Posts Tagged 'Plesk'

March 18, 2011

Parallels on SoftLayer: Webinar Series

We recently started a webinar series with our friends over at Parallels to help customers in different markets understand how they can use SoftLayer and Parallels to power their businesses. A shared hoster, an IT professional and a web designer are going to have different needs and priorities when it comes to infrastructure architecture and control panel management, so our goal for the webinar series is to address some of those differences to help you understand how flexible and powerful the SoftLayer + Parallels combination can be for your business ... regardless of your industry.

If you're a shared hosting provider, and you didn't have an opportunity to join us for our "Parallels on SoftLayer for Shared Hosters" session last week, we have an archived version available for you here:

If you fancy yourself more of a web designer, this week's session might be more interesting for you:

If you don't fall into one of those categories and consider yourself more of a "Jack of all trades" when it comes to IT, this general session might be the best fit for you:

What other markets or industries would you like us to feature? Are these kinds of webinars helpful to you?

-@nday91

June 19, 2009

Self Signed SSL

A customer called up concerned the other day after getting a dire looking warning in Firefox3 regarding a self-signed SSL certificate.

"The certificate is not trusted because it is self signed."

In that case, she was connecting to her Plesk Control Panel and she wondered if it was safe. I figured the explanation might make for a worthwhile blog entry, so here goes.

When you connect to an HTTPS website your browser and the server exchange certificate information which allows them to encrypt the communication session. The certificates can be signed in two ways: by a certificate authority or what is known as self-signed. Either case is just as good from an encryption point of view. Keys are exchanged and data gets encrypted.

So if they are equally good from an encryption point of view why would someone pay for a CA signed certificate? The answer to that comes from the second function of an SSL cert: identity.

A CA signed cert is considered superior because someone (the CA) has said "Yes, the people to whom we've sold this cert have convinced us they are who they say they are". This convincing is sometimes little more than presenting some money to the CA. What makes the browser trust a given CA? That would be its configured store of trusted root certificates. For example, in Firefox3, if you go to Options > Advanced > Encryption and select View Certificates you can see the pre-installed trusted certificates under the Authorities tab. Provided a certificate has a chain of signatures leading back to one of these Authorities then Firefox will accept that it is legitimately signed.

To make the browser completely happy a certificate has to pass the following tests:

1) Valid signature
2) The Common Name needs to match the hostname you're trying to hit
3) The certificate has to be within its valid time period

A self-signed cert can match all of those criteria, provided you configure the browser to accept it as an Authority certificate.

Back to the original question... is it safe to work with a certificate which your browser has flagged as problematic. The answer is yes, if the problem is expected, such as hitting the self-signed cert on a new Plesk installation. Where you should be concerned is if a certificate that SHOULD be good, such as your bank, is causing the browser to complain. In that case further investigation is definitely warranted. It could be just a glitch or misconfiguration. It could also be someone trying to impersonate the target site.

Until next time... go forth and encrypt everything!

Subscribe to plesk