Archive for the tag 'certificate'

How to setup DA with an SSL certificate

If you already have your own certificate and key, then paste them into the following files:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after this change.

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file and by pasting the contents of the caroot cert into that file.

Source: http://directadmin.com/

My browser complains about the Webmin certificate when in SSL mode.

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority.

From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate.

Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers.

This certificate should be placed in the file

/etc/webmin/miniserv.pem

and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :

Run the command

openssl genrsa -out key.pem 1024

This will create the file key.pem which is your private key.

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR).

Send the CSR to your certificate authority by whatever method they use.

They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command

cat key.pem cert.pem >/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Find if ssl certificate and key are paired correctly.

To view the contents of a certificate:

openssl x509 -noout -text -in filename.crt

To view the contents of a private key:

openssl rsa -noout -text -in filename.key

If the modulus number and exponent of the cert and key match, they are paired correctly. If not, they are mismatched and apache will not start with ssl enabled.

« Prev