SSL Certificates

just_me · October 27, 2014, 7:33am

Hello,
i am wondering. I created a https SSL Certificate for a domain and their subdomains. My SSL Provider says. i can create S/MIME Certs for Mailserver. On the other hand Virtualmin lets me copy my https ssl certificate to the mailservers, but i do not find an option to install those S/MIME Certs.

So what to do?

Best
j_m

PS: If this copything does not work out in the end, Any chance to revert back to normal operations?

Eric · October 27, 2014, 2:36pm

Howdy,

I don’t believe that Virtualmin has support for S/MIME certificates, only the standard SSL certificates.

You would likely need to manage S/MIME certificates manually – though VIrtualmin shouldn’t do anything to interfere or break such a setup if you were to manually add it.

-Eric

just_me · October 27, 2014, 5:03pm

gotcha.

And now for something completely different: I am thinking about setting up Postfix and Dovecot for PFS, do you see any issues with virtualmin then? As long as i enable the SSL Certs for the Mailservers as well? Or is there any pitfall to avoid in the first place? Don’t want to screw everything up, while it is working perfectly

Thank you and Best
j_m

lancipoos · October 28, 2014, 3:11pm

Saw this post as we’re having SSL issues. In the Apache Error Log, we see:
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[warn] RSA server certificate wildcard CommonName (CN) `*.domain.com’ does NOT match server name!?

We’re using one IP, self cert. The domain in question is not the main domain.

We’ve tried (on the main domain) Server Config -> Manage SSL Cert -> Create Self Cert and adding *.domain.com to additional domains and then 'Update Cert and Key" pasting in the new keys

We’ve tried changing the SSL on the domain in question (not the main server domain) to have *.domain.com and reinstalling its new Cert & Key (as SSL was originally enabled when this virtual server was created) but that’s not helped.

Any advice greatly appreciated!

just_me · October 29, 2014, 6:06am

Have had that as well for some time; usually the first SSL certificate is being used, but due to the nature of virtualmin, this does not help at all. I would suggest, that you head over to startssl.com and create there for each and every domain the according Certs. and do not forget to grab the rootcertificate as well and upload all three files, root certificate for all domains, and the domain specific private key and certificate within virtualmin. Then it should work out for you, Basically, it says, that the SSL certificate of domain one does not apply for domain 2. The Start SSL Service for Class 1 Certificates, running for one year is free, btw.

Best
j_m