(Plesk for Windows) Configuring Centralized SSL Certificate Support in Plesk

By default, SSL certificates are stored and managed locally on each Windows server. However, this practice has certain disadvantages. An alternative is to configure Centralized SSL Certificate Support, which enables you to store and manage certificates in one central location. This topic explains how to set up Centralized SSL Certificate Support in Plesk.

Storing and managing SSL certificates locally on each Windows server has the following disadvantages:

  • It puts a limit on the number of SSL-secured websites you can host on a single server.
  • It makes managing certificates for multiple secured websites hosted on different servers inconvenient and time-consuming.

These disadvantages can be avoided by using Centralized SSL Certificate Support. This IIS feature allows you to store and manage SSL certificates in one central location called the Centralized Certificate Store.

When you configure Plesk to use Centralized SSL Certificate Support, whenever a SSL certificate is issued via Plesk, it is automatically saved in the Centralized Certificate Store, where you can manage it. Certificates issued via Plesk previously are automatically saved as well. Saved certificates are encrypted and have the.pfx extension.

Note

Centralized SSL Certificate Support is available in IIS 8.0 or later.

To configure Centralized SSL Certificate Support in Plesk:

  1. Create a folder (local or shared) to store certificates.

  2. Install the “Centralized SSL Certificate Support” component in IIS.

  3. Configure the “Centralized SSL Certificate Support” feature. Note the values you use for “Physical path”, “User name” and “Password”. You will use them during further steps to configure Centralized SSL Certificate Support in Plesk.

  4. Log in to Plesk.

  5. Go to Tools & Settings > Server Components (under “Server Management”).

  6. Click the Refresh button.

  7. In Plesk CLI, execute the following command:

    plesk bin server_pref.exe --update -central-cert-store-path <path-to-store> -central-cert-store-private-key-password <password>
    

    where

    <path-to-store> is the path to the folder (local or shared) where certificates are stored, specified during step 3.

    <password> is the password to encrypt certificates in the Centralized Certificate Store.

  8. If you use the UNC path for the Centralized Certificate Store, execute the following command. Otherwise skip this step:

    plesk bin server_pref.exe --update -central-cert-store-user-login <username> -central-cert-store-user-password <password>
    

    where

    <username> is the name of the user with the write permission to the Centralized Certificate Store, specified during step 3.

    <password> is that user’s password, specified during step 3.

  9. Execute the following command to enable the Centralized Certificate Store in Plesk:

    plesk bin server_pref.exe --update -central-cert-store true