-- -- -- Getting the Server Ready -- -- --

1) Get an additional ip address from askmesurfer@rackshack.net

2) In Plesk: create an ip based domain.
- Example: secure.yourdomain.com

3) Login via ssh2.

4) cd to the secure.yourdomain.com directory.
- Example: cd /home/httpd/vhosts/secure.yourdomain.com

5) remove the httpsdocs directory.
- Example: rm -r httpsdocs

6) Create a symlink to the web_users directory called httpsdocs
- Example: ln -s /home/httpd/vhosts/secure.yourdomain.com/web_users httpsdocs

7) Change ownerships for httpsdocs to the domain user: secure
- Example: chown secure.psacln httpsdocs

Done setting up the server.



-- -- -- Setting up ssl accounts. -- -- --

1) Login to Plesk as admin, client, or domain user for secure.yourdomain.com

2) Add a "Web User" using plesk.
- Example:

Web user name: ssluser
New Password: ssluserpass
Confirm Password: ssluserpass
Check SSI, PHP, CGI, mod_perl, ASP support.

Done!




-- -- -- This is what will happen. -- -- --

The web user can upload files via their own ftp account.
- Example:
host: secure.yourdomain.com
user: ssluser
pass: ssluserpass

Their secure order forms and files can be accessed at:
https://secure.yourdomain.com/~ssluser

CGI, ASP, & PHP works!




-- -- -- Secure and watch Web Stats -- -- --

The ssl user should only use the ssl space for order forms. But, they could upload files to this space to avoid bandwidth / disk space overages on their main account.

(plesk should allow domain users to place quota's on web users within their domain - but plesk doesn't right now)

So, download the Web Usage Program to monitor both disk space and bandwidth for secure.yourdomain.com: http://cwdhost.com/showusagenew.zip

Screenshot: http://cwdhost.com/screenshot.gif

If the bandwidth and disk space is 2 GBs and you only have 10 ssl users, then one or more of them is not using the ssl account as it should be use. Run du from ssh2 program to find large files.

-- You can also use Webalizer for secure.yourdomain.com to find large files and high bandwidth sucking files that should not be on the ssl server.

Just enable webalizer for secure.yourdomain.com and password protect the webstat directory using plesk.

Does anybody have a how-to for Ensim Shared SSL?

I know it would help!

Richard

Nat,

Thanks for the suggestion! I thought I'd throw in an alternate method, just for variety. I set up the initial stuff the same: secure.myhost.com as IP-based, got SSL cert, etc.

I then created the directive outside of httpd.include so that I could make manual changes and not have Plesk override them. Within the directive for secure.myhost.com, I added some directory settings as follows:

CODE

# ----- Directory Settings for Aliases ----- #

       <Directory /usr/local/psa/home/vhosts>

       <IfModule mod_php4.c>

               php_admin_flag engine on

               php_admin_value open_basedir "/usr/local/psa/home/vhosts"

       </IfModule>

               SSLRequireSSL

               Options -Includes +ExecCGI

       </Directory>

Then, if I want to give a client access to SSL, I add an Alias as follows:

CODE

Alias /myclient.com /usr/local/psa/home/vhosts/myclient.com/httpdocs

And voila! They can see all their stuff at: https://secure.myhost.com/myclient.com/
(NOTE: I could have set up the alias as just Alias /myclient ... and left out the .com)

One other neat trick I've done in addition:

CODE

RedirectPermanet /login "https://secure.myhost.com:8443/"

This way, I can tell my clients to access the control panel as: https://secure.myhost.com/login

Anyway, just another suggestion for an alternate method.

-Danimal

Here ya go Richard...

Shared SSL HowTo for Ensim WPLS3.0

This HowTo is specific to InstantSSL $49 Certificate but
other certs should work much the same.
(note: at the time I got mine RS certificates were still unavailable.
If you are using the RS cert then I would expect they will supply
complete instructions for installing it.)

I'm also assuming that if you are going to use your own
nameservers and change your server hostname, you have
already done so. If not follow the the instructions here first.
http://forum.rackshack.net/showthread.php?...=&threadid=3750

Once you have done the above or you are using RS nameservers
and leaving hostname as ensim.rackshack.net then continue....

