Webmin SSL Administration
Introduction
A Certificate Signing Request (CSR) is required when ordering an SSL-certificate, this is generated from a private key.
If you wish to create the private key yourself you will also have to generate the CSR, follow Generating a CSR followed by Installation of SSL-certificate
Generating a CSR
- Open your Webmin control panel
- Expand Webmin on the left.
Click Webmin Configuration.
Click SSL Encryption in the middle.
- Click on the Certificate Signing Request tab.
- Enter the following information:
- Server names: Change from Any hostname to a specific name and enter the website's DNS name (e.g. www.fairssl.dk)
- Email address: Leave this empty
- Department: Enter the same name as in Organization or leave it empty
- Organization: Enter the company name exactly as presented in CVR (e.g. FairSSL A/S)
- City or locality: Enter the city where the company is located (e.g. Ørum Djurs)
- State: Enter the municipality where the company is located (e.g. Norddjurs)
- Country code: 2-letter ISA standard country code, must be capitalised (e.g. DK)
- SSL key size: Must be at least 2048
- Days before expiry: Leave this as is
- Write key to file: Here you can decide where you wish to place your private key file, give it a name that makes it easy to remember what it is for, e.g. the DNS name followed by .key (e.g. www.fairssl.dk.key)
- Write CSR to file: Here you can decide where you wish to place your CSR file, give it a name that makes it easy to remember what it is for, e.g. the DNS name followed by .csr (e.g. www.fairssl.dk.csr)
Click Create Now.
- Copy the entire text, incl. all the dashes before and after.
Insert the copied text in the CSR field during the certificate ordering.
The following is an example of a complete CSR text:
A CSR does not contain any private information, and there are no security risks by sending the CSR to us through an unencrypted email.
Installation of SSL-certificate
- Expand Servers on the left.
Click the server that is to get the certificate installed.
Click on the Create virtual host tab.
Enter the following information:
- Handle connections to address: Select the IP- address or addresses the website is using (Select Any address to listen on all available IP addresses on the server)
- Port: Select the port the website is using (port 443 is default for https traffic)
- Document Root: Select the folder that is the root folder for the website
- Server name: Enter the DNS name for the website
- Add virtual server to file: Select New fil under virtual servers directory
- Copy directives from: If you already have a setup on a different website, and this one needs the same settings, you can select it here
Click Create Now.
- Click on the Existing virtual hosts tab.
Click on the globe next to the host you just created.
- Click SSL Options in the middle.
- Enter the following information:
- Enable SSL: Select Yes
- SSL Protocols: Deselect SSLv2 and SSLv3 unless you have a specific reason to keep them
- Certificate/private key file: Enter the path to your certificate file
- Private key file: Enter the path to your private key file
- Certificate authorities file: Enter the path to the intermediate certificate file
Leave the rest on Default.
Click Save.
- Click the Start apache arrow in the top right corner.
We recommend that you test the installation with our server tester at https://www.fairssl.net/en/ssltest
Intermediate certificates
Here you can find the intermediate certificates from different Certificate Authorities.
We recommend that you use the intermediate certificate you got with your server certificate, and only download from here in case you lose it, as the one you get in the mail will always be the correct one for your server certificate.
