java file manager will not run

18 posts / 0 new
Last post
#1 Tue, 03/10/2009 - 16:39
synergos

java file manager will not run

When attempting to use the java file manager in Webmin/Others/File Manager I get the following error:

Failed to get language list : javax.net.ssl.HandshakeException : java.security.cert.CertificateException: Java couldn't trust server

Suggestions?

-Jeff

Tue, 03/10/2009 - 17:20
andreychek

Hi Jeff,

Which browser are you using?

And do you have any interesting SSL setups going on there? Have you changed the SSL ciphers or protocols around?

Also, is that a self-signed certificate? If so, you may need to setup your browser to trust that certificate.
-Eric

Thu, 03/12/2009 - 07:57
synergos

Using Safari 3.2.1 on OS X 10.4

I had to open my keychain access and remove older certificates, then reset safari, load the admin page and set safari to trust my self-signed certificate.

All is working now.

Thanks,

-Jeff

Wed, 06/22/2011 - 18:40 (Reply to #3)
sammyz

How exactly would one do that?

Cheers!

Thu, 03/19/2009 - 09:25
synergos

It seems I am still having problems running the file manager, so I thought I'd install a real SSL cert. Would a cert for Virtualmin access be installed under Webmin Configuration, or do I have to setup an SSL site under my default domain before installing?

-Jeff

Thu, 03/19/2009 - 09:31 (Reply to #5)
andreychek

To use an SSL Cert within Webmin, you'd want to set it up in Webmin -> Webmin -> Webmin Configuration -> SSL Encryption.

You can also use that in Usermin by configuring it in Usermin Configuration -> SSL Encryption.
-Eric

Thu, 03/19/2009 - 10:48
synergos

Thanks,

So, do I get the cert for my default domain, or the hostname, or admin.mydomain.com, or?

-Jeff

Thu, 03/19/2009 - 11:34 (Reply to #7)
Joe
Joe's picture

How would we know? ;-)

You get a certificate for whatever domain you want your customers to connect to Virtualmin on. You can configure the redirects to go anywhere you want, and you can modify the links to go anywhere you want.

If it were me, I'd just use the one you already use for billing or whatever, assuming you already have one. (We have www.virtualmin.com, and it's the only certificate we have...we use it everywhere, including Webmin, mail, and the shopping cart.)

--

Check out the forum guidelines!

Thu, 03/19/2009 - 11:50
synergos

Because...Your the all seeing, all knowing, Joe.

I guess if I wanted everyone to be able to login using their own domain, I would have to get a multi-domain cert, but If they all login using admin.mydomain.com:10000, then I only need a single domain cert.

Just talking to myself here.

Thanks,

-Jeff

Thu, 03/19/2009 - 11:56 (Reply to #9)
andreychek

I think a lot of folks choose a single domain to be the "primary" domain for their server -- and then get a cert for that.

So if your hosting company is "jeffs-hosting.com", you could get your SSL cert for "jeffs-hosting.com", maybe "www.jeffs-hosting.com", or perhaps "secure.jeffs-hosting.com".

At that point, you could setup admin.domain.com for all your users to redirect to https://jeffs-hosting.com:10000 -- this making it so that all of your users get the benefit of your commercial SSL cert.
-Eric

Sun, 06/07/2009 - 07:47
synergos

Yes. That makes good sense.

Perhaps this is what this setting is for in the server template?

-----------------------
Configure Webmin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Webmin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.
-----------------------

Perhaps this setting modifies the httpd.conf virtual host i.e.

RewriteCond %{HTTP_HOST} =admin.anydomain.com
RewriteRule ^(.*) https://mydomain.com:10000/ [R]

-Jeff

Sun, 06/07/2009 - 07:47
synergos

Yes. That makes good sense.

Perhaps this is what this setting is for in the server template?

-----------------------
Configure Webmin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Webmin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.
-----------------------

Perhaps this setting modifies the httpd.conf virtual host i.e.

RewriteCond %{HTTP_HOST} =admin.anydomain.com
RewriteRule ^(.*) https://mydomain.com:10000/ [R]

-Jeff

Sun, 06/07/2009 - 07:47
Joe
Joe's picture

<div class='quote'>Perhaps this is what this setting is for in the server template?</div>

<div class='quote'>Configure Webmin to use same SSL cert for IP?</div>

Yes, and no, this option is for when you have multiple SSL sites and want Webmin to be able to be each of them (serving the appropriate certificate based on the IP). If you only have one SSL site, and it is your &quot;main&quot; domain...then, yes, the side effect would be that when a user connected on the IP of your &quot;main&quot; domain Webmin would serve the same certificate Virtualmin configured Apache with. Make sense?

<div class='quote'>Perhaps this setting modifies the httpd.conf virtual host i.e.

RewriteCond %{HTTP_HOST} =admin.anydomain.com
RewriteRule ^(.*) https://mydomain.com:10000/ [R]</div>

No. That's completely unrelated to the option above. That is merely a redirect, which has nothing to do with what certificates are served by Webmin.

That is defined by the &quot;Redirect admin.domain to Virtualmin?&quot; and &quot;URL for admin redirect&quot; options in the &quot;Apache website&quot; section.

You're conflating two different concepts.

The first is Webmin and it's use of SSL certificates. This is step one...and there are multiple ways to make Webmin serve out a particular SSL certificate. The easiest way to do it depends on what you want to do. Again, this is all a matter of taste. If you only have one certificate for Webmin and want everyone to use the same address for administration, then you should simply configure the certificate in Webmin-&gt;Webmin Configuration-&gt;SSL Encryption, and not worry about the complexity of the per-IP stuff.

