of the POA Control Panel in the browser (https://cp.provider.com). It should show the new SSL certificate.

2. Windows-based Control Panel server

First, check which type of IP address the Control Panel website is using in POA (shared or exclusive):

  • Log in to the POA Provider Control Panel.

  • Click the Hosting CP link to log in to the Provider Hosting Control Panel.

  • Find the Control Panel website in the list of the Provider's websites and click on it.

  • Switch to the Web tab.

  • Find the IP address type in the Web Hosting section:

Web Hosting

If you do not see the IP address type in the POA Control Panel, enable the Show website IP address and type parameter in the Provider Control Panel at System Director > Configuration Manager > System Properties > CCP Layout.

2.1. Control Panel website uses exclusive IP address

Install an SSL certificate using POA Control Panel

  1. In the POA Provider Hosting Control Panel, click on the CP website.

  2. Click the More Tools > SSL link.

  3. Switch to the SSL tab.

  4. Click the Install Certificate and Enable SSL button and follow the instructions in the wizard.

2.2. Control Panel website uses shared IP address

Install an SSL certificate using native Windows tools

  1. Import the SSL certificate into the computer account using the Certificates MMC snap-in. Convert the certificate into PFX format before importing (if needed).

  2. Use IIS Manager to configure SSL binding for the Control Panel website in IIS and assign the SSL certificate imported on the previous step.

Find more details about installing certificates in IIS in the following article: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

Search Words

invalid security certificate Error code: sec_error_expired_issuer_certificate

renew ssl

Request contains no ciertificate or template information

ssl ca certificate

SSL Certificate Cannot Be Trusted

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 ac82ce33439a9c1feec4ff4f2f638899 2554725ed606193dd9bbce21365bed4e 5b048d9bddf8048a00aba7e0bdadef37 198398b282069eaf2d94a6af87dcb3ff 3d55d50f8852f9c7863e871edae687aa 4ab279b4a01a37a9fdcbcd5333c6c096 e12cea1d47a3125d335d68e6d4e15e07 a8cdca46e4357a6e38fded820770e272

Email subscription for changes to this article
Save as PDF