Product:
Search Type:

How do I set SSL certificate for Plesk installed inside a Virtuozzo VE?

Article ID: 1090 
Last Review: Jul,18 2008
APPLIES TO:
  • Virtuozzo for Linux 3.x

RESOLUTION

If Plesk is installed inside a Virtuozzo VE and offline management is turned on for that VE then all requests to Plesk port 8443 are being intercepted by a Service VE and default SSL certificate installed inside a Service VE is used.

If you want to set up a separate SSL certificate into a VE with Plesk for Virtuozzo 4.x version please contact Support Team to obtain solution for feature #44867.
For Virtuozzo 3.x version you may use the following instructions:

Let assume we have VE #101 with IP address 192.168.1.1 and hostname plesk.example.com.

1. Take SSL certificate from VE #101, it is accessible as /vz/root/101/usr/local/psa/admin/conf/httpsd.pem file on a hardware node and split it to separate files 192.168.1.1.crt and 192.168.1.1.key files which contain certificate and private key parts accordingly. Place these files into a Service VE in /vz/root/1/etc/vzcp directory.

2. Add the following section in the end of /vz/root/1/etc/vzcp/httpd.conf file for the Virtuozzo 3.0:

<VirtualHost 192.168.1.1:8443>
ServerName "plesk.example.com"
ProxyPreserveHost On

RequestHeader set X_VZCP_API_VERSION 30000
RequestHeader set X_VZCP_PROXY_MODE 1
RequestHeader set X_VZCP_PSA_PORT 8443
RequestHeader set X_VZCP_PSA_PROTO https
RequestHeader set X_VZCP_PSA_BASE_URL /vz/cp/psa/frameset
RequestHeader set X_VZCP_PSA_NOSERV_URL /vz/cp/psa/noservice
RequestHeader set X_VZCP_PSA_RESTORE_URL /vz/cp/psa/restore_session
RequestHeader set X_VZCP_PSA_PASSWD_URL /vz/cp/restore-password

SSLEngine on
RewriteEngine on
RewriteRule ^/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/vz/cp/?$ /vz/cp/psa/frameset [R]
RewriteRule ^/login\.php3.*$ /vz/cp/psa/frameset [R]
RewriteRule ^/(vz|psa|favicon.ico) - [L]
RewriteRule ^(/.*)$ http://%{SERVER_ADDR}:8880$1 [P,QSA]

SSLCertificateFile "/etc/vzcp/192.168.1.1.crt"
SSLCertificateKeyFile "/etc/vzcp/192.168.1.1.key"

SetEnv VZCP_PORT 8443
SetEnv VZCP_MODE_PLESK yes
SetEnv VZCP_PSA_BASE_URL /vz/cp/psa/frameset

ErrorDocument 502 "/vz/cp/psa/noservice"
</VirtualHost>

If you need to use CA Certificate, also add SSLCACertificatePath directive and specify the path to the file that contains CA Certificate.

NOTE: if you have Virtuozzo 2.6.2 installed please change X_VZCP_API_VERSION to 20602 so that the corresponding line looks like this:

RequestHeader set X_VZCP_API_VERSION 20602

3. You may set the ServerName or check that it is possible to resolve hostname by IP from inside a Service VE. You may add this line into /etc/hosts inside a Service VE if needed:

192.168.1.1 plesk.example.com

4. Restart the 'vzcp' service inside a Service VE:
# vzctl exec 1 service vzcp restart
Keywords: VZPP Plesk SSL offline management Service VE

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields