My organization requires we use certificates generated by our security dept.
We got it, put it in place and filled out the SSL Cert page. Saved with no error.
But the browsers still show as “INSECURE”
What are we missing?
PLEASE ADVISE
HERE IS WHAT CERT LOOKS LIKE FROM BROWSER VIEW.
Issued to
Common Name (CN) clocert.unch.unc.edu
Organization (O) UNC Health
Organizational Unit (OU)
Issued By
Common Name (CN) UNCHCS-Issuing-CA2
Organization (O)
Organizational Unit (OU)
Validity Period
Issued On Wednesday, September 20, 2023 at 2:47:42 PM
Expires On Friday, September 19, 2025 at 2:47:42 PM
You should try closing and then reopening your current tab by using the following hotkeys – Ctrl + W and then Ctrl + Shift + T (Meta + W and then Meta + ⇧ + T in macOS), which will first close the existing tab and then reopen it, establishing a new session with the server, which will fetch a new/updated SSL certificate (if it was really updated as you suggest).
If that doesn’t help (though it usually does if the SSL certificate was updated), try using an incognito tab. If you still encounter issues, then either the SSL certificate might not have been installed correctly, or your browser might not recognize the Certificate Authority (CA) that issued it.
My organization requires we use certificates generated by our security dept.
That sounds like self-signed certificate to me still.
I did send the contents of the certificate in my post and it looks like Webmin does see it. Which we’re not sure what part it’s having an issue with.
Those instructions did not work so I guess maybe we’re not sure how to install our new certificate.
Can you please tell us the procedure or send the steps. I have poured thru the documentation but do not know what we did wrong.
If the certificate was issued by your organization (rather than through a CA that is recognized by all browsers), you’d need your browser configured to accept certs signed by your organization CA as trusted. That’s not a Webmin problem, and presumably your organization provides documentation for setting that up.
This one:
It is common for large organizations to have their own CA, so this isn’t surprising. But, it’s not really something we’re able to solve, as it’s a browser/client issue.
Here’s the first search result I found, though I haven’t vetted it for accuracy:
But, it’s very likely your organization provides documentation for this (and it may be automated in some way), since it is large enough to have its own CA.
I noticed the cert is good for two years – another sign that its an internal cert as now, all commercial certs are only good for one year
I take it this is a new server, or at least your first attempt of using webmin to set up a HTTPS site? That is, if this is an older existing server and website, how was the older cert installed?
Plus is this really AIX ? at some levels AIX is greatly different than many linux distros
My one co-worker who had lots of AIX experience retired two years ago, so around my office I have no one to ask for AIX advice, sorry.
Question – your post title is – Webmin is still unsecure — is your issue today about a website on AIX using https and port 443, or connecting to webmin itself on port 10000?
Webmin and TLS certificates are not greatly different on AIX.
As far as I can tell, the solution is the same no matter what OS the Webmin server is running, because the problem is in the browser, not Webmin or the server.
Thanks Joe. No my organization does not have any instructions to give us so thanks for the link.
I do see the Root CA in my Edge browser. I’ll check the others but I’m sure it’s more than likely there.
Thanks Verne. Yes I have migrated to a new server and this is the first time I’ve had to configure HTTPS as well. It is now required by our Security dept.
And yes this is really AIX but I don’t think that’s a factor.
This is an issue connecting to port 10000.
I’ll keep dinking around with it.
Appreciate it.
(these are for our commercial cert) and restart the webmin miniserv process to reload the config. There probably is a panel in Webmin to adjust these as well, or to upload your cert in Webmin and the miniserv.conf modifications are done automatically (I think you said you did it that way).
Hi Verne,
I’m a little old school too.
I think we’re going to try to have another cert generated with an Alternate name. Saw there may be an issue with Chrome newer than V58 that wants/needs an Alternate Name.
If I can get one of the browsers to work I’ll be happy.