Problems setting up a certificate authority

Webmin
2012-05-09
2013-05-22
  • Mike Robinson
    Mike Robinson
    2012-05-09

    I have two servers, one running Centos 5 and the other running Debian 6 and both have Webmin 1.587 and Virtualmin 3.91.gpl GPL. On the Centos server, when I set up a certificate authority (Webmin > Webmin config > Certificate authority) everything works fine. I can then add a certificate to the root user and log in using certificate authentication instead of password authentication.

    But with the Debian 6 server, as soon as I enable the certificate authority, I am unable to access Webmin with Firefox or Google Chrome. Every page I try to access times out, even if I restart the browser or delete all of the user SSL certificates. I even tried restarting the computer just in case something was somehow messing things up even between sessions. However I am still able to access it using the Rekonq browser and shut down the certificate authority, and as soon as I do that I can access it again in both Chrome and Firefox.

    I don't even know how to debug this. When I use http://web-sniffer.net/ both the response headers and the HTML look exactly the same when the certificate authority is turned on and turned off, so I don't even know how the browsers know the difference. Any ideas how I can get this working?

     
  • Mike Robinson
    Mike Robinson
    2012-05-09

    Note, this looks like a problem ONLY with webmin and not with Apache on the same server. I set up the following VirtualHost

    <VirtualHost *:443>
            DocumentRoot /opt/roundcube
            ErrorLog ${APACHE_LOG_DIR}/error.log
            DirectoryIndex index.html index.htm index.php index.php4 index.php5
            <Directory /opt/roundcube>
                    Options -Indexes +IncludesNOEXEC +FollowSymLinks
                    allow from all
                    AllowOverride All
            </Directory>
            SSLEngine on
            SSLCertificateFile /root/testssl.crt
            SSLCertificateKeyFile /root/testssl.key
            SSLVerifyClient optional
            SSLVerifyDepth 1
            SSLOptions +StdEnvVars
    </VirtualHost>
    

    and this works correctly. It prompts me for a certificate and if I cancel it, it continues to load the page.

     
  • Mike Robinson
    Mike Robinson
    2012-05-11

    If nobody knows, I guess I'll have to submit a bug report.