My browser complains about the Webmin certificate when in SSL mode.

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority.

From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate.

Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers.

This certificate should be placed in the file

/etc/webmin/miniserv.pem

and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :

Run the command

openssl genrsa -out key.pem 1024

This will create the file key.pem which is your private key.

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR).

Send the CSR to your certificate authority by whatever method they use.

They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command

cat key.pem cert.pem >/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.