I have two servers:
Centos 5, Webmin 1.585 and Virtualmin 3.92.gpl GPL
Debian 6 Webmin 1.587 (upgraded to 1.588) and Virtualmin 3.92.gpl GPL
Since I am using different Webmin versions on each server, I'm not sure if this was some sort of regression between 1.585 and 1.587 or if it is something to do with the OS.
On the Centos server, when I set up a certificate authority (Webmin > Webmin config > Certificate authority) everything works fine. I can then add a certificate to the root user and log in using certificate authentication instead of password authentication. No problems here.
However, with the Debian server, as soon as I enable the certificate authority, I get a request for a SSL client certificate, and when I cancel it, I am unable to access Webmin with Firefox or Google Chrome. Every page I try to access times out (in Chrome) or just keeps trying to load until cancelled (Firefox). I tried restarting the browsers and deleting all of the user SSL certificates to no avail.
Fortunately, I am able to access this server using the Rekonq browser. When I shut down the certificate authority, I can immediately access it again in both Chrome and Firefox. Note Rekonq doesn't have support for SSL client certificates, which is likely why it works.
Note, this looks like a problem ONLY with Webmin and not with Apache. On the same Debian server I set up the following VirtualHost
DirectoryIndex index.html index.htm index.php index.php4 index.php5
Options -Indexes +IncludesNOEXEC +FollowSymLinks
allow from all
and this works correctly. It prompts me for a certificate and if I cancel it, it continues to load the page.
Update :: I just tried it in the Opera browser, and I get slightly different behavior. First, when I go to the Webmin URL, I am asked to accept/reject the invalid SSL certificate for my server since I haven't added it to my Opera keyring yet. This is true, it is invalid, however shouldn't the client SSL certificate be sent first (before the server's SSL certificate)? If I recall correctly, this was the behavior with Chrome and Firefox. First it would ask for the client certificate, THEN it would tell me the server's certificate was invalid.
In Opera, when I approve the server's SSL certificate, I am asked to choose an SSL client certificate... FIVE times. When I log in using password authentication and on every subsequent request to the server, I am prompted to send an SSL client certificate at least 2 times per request. I have a feeling Chrome and Firefox don't support multiple certificate requests, which is why they just time out.