make SSL Certificates for mail services manageable from Plesk
To change SSL certs for mail services one has to manually change at least three files: (depending on system e.g.)
This is very confusion and not very usable, esp. as there are already a number of SSL ways to set certificates in Plesk (per domain, per ID, for the panel, as std. for all domains, ...)
This could be streamlined and a simple tickbox, like 'Set this certificate for mail services' would make the life of administrators much easier!
We’re happy to announce that this feature is now available in Plesk Onyx, which was released recently for early adopters. You can try Plesk Onyx here: https://www.plesk.com/onyx/
If you have any feedback on the implementation of this feature, please let us know on the forum: https://talk.plesk.com/forums/plesk-onyx.744/
This feature is a must for us to continue using Plesk.
We see the problem from two angles. For too long, ssl was seen as something that fit in one or the other, but not both categories: ip management or website management. The result is where Plesk and most panels are today: a complete mess when it comes to security. We need someone to look at this as an important component, as it has and will continue to touch more and more areas of services management. Considering each ssl cert needs and ip address, we need an option that essentially gives the reseller, client the option to install extended security options. This would require an ip address, full certificate chain (if not available, help create one with csr, etc), and once the chain is filled-in, it creates all of the hooks to bind the ip address to the reseller or client and then the certificate chain to that assigned ip address. Treat security as security, not as a hidden-away option for just securing a website. If a reseller or client wants ssl, most likely, they want it for everything, right? I don't find too many that think "hey, we just want to buy a certificate and then use it just on the website" when it should be used across the board for their services.
The Same goes for the FTP-Server!
Yes and with this feature request implemented you will still have to replace it once every year. So it doesn't really change the fact that is costs you time every year.
Perhaps you just need a calendar?
Again, IMAP and POP3 do not support virtual hosting. Thus this will never work for multiple sites.
Yes, that shit cost me a lot of time to figure it out the first time I installed a certificate and a since then every year to remember when the certificate expires and has the get replaced.
This is very crucial and I strongly feel that you guys should implement this in the next release
please also include webmail services (roundcube / horde ...)
+3 - need this.
+3 - need this.
Bernd Rabe commented
Just tried to have postfix/courier work with 2 ip addresses and failed. I'd really appreciate a new feature that let you configure SSL for every domain.
John Shiells commented
i think its complete rubbish that this is not already something built in.
its even more rubbish that this idea was posted a year ago and is not in the software yet.
Jay Versluis commented
Yes please Parallels - make it happen.
Basically what's described in this KB article: http://kb.sp.parallels.com/en/1062 to be replaced with a drop down menu and a save button. For admins only.
Andrew Cranson commented
Agreed. This would be very useful, and costs us support time manually maintaining SSL certificates on VPS's quite often.
John Shiells commented
I would love to see this feature.. it is such a pain in the butt right now changing certs on a plesk server.
Christoph Teschers commented
Well, I am not sure about NSI for mail, but have the same setup as Peter has. We give our clients our main mail domain name to configure their email clients. I replaced the certificates manually and it works like a charm.
All we want is to make this process managable from PLESK to stream line certificate management.
Peter Heck commented
Support this initiative. For sure, per server there is only one certificate possible. But as default, this is set to the standard Plesk certificate and generates alerts at the clients and the user need to set an exception in the mail client to accept this certificate. On my server, I have a special domain for the mailserver and a certificate for it. Each customer hosted on the server gets from me the information, which mailserver names he should use (the one of the central domain).
So he recieves a valid certificate and no error is displayed in his mail program.
@Anonymous: I would love to hear how that should work. With SNI the server's hostname is sent to the server prior to SSL handshaking. POP3/IMAP and/or SMTP do not have such a feature. So, how could the server know which certificate to present to the client?
@Tozz: wrong. SMTP, POP3 and IMAP won't need an SNI *equivalent*. They can directly make use of SNI!
Be aware that mail servers (SMTP, POP3 and IMAP) do not have an SNI equivalent. Basicly this means you cannot do shared hosting (multiple sites with 1 IP) and have a valid SSL certificate on your mailservers which validates mail.<domain>.
This will only work if you instruct your users to use a general name (eg. plesk1.<isp name> of mail.<isp name>) and not a domain specific name such as mail.<customerdomain>