I seem to keep forgetting the steps here, when I have to re-do it every few years.
- Create a CA bundle file, in the proper order, via the steps here.
- In the Plesk dashboard (tested in v9.5.4), go to Home->Domains->yourdomain.com->SSL Certificates, and add a new one. Paste in, or upload your certificate file for “Certificate” and the bundle file for “CA Certificate”. I think the first time through, you may have to add in the private key file as well.
- Go up a level to Web Hosting Settings and select the new certificate you just made.
- Go to Home->Services Management, and stop Apache and then start it. This step may be extraneous.
- You’re not done yet! Now put the bundle file, certificate, and private key somewhere safe on the server filesystem. The first two may now be in /usr/local/psa/var/certificates/ but it’s not clear they are ever used – at any rate we’ll ignore them.
- Update /etc/httpd/conf.d/ssl.conf with the following:
# This seems to override whatever is in the domain VirtualHost. SSLCertificateFile /path/to/domain_com.crt SSLCertificateKeyFile /path/to/domain.com.key SSLCACertificateFile /path/to/domain_com.ca-bundle - Now bounce Apache again. You’ll see the new certificate.
If you run into trouble you can check this out for details on how to verify the SSL certificate being sent.