Plesk & SocialBee have teamed up. Save 30% now!

Get the Deal

Knowledge Base

Securing Connections with the SSL It! Extension – Enhancing security of your websites and encrypted server connections

 
administrator guideadvanced website securitysecuring connections with ssltls certificateswebsite managementwebsites and domains

Merely securing a website
with a valid SSL/TLS certificate from a trusted CA
is not enough to get all-round protection.
SSL is a complex technology,
which has a number of features (key encryption algorithm, secure ciphers,
HSTS, and much more) that can do the following:

  • Enhance the security of your website’s visitors.
  • Improve your website performance.
  • Harden the security of all server’s encrypted connections

Enabling these features can improve your websites’ search engine rankings:

  • “Redirect from http to https” sets up a permanent,
    SEO-safe 301 redirect from the insecure HTTP
    to the secure HTTPS version of the website and/or webmail.
  • HSTS prohibits web browsers from accessing the website
    via insecure HTTP connections.
  • OSCP makes the web server request the status of the website’s certificate
    (can be good, revoked, or unknown)
    from the CA instead of the visitor’s browser.
  • TLS versions and ciphers by Mozilla
    harden connections secured with SSL/TLS certificates
    (website, mail, Plesk, and so on).

Caution: Before turning these features on,
ensure that your website can be accessed
via HTTPS without any issues.
Otherwise, visitors may have trouble accessing your website.

Note: If you have already set up HSTS or OCSP stapling
in your web server manually,
delete these customizations
before turning on HSTS or OCSP stapling in SSL It!.

To enhance the security of your websites and encrypted server connections:

  1. Secure your website with a valid SSL/TLS certificate from a trusted CA.

  2. Go to Websites & Domains > your domain > SSL/TLS Certificates.

  3. If you have upgraded to Plesk Obsidian from earlier Plesk versions,
    turn on “Redirect from http to https”.
    The redirect will be also applied for webmail by default.
    On clean Plesk Obsidian installations,
    the redirect for the domain and webmail is already turned on by default.

    Note: If your webmail is not secured with a valid SSL/TLS certificate
    or you do not have any webmail,
    clear the “Include webmail” checkbox.

  4. Enable HSTS:

    1. Turn on HSTS.

    2. Make sure that an SSL/TLS certificate
      that secures your website will be valid
      during the “Max-age” period.
      Do the same for subdomains and the webmail subdomain.
      Otherwise, if the SSL/TLS certificate expires earlier
      than the “Max-age” period and HSTS is turned on,
      visitors will not be able to access your website.

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2024 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit