To Secure Virtualmin with HTTPS Or Not?

Hi, folks:
I’m not a stranger to Virtualmin, however I’m just getting started doing specific things I’d like to do with it at the moment.
Also, having money to shel out loads of SSL certificates though i’d like to do this and go comircial with them, is just not an option for me at this point and time.
So the question to secure Virtualmin, or risk atackers gaining root access etc?
Not that any of you know my master admin password, of course. :stuck_out_tongue:
I’m just curious what you folks would advise?
Right now, if I were to setup WHMCS or any thing else and you were to need to access an account on my system, you’d get a self-signed certificate warning in a majority of browsers advising you to stear clear and considering the nature of self-signed I’d agree, and most likely not trust my own site, though that’s a bit different since I’m the site admin.
In case this provides me with any level of security, or not, I did at virtualmin installation time, set the system to use encrypted passwords vs plain text.

Any thoughts here?


You can get SSL certificates for less than $10 nowadays. I’d guess it would depend on how many servers you need to secure.

I think its a lot more professional to have proper SSL certificates, plus most people will see the warning and be immediately put off, as they will think it is unsecure.

You don’t need an “official” SSL certificate. You can use your own (“self-signed”) SSL certificates. virtualmin does this by default actually.

Self-signed certificates offer the same level of security for your purpose (“if you are the only one to log into Virtualmin”). You just need to confirm an exception in your browser for your self-signed certificates.

If you don’t like this, you can always tunnel into your system via ssh (which is probably the safest way).

I know this might be a little off topic, but someone mentioned on this post aquiring what I assume are SSL Certificates trusted by most browsers for under $10?
The question I would have then, is where.
As for the self-signed approach I don’t like this at all, and really don’t feel like working on SSH tunnel factors either.
My intention is that I won’t at some point, be the only one relying on my system.
And, as pointed out above, I do not want potential people taking one look at the self-signed clearly not in a majority of current web browsers including Internet Explorer, and so forth, and saying “Argh argh argh! Scammer scammer he’s a scammer! I’m not trusting him!”
So whatever suggestion you folks have with affordibility of SSL certs being a factor, I’d appreciate any suggestions here on this.
It would be nice to not have to spend a large amount of money, $10 etc sounds reasonable.

I use namecheap for my domains and SSL certificates.

I used to use GoDaddy, but I got fed up of them offering one price initially and then inflating it massively at renewal.

Awesome-Yeah Namecheap is cool-GoDaddy not so much so.
But I don’t think the point of the Virtualmin community is to necessarily bash others ;).
Take care!

I take my ssl certs from namecheap too.
A must if you have a webshop like WHMCS!

a bit of bashing now and then can be fun too :slight_smile: