These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for secure certificate on the new forum.
I added a secure certificate from comodo to the domain name that I use for the server name. When I browse to the https://domain.com, the page comes up no problem, with lock icon on bottom of browser. When I browse to https://domain.com:10000 (or 20000), I still get the popup that the cert is self signed.
What am I doing wrong?
It sounds like you've added the certificate to that particular Virtual Server, which does set it up in Apache -- but you'll also need to tell Webmin about it if you want Webmin to use that certificate.
To do that, you can log into Virtualmin, click Webmin -> Webmin -> Webmin Configuration -> SSL Encryption, and setup the "Private key" and "Certificate file" options to point to your SSL key and certificate.
-Eric
Thanks for the prompt reply. I guess I screwed something up because now the page https://domain.com:10000 does not come up. Where is the file that caches the secure cert info? I need to do a reset so I can try again.
Well, you can look in /var/webmin/miniserv.error to try and get an idea of what the problem is (you might try restarting Webmin with /etc/init.d/webmin restart to provoke the error message).
But you can also tweak the SSL settings manually in /etc/webmin/miniserv.conf to either disable it, or change where the cert or key files are.
-Eric
The pertinent lines from the /etc/webmin/miniserv.conf:
keyfile=/home/rjrsolutions.net/ssl.key
extracas=/home/rjrsolutions.net/rjrsolutions_net.ca-bundle
certfile=/home/rjrsolutions.net/ssl.ca
It all looks correct to me. Maybe if you post the defaults, I can try again a few times and look to see what changes.
BTW, your prompt replies are awesome. Thank you so much.
Well, those look exactly right. Whatever errors are in the Webmin error log (mentioned above) should help guide you in the right direction.
If you want to start over though, Jamie had mentioned that you can do that with the following:
<div class='quote'>
you can switch back to the default Webmin certificates by editing /etc/webmin/miniserv.conf and removing the certfile and extracas lines, and changing the keyfile line to :
keyfile=/etc/webmin/miniserv.pem
</div>
Isn't that strange... Now it looks like webmin is starting correctly in the error file:
root@rjrwebserver1:/var/webmin# tail miniserv.error
restarting miniserv
[12/May/2009:13:45:35 -0400] Restarting
[12/May/2009:13:45:37 -0400] miniserv.pl started
[12/May/2009:13:45:37 -0400] PAM authentication enabled
Failed to initialize SSL connection
Failed to initialize SSL connection
[12/May/2009:13:56:56 -0400] miniserv.pl started
[12/May/2009:13:56:56 -0400] PAM authentication enabled
[12/May/2009:14:18:32 -0400] miniserv.pl started
[12/May/2009:14:18:32 -0400] PAM authentication enabled
But the web page does not come up:
https://rjrsolutions.net:10000/
The cert came from comodo, the free 90 day one that I can roll over to a permanent cert when the server migration is done. We are migrating an old RedHat server to an Ubuntu/Virtualmin server.
Is "ssl_cipher_list" in the miniserv.conf set? If so, what is it set to?
If not, what all does this command output:
grep ssl /etc/webmin/miniserv.conf
Thanks,
-Eric
Got it!
This line:
certfile=/home/rjrsolutions.net/ssl.ca
needed to be:
certfile=/home/rjrsolutions.net/ssl.cert
Thank you so much for your help. Now I just need to get squirrelmail to run under the cert so the users of the legacy system do not freak when I migrate them...