#4555 certificate is not trusted because no issuer chain was provided

[Cedric Knight]

Miniserv (Webmin Debian 1.7.10.) apparently only reads the first certificate block and key from miniserv.pem. I tried following instructions in http://www.webmin.com/faq.html, but get a cert warning in Torbrowser: "uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)". The simple workaround is to visit the main site, causing the browser to store the validated cert (Apache uses exactly the same three-part chain, but a SSLCertificateChainFile directive causes it to supply the intermediate certificate(s) to the browser).

Expected results: Miniserv supplies the full certificate chain supplied in miniserv.pem when setting up an HTTPS connection.

[Jamie Cameron]

You may need to enter the path to a separate file containing the chained certifcates at Webmin -> Webmin Configuration -> SSL Encryption -> Additional certificate files.

[Cedric Knight]

Ah, thanks, that does indeed fix it. However, my intention was to set up the certificate before logging in, as described in the FAQ. Perhaps the FAQ could mention that the chained certificate files can be added as extracas= in /etc/webmin/miniserv.conf.

[Jamie Cameron]

Good idea, I'll update the docs to mention this.