A step-by-step guide to Generate CSR & Install an SSL Certificate on Webmin Server
This guide will help you generate a CSR and install an SSL certificate on your Webmin server. You can skip the first part of this blog if you’re already done with the CSR generation process. You can generate a CSR using the OpenSSL application, but it won’t allow you to insert subject alternative names (SANs). That’s why we haven’t provided instructions for it.
CSR Generation on Webmin Server
- First, you must log in to your Webmin interface through your browser
- Click on the Terminal symbol located in the left pane or press Alt+K
- You’ll need to paste the below OpenSSL command to generate the CSR as well as the Private Key in the terminal screen popup
Note: Adjust the highlighted part of the command according to your details.
detasudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/ssl/yourdomainname.com.key -out /etc/ssl/yourdomainname.com.csr -subj /C=US/ST=Florida/L=Saint Petersburg/O=Rapid Web Services/OU=Support/CN=yourdomainname; cat /etc/ssl/yourdomainname.csr
- /etc/ssl/example.com.key & /etc/ssl/yourdomainname.csr: The path where you want to store CSR and private key
- C: Your 2-digit country code
- ST: Write the full name of the state. For example, Florida.
- L: Write the full name of the city. For example, in New York.
- O: Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must write the legal name of your organization.
- OU: Name of the department (e.g., Marketing Department)
- CN: www.yourdomaninname.com or yourdomainname.com. If you want to install a Wildcard SSL certificate, you must include an asterisk at the front of the domain/subdomain (for example: *.sub.yourdomainname.com)
If everything went alright, the CSR and Private Key should get generated. You must copy the contents from —–BEGIN CERTIFICATE REQUEST—— to —–END CERTIFICATE REQUEST—– and paste the contents in a text editor such as Notepad.
Install an SSL certificate on Webmin Server
- First, download your certificate files if you haven’t. The certificate files will likely have been emailed to you by the Certification Authority. If not, you can log in to your CA dashboard and download these files. The extension of the files will be .crt
- Now you must copy the certificate files and private key to your Webmin server.
- Now locate your miniserv.pem file. Probably, It will be located at /etc/webmin or where you’ve stored the miniserv.conf file.
- Now you need to make a new miniserv.pem file with your private key & main certificate and replace it with the existing one. To do so, you’ll need to run the command below:
cat private.key yourcommonname.crt > new_miniserv.pem
Change “private.key” to the file name of the private key you generated, and you should also change “yourcommonname.crt” to the file name of your SSL certificate. While doing so, don’t forget to backup your old miniserv.pem file.
- If the CA has provided you an intermediate certificate, you must add an “extracas” line to your miniserv.conf file:
Restart your Webmin server if everything went as instructed. Visit your website, see the website with https and savor the moment!