Knowledgebase

Requesting a valid SSL certificate

If you want to use a valid SSL certificate and do not have one for your hostname, it is possible to generate one using the openssl command and a certificate authority. A valid certificate is one that is recognized by all browsers, because it was signed by a recognized authority. Those created by Webmin itself by following the steps in the previous section do not meet this criteria, and so will trigger a warning in all browsers when they connect to the Webmin server.

Unfortunately, certificate authorities charge money for signing and verifying that the owner of the server in the hostname actually matches the company details in the certificate. For this reason most people do not bother to use a signed certificate with Webmin, as there is no real advantage in security once you have accepted an un-signed certificate into your browser for the first time.

However, if you do want to obtain a real valid certificate, the steps to follow are :

1) At the shell prompt, run the command openssl genrsa 2048 > key.pem

2) This will create the file key.pem which is your private key.

3) Run the command openssl req -new -key key.pem -out req.pem . When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)

4) Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with -----BEGIN CERTIFICATE----- which can be put in the file cert.pem.

5) In Webmin, enter the Webmin Configuration module and click on SSL Encryption.

6) In the SSL Encryption form (shown in Figure 3-2), enter the path to your key.pem file into the Private key file field, and the path to your cert.pem file into the Certificate file field.

7) Click the Save button to switch to the new certificate.

Add to Favourites    Print this Article

Powered by WHMCompleteSolution