Category: General
Problem
When logging in to a Plesk server via a web browser (e.g. https://pleskxx.hyve.com:8443/), a message is displayed warning that the certificate in place is not trusted because it is ‘self signed’. Specific warning messages differ from browser to browser.
Explanation
An SSL certificate is in place to confirm encryption of data being sent and received at the server from a client browser.
On our Plesk servers we use ‘self-signed’ certificates, which means that although we use 128bit encryption on the data, it is not guaranteed by a certification authority. Instead we sign the certificates directly on the servers themselves, so that we are not paying for a yearly certificate subscription from a third party, such as VeriSign unnecessarily. Technically there is absolutely no difference between the two types of certificate. The self signed certificates offer identical encryption to those issued by an authority.
The only real difference is that your browser recognises certain certification authorities, (such as VeriSign) so it can not confirm that the certificate is real/valid and that the site physically warranties certain levels of financial transactions. (Usually up to £10,000 per transaction). However, since we do not accept credit card data, nor do we sell anything via the Plesk control panel, there is no point in offering this transaction warranty, and therefore no point in having a third party issue the certificate.
Any data entered into the Plesk control panel is guaranteed to be 128bit encrypted and secure, even though the browser displays a message to indicate that the certificate is not valid. The reason this message is displayed is because the browser doesn’t by default recognise the issuing body (self-signed). All of our Plesk servers are hosted behind Cisco firewalls, using port 8443 via 128bit SSL encryption, so it would be extremely difficult to intercept the data stream between the browser and our Plesk servers.
Solution
Continue past the warning message into the control panel. This is achieved in different ways depending on the browser. In Internet Explorer, there is a link to continue whereas in Firefox, an exception must be added. Simply follow the instructions on the screen to continue past the warning intro the control panel.
NOTE
It is strongly recommended that you DO NOT use any website that displays a warning message of this type if you intend to enter any sensitive data such as card details.