Los certificados SSL/TLS protegen los datos confidenciales mediante el cifrado de las conexiones entre el cliente y el servidor. Asimismo, actualmente en la red disponer de un certificado SSL/TLS válido es prácticamente un requisito esencial. Si desea mejorar la seguridad y la confianza de sus clientes en su empresa, le recomendamos encarecidamente que proteja Plesk y el servidor de correo Plesk con certificados SSL/TLS. En este tema se detalla cómo proteger tanto Plesk como su servidor de correo con un certificado SSL/TLS gratuito de Let’s Encrypt, un certificado SSL/TLS adquirido a una autoridad de certificación o bien un certificado SSL/TLS autofirmado.

Durante la instalación, tanto Plesk como su servidor de correo se protegen automáticamente con un certificado SSL/TLS autofirmado y gratuito. Esto permite cifrar las conexiones a Plesk y su servidor de correo con el fin de que, por ejemplo, no puedan interceptarse las contraseñas. De todos modos, cabe destacar que los certificados SSL/TLS autofirmados presentan un inconveniente. Cualquiera que visite un servidor Plesk protegido con un certificado SSL/TLS autofirmado obtendrá una advertencia informándole de que el sitio no es seguro, lo cual puede ocasionar cierto desconcierto. Para evitarlo, le recomendamos proteger Plesk y su servidor de correo con un certificado SSL/TLS gratuito de Let’s Encrypt o con un certificado SSL/TLS comprado a una autoridad de certificación.

Nota: si protege el servidor de correo Plesk con un certificado SSL/TLS, cerciórese de que usa el nombre de dominio para el que se emitió el certificado cuando se conecte al servidor de correo e informe a sus clientes para que hagan lo mismo. De lo contrario, es posible que el software del cliente de correo no pueda verificar la identidad del servidor de correo, lo que puede ocasionar problemas para enviar o recibir mensajes.

Securing Plesk and the Mail Server With a Certificate From Let’s Encrypt

Let’s Encrypt is an open certificate authority providing free SSL/TLS certificates. You can easily secure both Plesk and the Plesk mail server with SSL/TLS certificates using the free Let’s Encrypt extension.

When you install or upgrade the Let’s Encrypt extension, if Plesk is secured with a self-signed certificate, the extension automatically replaces it with a valid SSL/TLS certificate from Let’s Encrypt. The extension does not automatically secure the Plesk mail server.

If you want to replace a valid certificate issued by a certificate authority with one from Let’s Encrypt, follow the steps below.

To secure Plesk and the mail server with a certificate from Let’s Encrypt:

  1. Install the Let’s Encrypt extension if it is not installed.

  2. Go to Tools & Settings > SSL/TLS Certificates (under «Security»).

  3. Click the + Let’s Encrypt button.

  4. Make sure that the email address in the “Email address” field is correct. This email address will be used to send important notifications.

  5. Click Install.

    At this stage, the certificate from Let’s Encrypt has been generated and used to secure Plesk automatically.

  6. To secure the mail server, click the [Change] link next to “Certificate for securing mail”.

  7. Select the “Lets Encrypt certificate (server pool)” from the drop-down list, and click OK.

Now both Plesk and the Plesk mail server are secured with the certificate from Let’s Encrypt.

image-3

Nota: In Plesk for Linux, when Let’s Encrypt replaces the default self-signed certificate, in Tools & Settings > SSL/TLS Certificates the name of the certificate used to secure Plesk is changed to “Lets Encrypt certificate”. In Plesk for Windows, the default certificate name is changed to “Lets Encrypt certificate” only after you reload the Tools & Settings > SSL/TLS Certificates web page in the browser.

Securing Plesk and the Mail Server With a Certificate From Other Certificate Authorities

Apart from Let’s Encrypt, you can secure Plesk and the Plesk mail server with an SSL/TLS certificate from a certificate authority of your choice.

To secure Plesk and the mail server with a certificate from other certificate authorities:

  1. Go to Tools & Settings > SSL/TLS Certificates (under «Security») and click the + Add button.

  2. Fill in the fields marked with the asterisk. Pay particular attention to the following fields:

    • “Certificate name”. Give the certificate a recognizable name so you can tell it apart from other certificates in the server repository.
    • “Bits”. The more bits, the more secure the certificate. We recommend using the default value (4096).
    • “Domain name”. Make sure that the name in this field matches the server hostname.
  3. If all the provided information is accurate, click Request.

    Plesk will generate a private key and a certificate signing request and display them in under “List of certificates in server pool”.

  4. Find the certificate under “List of certificates in server pool” and click its name. This will open a page showing the certificate properties.

Copy the whole content of the “CSR” section (including -----BEGIN CERTIFICATE REQUEST—– and -----END CERTIFICATE REQUEST-----) to clipboard.

  1. Visit the website of the certificate authority of your choice and start a certificate ordering procedure. When you are prompted for the CSR, paste the data from clipboard. The certificate authority will create an SSL/TLS certificate in accordance with the information you provided. When you receive your SSL/TLS certificate, save it on your local machine or network.
  2. Go to Tools & Settings > SSL/TLS Certificates, click Choose file under “Upload the certificate here”, select the saved .crt file, and then click Upload Certificate.
  3. To secure Plesk, click the [Change] link next to “Certificate for securing Plesk”. Select the certificate generated during step 3 from the drop-down list, and then click OK.
  4. To secure the mail server, repeat the previous step for “Certificate for securing mail”.

Securing Plesk and the Mail Server With a Self-Signed Certificate

As we explained earlier, self-signed SSL/TLS certificates are never trusted. It is always preferable to use an SSL/TLS certificate from Let’s Encrypt or a paid SSL/TLS certificate from a different certificate authority. However, you can secure Plesk and the mail server with a self-signed SSL/TLS certificate, if desired.

To secure Plesk and the mail server with a self-signed certificate:

  1. Go to Tools & Settings > SSL/TLS Certificates (under «Security») and click the + Add button.
  2. Fill in the fields marked with the asterisk. Pay particular attention to the following fields:
    • “Certificate name”. Give the certificate a recognizable name so you can tell it apart from other certificates in the server repository.
    • “Bits”. The more bits, the more secure the certificate. We recommend using the default value (4096).
    • “Domain name”. Make sure that the name in this field matches the server hostname.
  3. If all the provided information is accurate, click Self-Signed. Plesk will generate a self-signed certificate and display it in “List of certificates in server pool”.
  4. To secure Plesk, click the [Change] link next to “Certificate for securing Plesk”. Select the certificate generated during the previous step from the drop-down list, and then click OK.
  5. To secure the mail server, repeat the previous step for “Certificate for securing mail”.