Things you need to know / have to purchase your certificate:
A) Server Hostname ie: ensim.rackshack.net or myserver.mydomain.com (whatever you named it)
B) Server software is: Apache-ModSSL
C) Your Encrypted Certificate Request : Generated in step 1.
D) Proof of identity to email or fax to InstantSSL after purchase of certificate.
See details of requirements at http://www.instantssl.com/


Step1. In Appliance Administrator go to
Configure Apache Web Server - SSL Settings

At the bottom of the SSL Settings form, click Generate.
Fill in all the details and then click Save..
(If you need more help on filling in details click the help button in
your Appliance Admin. View section :
'Securing Domains Using SSL Certification')

The SSL window displays a new certificate request in an encrypted form.
Copy the Request section (including) -----BEGIN CERTIFICATE REQUEST-----
to -----END CERTIFICATE REQUEST-----
Now go to http://www.instantssl.com/ and follow the instructions for purchasing
your certificate.

Step2.
Once you get your certificate emailed to you (it will take 24 to 48 hrs) open it in a text editor
(notepad or similar will do).
Now go to Appliance Admin - Configure Apache Web Server - SSL Settings
Scroll to bottom and click on Import.
Copy the certificate information from the text editor and paste it into the Certificate text box.
Click Save.
Now restart the web server.
If you run into trouble and find that you cannot access Appliance Admin after restarting,
read this : http://forum.rackshack.net/showthread.php?...=&threadid=5975
or this : http://www.ensim.com/ubb/Forum1/HTML/000672.html

Step3.
Now go to:
http://www.instantssl.com/support/cert_ins...on/mod_ssl.html
and follow the instructions for installing the ca-bundle into apache.

Below are the steps I took to do this. I'm a bit of a newbie to SSH so no doubt there
is an easier way to do it. (maybe someone more experienced could post it)

NOTE: It is recommended to save a backup copy of the original httpd.conf file
before making any changes.

(su - to root)
# cd /etc/httpd/conf [return]
# wget http://www.instantssl.com/support/cert_ins...allation/ca.txt [return]
# mv ca.txt ca-bundle [return] (renames ca.txt to ca-bundle)
# pico httpd.conf [return] (brings up httpd.conf in pico editor)
ctrl+w (to bring up search box)
(paste into search box) :
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key [return] (to locate line in file)
(under the above line paste the following into a new line)
SSLCertificateChainFile /etc/httpd/conf/ca-bundle
ctrl+o (to save and exit pico)
# /etc/rc.d/init.d/httpd restart [return]

OK that's it, your virtual sites can now call secure files by
https://myserver.mydomain.com/~admin#/filename.html
(# being whatever the site number is. This number can be found in Site Admin - Site Summary - Services & Options - Domain Preview: http://xxx.xxx.xxx.xxx/~admin#/)

Hope this helps,
...Grum

Danimal:

Could you please clarify, where to write above codes. Should I write these codes to vhost.conf for the secure.myhost.com or any other files?

Thanks
Umesh

Umesh,

Sure! You can put the settings in the vhost.conf file. I'd recommend creating a IP-based entry in Plesk for this. I did: secure.mydomain.com but you can do it however you like.

Then, put these settings in the vhost.conf or vhosts.conf depending upon whether you want it for http:// or https://

What I was saying at first was that I did this outside of plesk and put the stuff in a manually-created directive, but it should work just the same via the vhost(s).conf file for a hosting account created via Plesk.

So the short answer is: yes, vhost.conf is the right place to write these settings.

Enjoy!

-Danimal

Grum's post above on the ensim ssl works great.
But just encase your having problem make sure you have an A record in your dns for myserver.mydomain.com
Maybe there is someone as new as me at this stuff.

I managed to allow sites to use their own certs by doing:
Create in a /etc/httpd/conf/virtual/virtual.conf
-------------------------------------------------------------------
NamevirtualHost IP_OF_YOUR_MAIN_SERVER:443


-------------------------------------------------------------------
Create in /etc/httpd/conf/virtual/sites.ssl



ServerName yyy.com
ErrorLog /home/virtual/site#/fst/...../..../..log
ServerAdmin xxx@xxx.com
TransferLog /home/virtual/site#/fst/...../..../..log
SSLEngine on
SSLCertificateFile /home/virtual/site#/fst/etc/ssl/server.crt
SSLCertificateKeyFile /home/virtual/site#/fst/etc/ssl/private/server.key





ServerName xxx.xxxx.com
ErrorLog /home/virtual/site#/fst/...../..../..log
ServerAdmin xxx@xxx.com
TransferLog /home/virtual/site#/fst/...../..../..log
SSLEngine on
SSLCertificateFile /home/virtual/site#/fst/etc/ssl/server.crt
SSLCertificateKeyFile /home/virtual/site#/fst/etc/ssl/private/server.key

I have heard talk about this being possible with plesk 6.0....I will ask when I talk to plesk later this week. Becuase I agree with you...it should be an option..and if it becomes one..I may just start offering this option myself.