Importing SSL certificate into Plesk!

Discussion in 'Plesk 7.1 Reloaded Installation and 'How Do I' Questions' started by StudioSever, Oct 20, 2004.

  1. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    Hello

    I have alredy checked all previous posts on this subject but didn't find my answer.

    We have problems with importing the digital certificate into Plesk. Here is what we've done:

    First we generated the certificate request manually within console with the command:
    /usr/bin/openssl req -new -newkey rsa:2048 -keyout /home/httpd/vhosts/studio-sever.si/conf/ssl.key/apache.kljuc -out apache_zahtevek.pem

    Then after we got the certificate based on request we made, the "key" and the "certificate" files were not accepted by Plesk.

    When we try to import the key and the certificate it says:
    "Unable to set the private key: Probably the private key format is invalid."

    Now we are confused what could be wrong.
    1. Is there some kind of a rule that you must make a request within Plesk and not manually within console?
    2. Are there any rules on file names and extensions (we used: privatekey.txt, certificate.txt)?
    3. Or is there actually some issue on the character code or something within privatekey.txt.

    We received the key with the begining as follows:
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,A6756FD6E3A7558A
    (one break line)
    [THE KEY]
    -----END RSA PRIVATE KEY-----


    We also tried to delete the first three lines:
    -----BEGIN RSA PRIVATE KEY-----
    [THE KEY]
    -----END RSA PRIVATE KEY-----

    Also didn't work, the same error appeared!


    So does anyone has any ideas or suggestions what could be wrong.
    The first thing I want to be sure of is, if we followed the right steps? Meaning, manually generate request within console instead of making a request within Plesk.

    Regards and thank you in adavnce!

    Sever
     
  2. dscheff

    dscheff Guest

    If you received the cert in an email make sure line breaks that were removed are restored before you copy and paste it. This worked for me with GeoTrust Starter SSL Cert
     
  3. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    Did you generate the request within Plesk?

    regards,
    Sever
     
  4. dscheff

    dscheff Guest

    Yup. Copied the CSR and pasted into the textarea at freessl.com

    When they emailed me the cert I opened the email in Outlook. In the top of the email window there is was a note in yellow that said line breaks had been removed and to click there to restore them. I did that and it worked, but before that it did not.

    Good luck
     
  5. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    Hmm what confuses me is the possible mistake I've made when I generated the request manually within console instead of making the request within Plesk.

    Don't know.


    regards,
    Mitja
     
  6. dscheff

    dscheff Guest

    Why didn't you use Plesk to do it, just curious.

    Not sure I can help you out - it was just a thought based on my experience, but I am no expert on this, trust me.
     
  7. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    Well I was confused as a newbie (still am), to SSL cer world.
    And as a newbie I followed the manuals they gave me.
    They = where I bought the cert.

    But manuals I followed are for pure apache server, without Plesk or something like that.

    Then when I (after all those steps), received the cert I wanted to import it into Plesk. Then Plesk said: "Unable to set the private key: Probably the private key format is invalid."

    Tried with different file names, different extensions, tried copy - paste, also tried with uploading method, tried to delete the extra line break ... the same error always appeard.

    Really don't know what to do now! Where did I go wrong. Beacuse If i messed up in the beginning with manual generating the request within console, if this is a 100% sure problem ... I'll just fill out the form and wait again for 14 days to get another authorization and reference number needed for getting a new certificate (with new request generated within Plesk). But I would like to get some other option.

    Regards,
    Sever
     
  8. dscheff

    dscheff Guest

    14 days - is that with Verisign or something?

    I think you really are better off using Plesk to generate the CSR, submit that to the Issuing Authirity, and see how that goes.
     
  9. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    14 days, not Verisign.

    Our goverment / centre for informatics - certification authority
    Slovenia

    regards,
    Sever
     
  10. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    hello ... anyone???


    Damn now I don't know where to look for a possible mistake.

    Just answer me the main question please!

    Is there some kind of a rule that you must make a request within Plesk and not manually within console?
     
  11. dscheff

    dscheff Guest

    Maybe not, but I have found in my limited time using Plesk that if you try to do things without using the Control Panel your risk certain parts of the system thatr might need to know of such a change not knowing and thus not working. Plesk uses a database to store info about itself, and when you make changes in their Panel, updates are made to the DB. If instead you use the command line, there mey be entries that do not6 get made. That is why I would recommend being rogue only when there is something PLesk simpyl will not let you do, or you have read from a reliable source that you can.

    Again, I am not expert enough to answer your question. I just offered that suggestion because it caused me trouble.

    Dan
     
  12. StudioSever

    StudioSever Kilo Poster

    Messages:
    26
    Hello.

    Thanx dscheff!
    It's truth about the Plesk and the system. We always prefer to do everything in Plesk itself. But we have never request any certificate before so we screwed up.

    However we asked for the new keys and sent a new request which we generated within Plesk. Hope this time will go smooth!

    Regards,
    Sever
     

Share This Page