SSL Overview

Plesk Servers > SSL
Covered in this article:
  • What is SSL?
  • What are the components of an SSL Certificate?
  • How do I get an SSL Certificate?
  • Do I need a Dedicated IP Address?


What is SSL?

SSL stands for Secure Sockets Layer. SSL is used to create an encrypted connection between a website and a website visitor, helping to prevent interception, tampering or forgery of privately transmitted data. To enable SSL for your website you will need an SSL certificate. An SSL certificate provides information about the owner of the website, the organization, and the authority certifying that the connection can be trusted. A website secured with SSL is accessed via https:// instead of http://, and usually displays a green bar or lock icon in the address bar.
 

 

What are the components of an SSL Certificate?

CSR (Certificate Signing Request)
In order to purchase and key an SSL certificate, you must generate a CSR (Certificate Signing Request). This contains information that will be included in the certificate such as the organization name, location (state, city, country), and the domain name(s) to be secured by the certificate. In the Managed.com/PowerDNN.com environment this is done through your control panel, or Plesk for dedicated server customers. Please see How to Generate a CSR in Your Control Panel for more information.
 
Public Key / Private Key
The public and private key pair are comprised of two uniquely related cryptographic keys (basically long random numbers). The private key is used in generating the CSR, which will be used to 'key' your SSL certificate. The public key is included as part of your issued SSL certificate. As the name suggests, the private key should be kept private.
 
Certificate (.crt)
The SSL certificate itself. Once you are issued an SSL certificate by the vendor of your choice, they will provide you with a certificate file, and depending on the type of certificate you have purchased, an Intermediate or Certificate Authority (CA) file. For SSL certificates in our environment we ask that you have them keyed in the Plesk or Apache format.
 
Certificate Authority (CA)
A certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. In this model of trust relationships, a CA is a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. Usually the CA file provided will have several 'blocks' of text, versus one block for the main certificate.
 

What kind of SSL certificate do I need?

There are different types of SSL certificates to suit different needs. You must assess what your needs are in order to choose the correct SSL certificate for the website(s) in question. The basic question comes down to what domains do you need to secure?
 
  • A single domain?
    • A standard SSL will work here.
  • A single domain, but with subdomains as well? (site1.domain.com, site2.domain.com, etc)
    • A wildcard SSL certificate is what is needed.
  • Multiple domain names? (domain1.com, domain2.com, site1.domain2.com, domain3.com, etc)
    • A multi-domain SSL certificate will be required.


How do I get and install an SSL certificate?

SSL Assist is available for a fee if you wish to have the Managed.com Support team perform these steps for you. SSL Assist covers generation of the CSR, and application of the SSL certificate. You are responsible for having the certificate issued from the vendor of your choice. Please submit a ticket to Managed.com Support from your control panel, or call 1-877-743-8366 to request assistance. SSL Assist is included when purchasing an SSL directly through Managed.com.
 
There are several steps in acquiring and applying your SSL certificate.
 
1. Generating a Certificate Signing Request (CSR)
The first step in obtaining your certificate is to generate a Certificate Signing Request, which will be used at the vendor of your choice. You can find instructions for generating the CSR here: How to Generate a CSR
 
2. Choose an SSL Provider
As mentioned previously, SSL certificates can be purchased directly from Managed.com and include the SSL Assist service. Please see How to Purchase an SSL Certificate with Managed.com if you are interested in this option. If you do not wish to purchase your certificate through Managed.com, there are many other SSL provider options available which you can find online.
 
3. Key Your Certificate
You will need to have the certificate provisioned with the CSR you generated and for a specific system type. Our environment requires that you have your certificate keyed for Apache or Plesk. In the unlikely event that neither of those options are available, you may choose x509.
 
4. Download Your Certificate
Once you have provided the necessary information to your SSL provider (CSR and system type), they will generate your SSL certificate. Depending on the certificate type and vendor, this can take anywhere from a few hours to a few days. When it is ready, the vendor should provide you with a link to download your new certificate.
 
5. Install and Apply the SSL Certificate
Once you have downloaded the certificate, you can finally install the certificate. For Shared hosting customers, you can do this through your Managed.com/PowerDNN control panel. Dedicated customers will perform this step through Plesk on their server. Instructions on this step can be found at How to Apply an SSL Certificate in Plesk.
 

Do I need a Dedicated IP Address?

In the past, a dedicated IP address was a requirement for SSL installation. Newer software supports SNI (Server Name Indication) technology, which allows multiple certificates to be applied to a single IP address. Most servers in our shared environment meet the requirements to use SNI, however, some sites in our 2008R2 environments will not have this feature available. Dedicated server customers must meet the following minimum specifications for SNI compatibility:
 
  • Windows Server 2012R2
  • Plesk 12+
 
SNI is not compatible with some older technology, and users browsing your site utilizing this out of date software will have issues. The following older user-end software has been identified as incompatible with SNI:
 
  • Windows XP + any version of Internet Explorer (6, 7, 8, 9)
  • Internet Explorer 6 or earlier
  • Safari on Windows XP
  • BlackBerry Browser
  • Windows Mobile up to 6.5
  • Nokia Browser for Symbian at least on Series60
  • Opera Mobile for Symbian at least on Series60
 
While a dedicated IP address is not required if SNI is available, it is recommended if the highest level of compatibility is important to you. Other reasons a dedicated IP is worth paying for:
 
  • Secure FTP.
  • Email Stability and Security
    • While not required, a dedicated IP address 'isolates' your mail, preventing blacklisting or reputation issues due to the sending behavior of others.
If you are interested in a dedicated IP address, please see How to Purchase an Additional IP Address, or submit a ticket to Support.
 
---
 

Add Feedback