Article ID: 6140, created on Mar 13, 2009, last review on Aug 12, 2014

  • Applies to:
  • Plesk 9.x for Linux/Unix

Symptoms

By default self-signed SSL certificate is installed and used by SSO server. It is located in directory /etc/sso.

If SSL certificate is corrupted applications that work in SSO mode (Parallels Plesk Panel, Parallels Plesk Billing, Parallels Plesk Sitebuilder) may not open.

You may replace SSL certificate with valid as advised in article [How to] How to install custom SSL certificate in SSO server? or generate self-signed SSL certificate anew as it is described below.

Resolution

Open file /usr/share/sso/openssl.conf and find these options:

RANDFILE=${ENV::RANDFILE}
CN=${ENV::FQDN}
emailAddress=root@${ENV::FQDN}


Replace ${ENV::RANDFILE} and ${ENV::FQDN} with path to urandom file and server's hostname:

RANDFILE=/dev/urandom
CN=<hostname>
emailAddress=root@<hostname>


After file /usr/share/sso/openssl.conf was reconfigured you may start generating SSL certificate.

~# cd /etc/sso
sso]# :> /etc/sso/sso.pem
sso]# :> /etc/sso/sso-public.pem
sso]# dd if=/dev/urandom of=/etc/sso/sso.rand count=1 2>/dev/null
sso]# openssl req -new -x509 -days 3650 -nodes -config /usr/share/sso/openssl.conf -keyout /etc/sso/sso.pem -out /etc/sso/sso-public.pem
sso]# cat /etc/sso/sso-public.pem >> /etc/sso/sso.pem
sso]# openssl gendh -rand /etc/sso/sso.rand 512 >> /etc/sso/sso.pem
sso]# rm -f /etc/sso/sso.rand
sso]# chown sso:root /etc/sso/sso.pem /etc/sso/sso-public.pem
sso]# chmod 600 /etc/sso/sso.pem


sso]# :> /etc/sso/sso-ca.pem
sso]# dd if=/dev/urandom of=/etc/sso/sso.rand count=1 2>/dev/null
sso]# openssl req -new -x509 -days 3650 -nodes -config /usr/share/sso/openssl.conf -keyout /etc/sso/sso-ca.pem -out /etc/sso/sso-ca.pem
sso]# openssl gendh -rand /etc/sso/sso.rand 512 >> /etc/sso/sso-ca.pem
sso]# rm -f /etc/sso/sso.rand
sso]# chown sso:root /etc/sso/sso-ca.pem
sso]# chmod 600 /etc/sso/sso-ca.pem


After replacement sw-cp-server should be restarted:

~# /etc/init.d/sw-cp-server restart
Restarting SWsoft control panels server... stale pidfile.  [  OK  ]
~#

6ef0db7f1685482449634a455d77d3f4 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF