vennedey.net

Virtualmin: Break sharing SSL certificates

On Mon, 19 Dec 2016 19:31:54 +0100 by Falco Vennedey

I recently ran into some problems trying to activate https for some virtual servers in Virtualmin. After enabling SSL for the virtual server foo.bar.example.com and clicking Manage SSL Certificate I got the message

This virtual server shares its SSL certificate with baz.example.com, so it cannot be edited on this page. Use its Manage SSL Certificate page to change SSL settings.

Since baz.example.com has a wildcard certificate *.example.com, I think that Virtualmin tries to be smart and wants to use the same certificate for foo.bar.example.com, which will not work since foo.bar.example.com is not part of *.example.com.

To get around this and allow separate SSL configuration for foo.bar.example.com one need to break the link between these both virtual servers SSL configurations. To do so, first find the Virtualmin configuration for the given virtual server:

root@host:~# cd /etc/webmin/virtual-server/domains
root@host:~# grep -rFx 'dom=foo.bar.example.com' .
./145382287315480:dom=foo.bar.example.com

Open the file and edit the ssl_cert, ssl_key and ssl_chain directives to point to a location individual for the virtual server. Do not use locations served by the apache webserver!

/etc/webmin/virtual-server/domains/145382287315480
ssl_cert  = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.cert
ssl_key   = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.key
ssl_chain = /var/www/vserver/bar.example.com/domains/foo.bar.example.com/ssl.ca

Now delete the ssl_same=… directive from the configuration. This will isolate the SSL configuration for this virtual server.

Save the configuration, and in Virtualmin click Manage SSL Certificate again. You are now able to change SSL settings for the given virtual server.

Comments

Write a comment
* optional