hi, i am trying to get the https part working. When i go to https://www.mydomain.com i can see the default plesk index page. As i understand it, i should upload all files/folder i like to secure in httpsdocs. 1/ when i edit the default plesk index page i can't see the changes. 2/ when i upload a folder test with an index page i get a 404 (https://www.mydomain.com/test/ I haven't uploaded a SSL certificate yet, should this be done in order to test the https???
@mnami, i just created a simple self-signed certificate. Is this sufficient? It still doesn't work. can i just put some data in the fields Private key , Certificate and CA Certificate when i hit self-signed? https://www.mydomain.com/test/index.php just seems to redirect to http://www.mydomain.com/test/index.php And what do i do next after creating a SSL certificate? How do i use my Cert1 ??
ah it seem to work now i had to give it some time. But when you have, say 5 different certificates on a domain, how do you select a particular one for a folder???
self signed certificate is not sufficient. please see this section on the above wikipedia article : HTTP_Secure#Server_setup
ok, the self signed option in Plesk isn't good enough. right now i am trying to create my own with openssl, but it IE browser says my certificate is invalid? Why is this? How can i create a valid one? Could the shared hosting be an issue? If i look at the certificate shown by IE i see , server1.maindomain.com but i am using the certificate for www.anotherdomain.com. Or can't i create an own valid certificate and must it be generated by verisign or another big one?? regards btw: tx for the answers so far
Your signed, free, trial, shared SSL would do the work to make your site HTTPS but it will say clearly the type. And will put impression that you are not REAL in market. Why to put an bad impression in front of the customer that site owner even can not purchase a $25 / year certificate? It's cheap also and reliable also for the customer. Go for it. And you really do not want to spend money, I suggest to go for shared rather than self signed SSL
To make https work, first you should have (i) dedicated IP (ii) open port 443 (iii) you can use self signed certificate but it will warn users.
(i) got that (ii) hmm, don't know for sure (iii) even when i use openssl to create a private cert and key?? i know i can just buy a certificate from my hosting company.
Any sort of self signer certificate is basically useless if you are trying to show users you have a safe connection. If you sign a certificate, that basically tells them your cheap and don't want to invest in a decent certificate to protect there personal information. If you are short on money, go to Google and search go daddy 12.99 ssl. That will be more the sufficient for your use. Once you have that, create your csr(certificate signing request) and submit it or input it into the field given on Go Daddy when you initially setup your cert. Once your certificate is ready and verified, you will have the option to download it. With that, choose the download option for plesk as your using plesk. Then simply install it via plesk's ssl cert manager.
It is possible to decipher a captured full SSL / TLS HTTPS session with a known plaintext attack in cryptext. The question is: how long will it take? The answer depends on the amount used (eg, DES, 3DES, AES, RC5, etc.), and duration of the session key.