The SSL stuff is very confusing even for someone who has been using Plesk since version 2.0!
By default, SSL will work for email BUT the certificate used is a self-signed one generated by Plesk during the install. The last time I checked, most email programs (e.g. Outlook) pop-up a windows every time you send/receive unless you select View then Install on the certificate. Incidentally, you can see which port you need to make sure is open in your firewall on your Plesk server when using Outlook by looking in the Advanced tab in the Properties for the email account in question in Outlook. When you tick the appropriate box, you'll see the port change from 110 (for POP3) to something else Begins with a 9 when I do it not a 4.
If that port is not open on your Plest server (and it might not be), SSL connections in that configuration will fail.
You can install your own, full, SSL certificate for use with email. Follow this KB:
http://kb.parallels.com/en/1062
But you need to read every word. The important thing here is that there can be only one SSL certificate for email. You can't have a different one for each domain hosted. So, to avoid SSL errors and pop-up warnings, you'd have to tell them to use
www.domain.tld as the POP3/IMAP server address if you have purchased a certificate for
www.domain.tld, or to use domain.tld if you have purchased a certificate for domain.tld. If they use a different domain hosted on your server then they will get the same pop-up error message as they would with a self-signed certificate (or maybe something similar but with a different warning).
Note that installing an SSL certificate for a domain in Plesk has no effect on the certificate used for email. You have to follow the KB above. However, using Plesk's SSL system allows you to generate the required CSR via the GUI, as though you were going to generate a CSR for a certificate to protect a web domain in Plesk, from which you can get a certificate issued and from there you can follow the KB to install it for email.
It wasn't clear from your message whether you wanted the SSL certificate for the domain itself (e.g. for an ecommerce site) or just to sort out your email problem. But if you do, you just go to the domain you want to protect with the SSL certificate, click on the appropriate option for your version of Plesk and ...errr..well, you need to click on Create New Certificate or something similar, select 2048 bits, give it a name, then generate the CSR. Paste that into your SSL company's web page, get a Certificate and a CA Certificate and then paste those back into Plesk.
There can be only one SSL certificate per IP address in Plesk (although there is technology to get around this limit in Plesk 10 and later but it doesn't work universally). It is fine if you have loads of different domains on one IP (e.g. shared as opposed to exclusive). But you can only have the one certificate covering all domains on that IP.
You can even have one certificate covering more than one IP:
http://kb.parallels.com/en/385
Err...yes, so I've probably confused the hell out of you by now. Sorry. But maybe some of what I've posted will give you a bit of a pointer. I certainly hope so.
