47.13. Turning on SSL
Like Webmin, Usermin can operating in SSL mode if the OpenSSL library and Net::SSLeay Perl modules are installed. Chapter 3 “Securing Your Webmin Server” explains how to install them and why SSL should be used, so read it first before continuing with this section. Usermin will also automatically use SSL mode by default if it detects that the needed libraries are available at install time, and will generate its own unique SSL certificate and key for your system, if possible.
If you install the required libraries after Usermin, you can switch to SSL mode by following these steps:
1. | |
2. | Change the Enable SSL if available? field to Yes. |
3. | If you have your own SSL key for this host already, enter its full path into the Private key file field. If this file just contains the key and not the certificate, you will need to fill in the Certificate file field as well. To just use Usermin's own certificate, leave these fields unchanged. |
4. | Hit the Save button to switch to SSL mode. All users that try to connect to the old http:// URL will from now on be told to use the new https:// URL, instead. |
This same page can also be used to generate a new SSL key for use by Usermin. You should definitely do this if OpenSSL was not installed when Usermin was, as it will fall back to using the key that comes with the program if a new one cannot be generated at install time. This is highly insecure, as the key is available to everyone and can be used to decrypt network traffic, thus totally negating the main benefit of SSL! You might also want to create a new key if the details of the default one (such as the company name and country) are not correct.
Follow these instructions to generate and starting using your own key and certificate:
1. | |
2. | If your system is always accessed using the same hostname in the URL, enter it into the Server name in URL field, such as www.example.com. This will cause the generated certificate to be associated only with that hostname. Otherwise, select Any hostname to allow the certificate to be used with any URL hostname. This is more convenient, but slightly less secure. |
3. | In the Email address field enter the address of the person responsible for this Usermin server, such as [email protected]. |
4. | If appropriate, fill in the Department field with the name of the department or group within your organization that this server belongs to, such as Network Engineering. |
5. | In the Organization field, enter the name of the company or organization that owns this server, such as Foo Corporation. |
6. | In the State field, enter the name of the state in which your server resides, such as California. |
7. | |
8. | |
9. | |
10. | Hit the Create Now button to generate the key and certificate and store them in the specified file in PEM format. |
All of the fields in this form are optional, with the exception of Server name in URL. If the key is just for use on your own home server, there is no need to enter a department or organization name. You must make sure, however, that any key you generate here has different details than the one created for Webmin itself. Browsers like Mozilla and Netscape currently have problems if they encounter two different keys with the same server name, department, organization, and so on.