I've been using webmin for a while but someone else was handling the CSR requests. My certificate is expiring, so i wanted to make a new one. i know how to install them but i'm struggling with the command shell in openssl because i'm a designer. i think i may have messed openssl up.
I'm running- Operating system CentOS Linux 5.5 Webmin version 1.540 Virtualmin version 3.84.gpl GPL
Net::SSLeay 1 Perl extension for using OpenSSL 1.30 26/Oct/2009 14:35
maybe i just need to get the syntax right but this is the error i get-
openssl genrsa -out my.domain.com.key.pem 2048 Generating RSA private key, 2048 bit long modulus .......................+++ .............+++ e is 65537 (0x10001)
openssl req -new -key my.domain.com.key.pem -out req.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,
Country Name (2 letter code) [GB]:problems making Certificate Request
i've looked at the documentation but i just can't seem to wrap my head around this. any help would be much appreciated. thanks, aj
Howdy,
There's actually a super-easy way to do all that... you can go into Server Configuration -> Manage SSL Certificates for the domain that has the SSL cert.
From there, it's as simple as going into the "Signing Request" tab, where you can generate a new CSR.
Once you have your CSR, you give that to the SSL provider, who would then give you your SSL certificate. You can paste the SSL cert they give you into the "New Certificate" field.
After that, you should be all set!
-Eric
i need a new certificate(or renew my old one, but i think i already screwed that up i think) for my main server so all the virtual domains can access email securely. this server was setup awhile ago by someone else manually and if you look the virtualmin info it shows no ssl sites. Virtualmin Information Virtual servers 54 DNS domains 54 Virtual websites 54 SSL websites 0 Mail domains 50 Databases 9 Mail/FTP users 179 Mail aliases 76
I tried to enable ssl on one virtual domain but it broke the web site ip address when i looked in apache for the problem. i don't want to mess anything else up. to make things worse now the file manager wont work because of java error with the ssl certificate(tried IE, safari, firefox)
the certificate is for my.exampledomain.com it only shows up in apache as a virtual server, not in virtualmin. in apache it is pointed to the hastymail directory not a site folder.
Well, it's possible that whoever had setup your initial SSL cert didn't use Virtualmin to set that up, and instead did it manually.
That's no problem, you just need to use the command line tools as you were originally attempting.
I don't recall the exact syntax, but most SSL providers will give you the exact syntax to use to generate your CSR's and install the resulting certificates.
For example, GoDaddy has instructions on generating the CSR here:
http://help.godaddy.com/topic/746/article/5269?locale=en
I imported the apache virtual server into virtualmin and fixed the IP address and the mail is still flowing with a certificate error. so now when i try to enable ssl through virtualmin i get this error back-
Changing IP address of virtual website .. .. done Creating SSL certificate and private key .. .. SSL website failed! : Failed to open /var/www/hastymail/ssl.cert.webmintmp.28960 : Permission denied at ../web-lib-funcs.pl line 1360, line 1. Updating Webmin user .. .. done Updating Webmin user .. .. done Saving server details .. .. done Stopping and re-starting web server .. .. done Re-loading Webmin .. .. done
Where is the best default place for the .cert,key,...? looking at the configuration for postfix and it says tls certificate,key, and authority file location is /etc/postfix/my.server.com.crt it is the right name for the one that expired, but i'm not sure how to get virtualmin to process that command successfully so i can get the csr request working. i'm sure i'm just missing a confg file somewhere. any ideas?
thanks