SSL Certificate issues
Why do I see SSL / TLS certificate issues connecting my Plesk server and what are the risks?¶
Evaluating the security of the connection to Plesk server My Plesk checks if a valid SLL/TLS certificate is installed for Plesk panel and it is issued by a trusted certificate authority. This is the default security requirement with just a few exceptions when you see one of the following warning messages:
- Certificate expired obviously means that the existing certificate is no longer valid and should be renewed.
- Hostname/IP does not match certificate's altnames message is shown when the common name to which the certificate is issued (e.g., pleskserver.com) doesn't exactly match the hostname used for adding the server. This error can happen even if the correct certificate is installed properly. For example, you connect the server via the IP address or an internal name but the certificate was issued to the fully-qualified domain name (or vice versa).
- Finally, you will see Self-signed certificate or Self-signed certificate in certificate chain messages when a self-signed certificate or a certificate issued by your company (which is not a trusted Certificate Authority) is installed for your Plesk panel.
All the above messages mean that My Plesk does not find a trusted identification to prove that it connects to the server you specified. Ignoring these warnings and accepting the risks you should remember that in this case the connection may be vulnerable to man-in-the-middle (MITM) attacks.
Using self-signed or outdated SSL certificates can pose several risks to the security and functionality of a website or application. SSL certificates are essential for establishing secure, encrypted connections between a user's browser and a web server. When these certificates are not correctly configured or maintained, they can introduce vulnerabilities and issues. Here are the critical risks associated with using self-signed or outdated SSL certificates with Plesk 360:
- Security risks that lead to loss of Plesk control: Attackers can exploit certificate weaknesses to intercept and read sensitive data transmitted between the user and the server. This enables them to intercept and modify data exchanged between the two parties without detection.
- Maintenance overhead that may happen when you have multiple invalid certificates: Managing self-signed certificates or keeping track of multiple certificates with different expiration dates can be time-consuming. It requires regular renewal, configuration, and monitoring to ensure continuous security.
To mitigate these risks, it's essential to use trusted, valid SSL certificates from reputable certificate authorities (CAs) and ensure they are regularly updated and properly configured. Additionally, implementing best practices for certificate management, such as automation and monitoring, can help maintain a secure and reliable SSL infrastructure.