Installing your Webmin SSL Certificate
-
Copy both certificate files to your webmin server, along with the private key file if you did not generate the private key and CSR on the webmin server. Your private key file should start with the line "-----BEGIN RSA PRIVATE KEY-----" and end with "-----END RSA PRIVATE KEY-----"
-
Locate your miniserv.pem file. This is where your current certificate is stored. You'll probably find it in /etc/webmin or wherever you have your miniserv.conf file. You'll need to build a replacement miniserv.pem file using your private key and primary certificate. One easy way to build the file is to run the following:
cat private.key your_common_name.crt > new_miniserv.pem
Substitute "private.key" with the filename of your private key, and "your_common_name.crt" with the filename of your SSL certificate. You can also use a text editor to create the PEM file. Just paste the private key at the top, immediately followed by your SSL certificate, so that you have a file similar to the layout below:
-----BEGIN RSA PRIVATE KEY-----
(Contents of private key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Contents of SSL certificate: your_domain_name.crt)
-----END CERTIFICATE----- -
Make a backup copy of your current miniserv.pem file, then replace miniserv.pem with your new_miniserv.pem file.
-
Add an "extracas" line to your miniserv.conf file which references your intermediate certificate file by its full path, such as:
extracas=/etc/webmin/E-Tugra_Root.crt
Depending on your version of Webmin, you may be able to specify the path to your intermediate certificate by logging into webmin and going to /webmin/edit_ssl.cgi. The extracas configuration option is known to be available via edit_ssl.cgi in version 1.330, but not available for configuration through-the-web in version 1.070.
If you have more than one intermediate certificate file, you can list them on the same line, separated by spaces.
-
Restart webmin and visit its URL in a web browser. You should now be able to access webmin without having to accept any SSL browser warnings.