Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel

Heartbleed logoIf you have a web site with an SSL certificate then you are probably affected by the Heartbleed vulnerability which popped into general visibility. If your server is vulnerable, you need to do two things:

  1. Update openssl
  2. Replace your SSL certificate (since you have to assume that the certificate’s private key has been stolen).

Anyone in possession of your private key can a) impersonate your web site; and b) decrypt all past, present, and future traffic.

One little piece of the recovery is replacing the default certificate for your control panel. If you only have one server then clicking around in the control panel is OK. But if you have a lot of servers, that will quickly drive you bonkers.

Here is a shell script which will replace the default SSL certificate for Parallels Plesk Panel. The new certificate will be valid for 1095 days (three years). It will then use the new SSL certificate to secure the Plesk Panel itself.

I have tested this on Ubuntu 12.04LTS with Parallels Plesk Panel 11.5 and 11.0.

2 thoughts on “Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel”

  1. Hi!

    I replaced my web certificate for customers. But I didn’t replace the default certificate. Where do I have to paste this script. Never done it before.

    Greets Hindrik

    1. Hindrik,

      If you just have a small number of servers, it is easy to log into Plesk as “admin” and click on Tools & Settings -> SSL Certificates -> Add Certificate. From that page, you can create a new self-signed certificate. Once you have created the new certificate, return to Tools & Settings -> SSL Certificates. On that page, you can make the new certificate the default and you can secure the Plesk Panel with the new certificate.

      My shell script is helpful if you have to update the certificates on a lot of Plesk panels and do not want to do each manually.

      — Art Z.

Comments are closed.