Webmin private key error when activating SSL mode

11:45:00 0 Comments

After getting your SSL certificate signed by an authority, you may go to Webmin -> Webmin Configuration -> SSL Encryption to enable SSL mode.
The key fields are Private key file, Certificate file and Additional certificate files (for chained certificates). Possible issue: In my case, I just copied the private.key content into /etc/webmin/miniserv.pem but it wasn't that simple. The private.key file was generated by openssl and had the following format:
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
Once I hit save button, webmin failed to restart with the following error in the log (/var/webmin/miniserv.error)
Failed to open SSL key /etc/webmin/miniserv.pem at /usr/libexec/webmin/miniserv.pl line 4332.
Error: Webmin server did not write new PID file
It took me a little while to realise that webmin couldn't interpret the file due to ENCRYPTED bit indicating it isn't a PEM format. Solution: After googling how to convert private key to PEM format, I came up with this.
mv /etc/webmin/miniserv.pem /etc/webmin/miniserv.pem.key
openssl rsa -outform PEM -in /etc/webmin/miniserv.pem.key -out /etc/webmin/miniserv.pem
Assuming restarting webmin will be all it takes but another problem occurred. Webmin relies on perl and particularly perl-Net-SSLeay module to read SSL encrypted files. However, my key has a passphrase which Webmin requires perl-PAM module to read. So bellow is the result of another google search.
yum install perl-CPAN
perl -MCPAN -e shell
install Authen::PAM
exit
Once, that's done, webmin can be restarted without problem.

0 comments :