SSL Certificate password for export/import

SSL certificates can have a password, but they don't need one.

If you have a password, it would have been something you explicitly set while initially creating the SSL cert. If you didn't set one, the password should be blank.

Are you able to import it if you leave the password prompt blank?

Hi,

I have the same problem. Yesterday I bought a wildcard certificate to secure multiple sites. So I created a request in Webmin and succesfully installed the certificate. But now I want to install the same certificate for our webmail website. I went to Virtualmin "manage ssl certificates". When I want to install the new certificate by using the private key and certificate, I get the "password incorrect, the private key is password protected" error. I was not asked for a password when I created the CSR in Webmin.

Please help me with this.

Best regards,

Joshua

Are you sure you didn't get the certificate and key files mixed up?

What I did was:
Webmin -> Webmin Configuration -> Certificate Signing request
After the request was done with the CA, I pasted the certificate from the CA.

Then I went to the site I want to secure with an SSL:
-> Manage SSL certificate
-> Signed SSL certificate. Here I paste the certificate from the CA
-> Matching private key. Here I paste the content of /etc/webmin/miniserv.pem
-> Private key password: none needed

Is this right, or am I doing something wrong?

Normally, we would suggest these steps for adding a wildcard SSL certificate:

https://www.virtualmin.com/documentation/tutorial/how-to-add-multidomain...

However, it should be possible to accomplish it by generating it from Webmin as well.

What output do you receive if you run these two commands:

The output is:


grep keyfile /etc/webmin/miniserv.conf
keyfile=/etc/webmin/miniserv.pem

grep miniserv.pem /etc/webmin/miniserv.conf
keyfile=/etc/webmin/miniserv.pem

Thanks for the documentation btw. I will follow that the next time.
But hopefully we can figure out why it is not working right now.

What I did was that I used *.domain.nl as domain.
Does that something has to do with it?

So is Webmin currently using your signed cert and key?

I think part of the confusion is that you generated the CSR at Webmin -> Webmin Configuration, when the better place would have been the Manage SSL Certificate page (which is for setting a cert for a domain's website).

Yes, webmin is using the signed cert and key and is working perfectly.

I understand that it would be better that I had generated the CSR somewhere else. But I thought that when I generate a wildcard domain CSR, it does not matter where it is generated, because the subdomain is irrelevant. I generated a wildcard *.domain.nl at webmin. Now I want to secure webmail.domain.nl with that same signed cert and key. It should not matter where I generate it right?

If Webmin is using the signed cert OK, could you try running the following command to check if a passphrase is set or not :

and let us know what that outputs..

Here is the output:


