Activate mod_deflate on plesk server

Posted on November 26, 2014December 2, 2014 by ppadmin

On a Plesk server, the mod_deflate module is installed by default, however it may be disabled in the Apache configuration file. To enable the module edit the Apache configuration file

vi /etc/httpd/conf/httpd.conf

Search for the line

#LoadModule deflate_module modules/mod_deflate.so

and uncomment it i.e. remove the ‘#’ mark

LoadModule deflate_module modules/mod_deflate.so

Save the file and restart the httpd service

service httpd restart

Now, create a .conf file under the /etc/httpd/conf.d/ directory since Apache reads all the .conf files from that directory on a Plesk server

vi /etc/httpd/conf.d/deflate.conf

and place the following code in it

<Location />
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
</Location>

Save the file and restart the httpd service. The compression code will compress all the files except the .gif, .jpe, .jpeg and .png files. To test the compression, use the tool

http://www.whatsmyip.org/mod_gzip_test/

To enable compression for a specific directory or domain, specify the directory path in the <Location> directive in deflate.conf and restart the Apache server.

get plesk email passwords

Posted on November 21, 2014November 21, 2014 by ppadmin

1> To find password for a single email account

root@server[#] /usr/local/psa/bin/mail --info info@domain.com

2> To find passwords for a single domain

root@server[#] /usr/local/psa/admin/bin/mail_auth_view | grep domain.com

3> To find passwords for all email accounts.

root@server[#] /usr/local/psa/admin/bin/mail_auth_view

Unable to configure RSA server private key” and “certificate routines:X509_check_private_key:key values mismatch” Errors

Posted on November 20, 2014November 20, 2014 by ppadmin

“Unable to configure RSA server private key” and “certificate routines:X509_check_private_key:key values mismatch” Errors

If you see one of these errors it usually means that the private key that is being loaded in the VirtualHost section of your .conf file doesn’t match the SSL Certificate being loaded in the same section.

To check if the two files match, run the following OpenSSL command on each of them:

openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5openssl rsa -noout -modulus -in your_domain_com.key | openssl md5

If the modulus of the two files doesn’t match exactly, do one of the following:

Find the .key file matching your .crt file and update the VirtualHost in your .conf file to match.
Reissue your certificate by either generating two new files with the OpenSSL CSR Wizard or by creating a new CSR from your existing private key file using the following command.
Note that the existing private key must be at least 2048 bits. If the key is less than 2048 bits you will have to recreate the key.

openssl req -new -key your_domain_com.key -out your_domain_com.csr

ssl cert on Verio servers

Posted on November 20, 2014November 20, 2014 by ppadmin

(Apache v2.X)

Download the appropriate GlobalSign root certificate and save it in a text editor as “gs_root.pem.” Only the ExtendedSSL certificate uses the GlobalSign root CA R2 certificate.
Download the appropriate intermediate certificate(s) and save it in a text editor as “intermediate.pem”.
Copy your SSL certificate from the order fulfillment e-mail or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save the file as “mydomain.crt.”
Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
Open your “httpd.conf” file with a text editor. Please note that some installations keep the SSL section separately in the “ssl.conf” file. Locate the the virtual host section for the site that the SSL certificate will secure.Your virtual host section will need to contain the following directives:
- SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
- SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
- SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have called “mydomain.crt.”
- SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
Save the changes to the file. Quit the text editor.
Restart Apache.

(creating CSR)

Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):$ openssl genrsa -des3 -out server.key 2048
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:

$ openssl rsa -noout -text -in server.key

Unless you want to enter the password each time you start apache, you will need a decrypted PEM version for later:

$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):$ openssl req -new -key server.key -out server.csr