Webmin blocked by certificate problem

Andrew Mathews andrew_mathews
Mon May 17 11:48:18 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roger Oberholtzer wrote:
| On Thu, 12 Jun 2003 23:30:42 -0600
| Andrew Mathews <andrew_mathews at linux-works.org> wrote:
|
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>Kevin O'Gorman wrote:
|>| I'm trying to make an old COL 3.1.1 workstation share a printer
|>| with my RH7.3 system, and for various reasons I'm not able to
|>| just change it up to a later distro.
|>|
|>| The problem is that when I point a browser at https://localhost:10000
|>| I get this dialog box that says "Could not establish an encrypted
|>| connection because certificate presented by localhost is invalid
|>| or corrupted.  Error Code -8182".
|>|
|>| Now I know next to nothing about certificates, SSL, or webmin,
|>| and I don't really know where to start on this.  Anyone with
|>| some experience with these things?
|>|
|>| As far as I know, Webmin is the only GUI tool around, and I was
|>| hoping to use it for this chore.
|>|
|>| ++ kevin
|>|
|>| _______________________________________________
|>
|>
|>
|>
|>You need to regenerate your /etc/webmin/miniserv.pem with openssl,
|>though I don't remember the specifics offhand. You might try copying the
|>original in /usr/libexec/webmin/ also. Easiest way would be to edit
|>/etc/webmin/miniserv.conf and change to ssl=0 then restart webmin to
|>take it out of ssl mode so you can log in via straight http and do the
|>certificate generation through webmin itself.
|
|
| Interesting. I never did get the Col 3.1.1 cupdate to function again
| (boring thread a while back). It, too, complained about certificates. I
| tried all that was suggested to no avail. No one suggested anything like
| this. How do you regenerate certificates? I know that one suggestion
was to
| reinstall the COL certificates (it is one of the RPMs and may help the
| webmin problem), but that did not help me. However, your mention of an
| original and, presumably, a copy, sounds interesting. What is all this
| about?
|
|
|

IIRC, (don't hold me to it) "openssl req -new -keyout key.pem -out
miniserv.pem" or cd to /usr/share/openssl and do a "make miniserv.pem"
then copy the new miniserv.pem to /etc/webmin/. Dependent on the install
type, (tarball, rpm) there's a copy of /etc/webmin/miniserv.pem stored
in /usr/libexec/webmin/ also. There was a thread on the webmin list a
while back about this that I can try to find in the archives.

- --
Andrew Mathews
- ---------------------------------------------------------------------
~ 12:40pm  up 62 days, 21:11, 11 users,  load average: 1.18, 1.52, 1.40
- ---------------------------------------------------------------------
All I can think of is a platter of organic PRUNE CRISPS being trampled
by an army of swarthy, Italian LOUNGE SINGERS ...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE+6hx9ejAu2RVHwF4RAm//AJ0SKkmehGkIWZpn/HRDUQbOWxb5ewCbB0F3
XLhpcIyw/LjH1HJHgrrd5Wo=
=ax8/
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list