openssl rsa -in /etc/webmin/miniserv.pem -text -passin pass:NONE

Private-Key: (2048 bit)
modulus:
00:ae:37:cb:27:90:51:7e:54:41:d0:ce:00:bd:ca:
a8:86:ca:87:53:f8:9b:05:6f:e3:ac:d9:f0:04:df:
bc:b7:83:3d:55:51:f5:08:13:7d:6c:9f:9c:24:9a:
8d:1f:36:65:48:8f:d4:29:6b:34:37:da:00:8a:c1:
2d:7f:3c:a0:ba:2f:1a:c6:19:eb:ad:7c:73:cc:54:
94:79:0c:66:b1:d2:e1:d6:4b:c8:19:f2:28:1d:c1:
0b:66:83:6c:61:b9:5c:fc:d0:e1:ab:00:ed:38:27:
e6:53:1f:99:d5:66:e9:b4:2e:1d:9c:e9:f2:93:04:
cc:0c:40:5e:e7:fe:41:0e:d4:c2:2e:33:a0:19:dd:
9b:23:2f:85:0e:29:73:23:39:9b:b4:04:57:51:12:
a1:9f:d2:d3:23:fc:25:20:23:f7:ff:ef:e3:06:ad:
9f:0a:c7:42:13:0d:b5:e8:15:c2:c4:f3:71:8d:4d:
5f:ef:f1:aa:9a:9a:96:04:1b:11:5c:84:67:1b:6b:
94:5f:bf:6a:6d:15:63:86:a2:25:f0:d2:58:48:00:
58:ae:73:8c:56:15:c2:9a:74:ac:f5:fd:ad:f6:0c:
fa:ed:87:94:5b:a8:07:97:8a:0a:a6:df:7d:82:bd:
de:eb:ec:08:8a:44:c9:34:5b:d0:16:e1:8e:32:1a:
01:63
publicExponent: 65537 (0x10001)
privateExponent:
26:73:29:e3:11:76:ea:ea:ad:9b:e7:db:42:07:f8:
29:c7:89:16:7f:47:b7:6b:7a:54:2b:c5:4d:4e:13:
d8:6c:9e:9c:b5:f9:de:4e:6e:e0:0a:59:eb:ba:30:
6b:33:16:27:6d:96:e5:8d:43:79:10:24:0e:7b:94:
0f:00:d2:78:44:ed:23:cb:94:b8:35:3f:59:59:51:
6b:65:d1:44:6d:c6:6a:05:4f:a4:6a:4d:70:43:aa:
c0:75:40:f6:50:72:b5:59:64:74:d9:3f:81:a5:4c:
b0:0b:c9:67:cf:ce:c4:75:69:13:b8:8e:50:e4:3e:
24:76:10:7c:23:21:38:a4:5e:f7:26:35:df:75:94:
d4:8c:2e:a7:b8:52:cd:6c:76:a5:8b:eb:26:66:bd:
99:80:5c:75:bd:36:5f:9a:f3:94:ea:39:c4:1e:a0:
98:78:5a:15:a1:d1:48:05:cc:ae:e4:af:92:d6:ca:
da:f8:73:93:b7:82:e4:bc:b8:a2:9c:c0:57:02:30:
74:c7:33:8e:9e:9f:de:4b:c3:d3:1e:c0:47:3b:7c:
4c:fe:9c:30:9b:28:e4:5e:91:44:30:28:31:f6:d4:
7e:2b:a2:58:ef:87:59:4c:7b:ac:18:80:09:2f:df:
e2:57:58:3f:97:10:70:df:00:8f:7e:77:70:b0:50:
01
prime1:
00:d8:94:5e:c0:f2:c5:8b:ae:3f:59:8f:dc:7f:15:
66:5d:3a:8e:86:23:5e:92:bb:c4:62:06:98:ad:0b:
b5:bb:f5:3c:66:d4:ff:5c:b7:b5:4a:b8:76:5d:93:
11:b9:47:fd:89:84:72:7d:63:2a:cc:8d:60:e4:73:
54:4b:0e:cf:c2:44:16:29:64:fc:4b:4b:42:ed:4d:
94:76:15:83:48:9b:9e:44:ec:96:64:3a:8d:95:00:
86:25:0a:66:b9:e3:37:a2:42:4e:c9:93:6f:68:0a:
85:6c:82:f9:33:48:69:3a:17:90:37:fb:3c:cd:4b:
41:3b:85:47:e5:2b:9e:8f:f3
prime2:
00:cd:ed:90:1c:38:72:e3:19:bc:01:cb:c5:1e:ff:
1c:cc:e1:a0:90:da:b2:49:ca:0a:16:ab:a8:eb:1c:
0d:9c:9c:4c:25:49:09:5c:89:00:14:8e:c5:19:4a:
69:9e:13:df:d8:53:80:df:67:56:77:e3:af:19:47:
27:ab:b2:24:2a:b8:b4:6f:ab:9e:28:f0:ca:d7:b1:
7c:17:85:bd:ba:0b:9b:c8:d8:9b:dc:82:c3:c3:21:
ba:9b:b1:cb:68:24:68:7d:1c:7e:72:58:e5:5c:90:
10:b4:ed:2b:bd:2b:e3:c6:7d:4a:eb:56:b0:7a:a3:
2a:b2:54:73:06:35:5a:94:d1
exponent1:
00:d1:1b:8f:d0:e3:95:70:23:b0:ee:9c:43:dc:3f:
a1:31:ea:53:a9:97:84:bc:4f:a6:70:ae:c5:c2:6e:
47:ed:4d:fe:1f:9b:0f:63:49:cc:34:74:9d:74:03:
87:5d:48:f0:b6:51:b6:e8:f1:52:65:65:2b:63:e7:
26:3f:c1:f1:3e:33:d6:e1:e8:aa:df:57:af:2a:c7:
78:cb:fa:41:63:5d:3d:16:77:07:4d:86:6b:24:ad:
f8:d6:d2:90:14:72:19:49:04:94:65:73:80:61:07:
a7:82:f9:81:f9:cd:b4:2b:6e:8c:c4:40:42:98:44:
4c:9b:57:37:ef:40:8a:3b:99
exponent2:
29:2f:fe:c6:e6:33:74:60:cd:4d:be:a7:ea:8f:33:
ff:76:91:5a:e7:a3:09:47:33:c5:5d:08:28:1e:30:
4a:c6:a8:24:3c:fb:76:5a:a0:7d:7c:20:c7:f2:2e:
35:c3:db:dd:b4:b5:ed:f9:09:3e:69:77:b8:22:97:
38:ac:24:b7:b6:c1:c0:24:1f:3a:29:0f:29:1d:02:
a8:e1:c3:14:d7:05:8d:a2:65:6a:31:6d:5e:35:fc:
d0:ef:3a:b3:d5:b4:60:71:b6:88:c0:66:ff:a0:80:
f6:ef:08:f4:89:36:c1:98:85:c7:94:4b:2f:fc:3a:
a9:f8:62:19:37:ca:aa:41
coefficient:
43:f5:28:1e:f6:2d:b9:b6:26:19:2c:c5:56:c1:ae:
08:76:5a:29:b1:27:58:34:96:2d:ab:e5:a8:82:1f:
9c:8f:1b:67:07:57:22:e7:92:cc:14:72:92:12:f5:
9d:47:72:29:84:ba:0d:5c:04:4a:ca:88:3c:57:1d:
ce:be:2b:01:56:da:a4:ec:36:d7:fc:e5:de:de:95:
15:9d:e7:27:28:6a:db:a5:b4:57:93:a1:e3:cf:19:
4c:99:30:73:cb:7f:12:26:e2:ee:71:d1:74:49:52:
73:f0:1b:0d:5a:73:21:95:71:d3:15:c8:45:06:67:
cb:88:00:2a:a5:59:c5:56
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

That looks fine to me..

I presume your /etc/webmin/miniserv.pem file contains both the private key and certificate? If so, make sure you paste only the correct parts of the file into the correct fields at Server Configuration -> Manage SSL Certificate -> New certificate

Strange... Before executing your commands I got this as my private key:

But after rewriting the private key with your command, I got this as my private key:

But now it is working... Thanks!

Ok, great!

Automatically closed -- issue fixed for 2 weeks with no activity.