If, on the other hand, all of your users have an IP and an SSL certificate of their own, and you want them to be able to login to Webmin on their own domains...then you'd go that route. (UCC certificates complicate things further.)

The other concept here is simply a rewrite rule in Apache. This is a convenience, and is not at all related to Webmin proper. The RewriteRule is simply saying, &quot;When someone browses to 'admin.anydomain.com', redirect their browser automatically to &quot;https://mydomain.com:10000'&quot; (where Webmin is listening). In the simplest case, assuming you have a single certificate for mydomain.com, you'd redirect everybody to mydomain.com, explicitly. In the more complex case, where every user has a certificate and an IP, you could direct the user to their own domain.

I always recommend the simplest option. But flexibility is what we're all about (possibly too much so, but we'd make a lot of people mad if we started removing these features in the interest of making things simpler).

--

Check out the forum guidelines!

Sun, 06/07/2009 - 07:47
synergos

Yes. That makes good sense.

Perhaps this is what this setting is for in the server template?

-----------------------
Configure Webmin to use same SSL cert for IP?

If this template will be used exclusively for SSL-capable websites, you can enable this option. Webmin will then use the same certificate that the SSL website uses, thus it will not generate certificate warnings when users log in using their own hostname.
-----------------------

Perhaps this setting modifies the httpd.conf virtual host i.e.

RewriteCond %{HTTP_HOST} =admin.anydomain.com
RewriteRule ^(.*) https://mydomain.com:10000/ [R]

-Jeff

Sun, 06/07/2009 - 07:47
Joe
Joe's picture

<div class='quote'>Perhaps this is what this setting is for in the server template?</div>

<div class='quote'>Configure Webmin to use same SSL cert for IP?</div>

Yes, and no, this option is for when you have multiple SSL sites and want Webmin to be able to be each of them (serving the appropriate certificate based on the IP). If you only have one SSL site, and it is your &quot;main&quot; domain...then, yes, the side effect would be that when a user connected on the IP of your &quot;main&quot; domain Webmin would serve the same certificate Virtualmin configured Apache with. Make sense?

<div class='quote'>Perhaps this setting modifies the httpd.conf virtual host i.e.

RewriteCond %{HTTP_HOST} =admin.anydomain.com
RewriteRule ^(.*) https://mydomain.com:10000/ [R]</div>

No. That's completely unrelated to the option above. That is merely a redirect, which has nothing to do with what certificates are served by Webmin.

That is defined by the &quot;Redirect admin.domain to Virtualmin?&quot; and &quot;URL for admin redirect&quot; options in the &quot;Apache website&quot; section.

You're conflating two different concepts.

The first is Webmin and it's use of SSL certificates. This is step one...and there are multiple ways to make Webmin serve out a particular SSL certificate. The easiest way to do it depends on what you want to do. Again, this is all a matter of taste. If you only have one certificate for Webmin and want everyone to use the same address for administration, then you should simply configure the certificate in Webmin-&gt;Webmin Configuration-&gt;SSL Encryption, and not worry about the complexity of the per-IP stuff.

If, on the other hand, all of your users have an IP and an SSL certificate of their own, and you want them to be able to login to Webmin on their own domains...then you'd go that route. (UCC certificates complicate things further.)

The other concept here is simply a rewrite rule in Apache. This is a convenience, and is not at all related to Webmin proper. The RewriteRule is simply saying, &quot;When someone browses to 'admin.anydomain.com', redirect their browser automatically to &quot;https://mydomain.com:10000'&quot; (where Webmin is listening). In the simplest case, assuming you have a single certificate for mydomain.com, you'd redirect everybody to mydomain.com, explicitly. In the more complex case, where every user has a certificate and an IP, you could direct the user to their own domain.

I always recommend the simplest option. But flexibility is what we're all about (possibly too much so, but we'd make a lot of people mad if we started removing these features in the interest of making things simpler).

--

Check out the forum guidelines!

Thu, 03/19/2009 - 13:34
synergos

Thanks Joe.

-Jeff

Fri, 06/17/2011 - 03:30
moetteli

Hi,

Hope somebody is still reading that thread. I have the same problem with file manager and I'm wondering, how I could reuse the certificates, I have already received for the web server running on that same host? I have a '.crt' and '.key' file. If I try to put those into SSL Encryption->SSL settings->Private key file>, I always get:

Failed to save SSL options : The SSL certificate file /etc/apache2/ssl.key/Some.key does not exist or does not contain a PEM format certificate

I mean, Apache does accept it and everything works without problems. How can I make WebMin accept the same certificate?

Thanks

Wed, 05/23/2012 - 10:32
PlayGod

If you change the Webmin cert from the * one, Java will still give errors, because now it's a different cert.

OS X: Java Preferences (in Applications/Utilities) Network > View Cache Files sort by URL and find file.jar for the domain that's giving you trouble. Delete the cached file. Restart Safari. You may want to turn off caching in Java Prefs.

If that does not do it, also delete the server's certs from Keychain Access, and you may just want to completely clear the Java Prefs cache.

I get a lot of requests for server support on Webmin and Virtualmin servers, and I like to drop my id_rsa.pub in root's authorized keys file, so I am guaranteed root login... and often the servers have the generic * cert, and I like to create a self-signed cert for the hostname and copy it to Webmin, so I don't have to keep on accepting the * cert every time I log into webmin. To do this, File Manager is the easiest way if I am given the Webmin root login.

Topic locked