I just have one ip on my server. Shared amongst my sites with one site being secured with a cert.
When I access virtualmin, I am using the url https://hostname.maindomain.com/19444
As expected, MSIE gives me the security page saying the page isn't secure and warning me not to continue. I click through anyway.
Is there a way to avoid that and go straight to the page? The maindomain.com is the site that is secured, but that is on port 443.
If I attempt to secure hostname.maindomain.com Virtualmin warns me away saying only one ssl per ip. Which I knew, but figured I could still use a self - cert on it. Is that the way to go or is there another way? Perhaps with the 'virtual interface' option (and is that what I would get a 'private ip' for from my host?
Thanks for any info on this, Chris
<div class='quote'>Is there a way to avoid that and go straight to the page? The maindomain.com is the site that is secured, but that is on port 443.</div>
<div class='quote'>Is there a way to avoid that and go straight to the page? The maindomain.com is the site that is secured, but that is on port 443.</div>
You're conflating multiple questions here.
SSL can run on other ports, and if configured correctly and with a valid certificate <i>for the specific domain being accessed</i> it will not cause a warning in the browser.
A self-signed certificate will <i>always</i> give a warning in all browsers. These is no way to avoid it, because a self-signed certificate is only providing half of the picture (SSL gives identity as well as security...self-signed removes the identity feature, and enables man-in-the-middle attacks). The browser should warn about self-signed certificates.
<div class='quote'>Perhaps with the 'virtual interface' option (and is that what I would get a 'private ip' for from my host?</div>
No. You can't trick the SSL protocol into having features it does not have. If you could, man-in-the-middle attacks would be possible, and SSL would be completely worthless.
So, you can get another certificate for "hostname.maindomain.com", or you can just handle all SSL traffic on the maindomain.com address.
The port is not relevant to this discussion. It'll work the same as port 443, if you have a valid certificate.
--
Check out the forum guidelines!
Conflating... I like that :) My six year daughter loves new words, I'll teach her that one tomorrow!
So I have www.mydomain.com secured with a valid cert and that works fine...
but if I go to https://www.mydomain.com/10000 I get the security warning.
Just did some poking around and found the 'copy to webmin' button under the ssl management - I had missed that before. I'm thinking I'm supposed to click on that - eh?
What does that do? It seems like if that address is secured, and if the port doesn't matter... what is is changing?
Thanks Joe, I appreciate the help, Chris
That's the ticket :)
Thanks again, makes a much smoother experience!
<div class='quote'>What does that do? It seems like if that address is secured, and if the port doesn't matter... what is is changing?</div>
I suspect you're conflating again. ;-)
Apache and Webmin are completely different services. Webmin has its own web server that is entirely independent of Apache. So, when you configure Apache (or Postfix or Dovecot or ProFTPd, since they're also different services) with an SSL cert, you're not doing anything to Webmin's configuration. This button is for when you want the SSL certificate for one of your domains to also be the certificate for Webmin.
A common question once that is understood is, "Well why isn't that just automatic?" And the answer is because most Virtualmin users have a lot more than just one SSL website, and they often want a single SSL URL for management (something like https://admin.hostingprovider.com:10000)...and it may not even be a URL that has a website on the Virtualmin system.
--
Check out the forum guidelines!
oh, got it (had to read through it twice, but I've got it).
I had noticed that apache could be down but I still had access to the control panel, and had never understood that either, but you just furthered my understanding of that as well :) Just to further the conflating theme!
Thanks again,
Chris