I posted this on the news forum heartbleed thread... (probably wrong place) but need to escalate to an issue as I'm locked out:
The certificate for Webmin was revoked (nothing I did)
lp86 wrote this advice:
SSH into your server as root
Open /etc/webmin/miniserv.conf with your favorite editor (vi/emacs/nano)
Look for "ssl=1" and change it to "ssl=0" and save & exit
Restart the webmin process /etc/init.d/webmin restart on most systems
Now you can login, don't use https e.g. http://myserver.tld:10000/
Replace or remove the SSL cert, you can generate a self signed as a stopgap. Make sure you turn SSL back on after you are done.
Note: These instructions apply to CentOS for the most part, Debian/Ubuntu/etc might be a little different.
I replied:
Self-signed certificate
Perhaps there is no GUI for this and we just do what Joe says above?
"You can use any certificate you like with Webmin. It isn't a special format or anything.
"So, follow the usual directions for creating a certificate (like these found in the OpenSSL docs: https://www.openssl.org/docs/HOWTO/certificates.txt (in the section titled "Creating a self-signed test certificate"). Once you have the .pem certificate+private key file, you can move it to /etc/webmin/miniserv.pem and restart Webmin to have the new certificate take effect."
I assume "move it to" means "replace the miniserve.pem" with the new certificate.
Again, same question pertains: is there some strong reason not to just go with this cert? I only have a few users and they can just accept the cert via their browser exceptions and be done with it.
OR I wonder if I copy a cert/key from one of the other domains, and make the .pem file (they all also have a CA as well)... if it would work...
Comments
Submitted by andreychek on Wed, 04/16/2014 - 15:04 Comment #1
Howdy -- are you able to log into Webmin using the instructions lp86 mentioned?
If you can do that, what you can do then is go into Server Configuration -> Manage SSL Certificates for a domain that has SSL enabled, and then click the "Copy to Webmin" button.
That will copy that domains SSL certificate into Webmin.
If you need to re-create the SSL certificate for that domain first, you can do that from that Manage SSL Certificates screen as well.
Using Webmin in HTTP mode, and having it copy an existing certificate into itself, would be the quickest way to correct that SSL issue.
Note though that you'd want to change your root password afterwards, just to be safe.
Submitted by katir on Wed, 04/16/2014 - 15:36 Pro Licensee Comment #2
that all worked fine... I did get a security exception request from the browser. But I guess that is normal since the certificate it "officially" only valid for the domain from which it was copied from...
Thanks! that was easy...
I changed my root password first, then logged to webmin with http... did the work then change the root password back,
Submitted by andreychek on Wed, 04/16/2014 - 15:40 Comment #3
Great, glad you got that working!
I'll go ahead and mark this as fixed, but feel free to let us know if you have any other questions.
Submitted by katir on Wed, 04/16/2014 - 15:48 Pro Licensee Comment #4
yep, case closed... thanks!
Submitted by Issues on Wed, 04/30/2014 - 15:51 Comment #5
Automatically closed -- issue fixed for 2 weeks with no activity.