How to reuse the SSL certificate installed on the webmin port 10000

eclipse · July 8, 2011, 1:29pm

Hi Eric

Is it possible to use the same certificate we are currently using on https://servername.domain.tld:10000/ on the https://servername.domain.tld/ site?

I have installed the management scripts on this site, such as phpmyadmin and so on and would like to have it secured by SSL.

I have enabled the SSL feature on the servername.domain.tld virtual site.
But how do I tell the system to use the same SSL certificate, is it even possible?

I also wants to have the :20000 secured by the same SSL certificate because it is still the same FQDN.

Looking forward to hear from you.

Tim

eclipse · July 8, 2011, 2:00pm

Hi Eric

I went to the manage certificate area for the virtual site and uploaded the private key and the certificate file I used to the https://servername.domain.tld:10000/ setup, and I can now see that the certificate have been installed.
But when I visit https://servername.domain.tld/ I still get an SSL error and the localhost.domain self signed certificate are listed.

What about the “ssl options” under services -> configure website?

Tim

Eric · July 8, 2011, 2:33pm

Yeah, you should be able to do that.

It shouldn’t be more difficult than going into Server Configuration -> Manage SSL Certificate -> New Certificate, and putting the SSL certificate and key into the fields on that screen.

When you’re done – click the “Current Certificate” tab.

When you’re on that screen – what does “Web server hostname” show? If it says “localhost” still, that suggests it may not think it’s using the correct certificate. You may want to double-check what it is you uploaded.

If instead, it shows the right domain, but you aren’t seeing that when browsing to your site – you may just need to restart Apache to get it to recognize your new cert.

-Eric

eclipse · July 8, 2011, 2:41pm

Hi Eric

When I look into the “Current Certificate” i see the servername.domain.tld certificate.
I just tried to restart the httpd service
/etc/rc.d/init.d/httpd restart

But I still see the localhost.localdomain certificate when I visit the site https://servername.domain.tld ??

Tim

Eric · July 8, 2011, 6:54pm

Hmm, did the IP address for "servername.domain.tld " recently change?

If so, you may have the old IP address still cached in your DNS. It may take a day or so for the new IP address to be visible.

Do you have another computer using a different ISP (or different DNS servers), you could always test it using that.

-Eric

eclipse · July 9, 2011, 10:48am

Hi Eric

The server has the same IP address, I haven’t changed that at all.
The webmin interface still works with the SSL but not without port 10000??
https://glowlinweb001.itoverblik.dk:10000/
https://glowlinweb001.itoverblik.dk/

Do you think I have to restart the whole server??

Tim

Eric · July 9, 2011, 3:52pm

That’s correct – you’ll always need to include port 10000 in the URL when accessing Webmin.

As far as your domains go – the two domains you mentioned above don’t resolve for me… are those the correct names?

-Eric

eclipse · July 9, 2011, 6:47pm

Hi Eric

Sorry, I did a typo

https://glolinweb001.itoverblik.dk:10000/
https://glolinweb001.itoverblik.dk/

The SSL certificate have been created to use the FQDN glolinweb001.itoverblik.dk and I would like to use it on both sites, so that I can encrypt the other sites related to this FQDN, such as https://glolinweb001.itoverblik.dk/phpmyadmin/ and so on.

Tim

Eric · July 11, 2011, 5:53pm

I’m seeing the same thing you are, that browsing to that URL shows the wrong certificate.

One thing before we really start digging under the hood – let’s try kicking Apache, just to be super-sure that’s not the problem.

You can do that by running “/etc/init.d/apache2 restart” on Debian/Ubuntu, or “/etc/init.d/httpd restart” on CentOS.

-Eric

eclipse · July 11, 2011, 8:43pm

Hi Eric

I did a total restart of the server.
It still shows the localhost.localdomain??

It is kind of strange.
I have attached a picture of the default site SSL setup.

Tim

eclipse · July 19, 2011, 7:51pm

Hi Eric

Do you go on summer vacation?

Tim

Eric · July 21, 2011, 5:49pm

Sorry for the delay – I’m not sure what’s going wrong with your setup there. It sounds like what Virtualmin is seeing isn’t in sync with what Apache has setup.

One of the next steps may be to verify that what’s listed in the Apache VirtualHost block is indeed pointing to the correct SSL certificate.

If you like, I can log in and take a look at that for you though.

If you’d like me to do that, what you can do is enable Remote Support using the Virtualmin Support module. Or, just email your login details to eric@virtualmin.com.

Thanks!

-Eric

eclipse · July 22, 2011, 9:53am

Hi Eric

I have enable the support option within Virtualmin.

Tim

Eric · July 22, 2011, 3:07pm

I don’t seem to be able to access SSH on your server, the connection hangs – is that currently enabled, and not being blocked by a firewall?

-Eric

eclipse · July 22, 2011, 4:26pm

Hi Eric

What IP are you coming from this time?

Tim

Eric · July 22, 2011, 4:28pm

The IP I use is “207.192.73.169”.

-Eric

eclipse · July 22, 2011, 4:30pm

Hi Eric

Know you have access from that ip.

Tim

eclipse · July 22, 2011, 5:06pm

Hi Eric

You just killed the apache service

Tim

Eric · July 22, 2011, 5:14pm

Yeah, it looks like some separate SSL definitions are conflicting with what’s defined for “glolinweb001.itoverblik.dk”.

As I went to fix them, some odd configuration problems prevented Apache from starting again. It should have only been down a few seconds though

It’s going to take some tinkering to get it fixed, so I can’t guarantee it won’t happen again – or longer next time. But, I’ll wait until it’s a little later in the day to work on it

Have a good one!

-Eric

eclipse · July 22, 2011, 6:52pm

Hi Eric

No problem, the reason why I noticed it was because I was showing the benefits of Virtualmin to one of my friends
You can begin working again, it is already late Friday so that wont intervene with anyone.

Tim