A step-by-step guide to Generate CSR & Download an SSL Certificate on Webmin Server
This guide will help you create a CSR and install an SSL certificate on your Webmin server. You can skip the first part of this blog if you ‘re already finished with the CSR generation process. You can generate a CSR using the OpenSSL program, but it won’t allow you to insert subject alternative names (SANs). That’s why we haven’t provided instructions for it.
CSR Generation on Webmin Server
- First, you must log in to your Webmin app via your browser
- Click on the Terminal symbol located in the left pane or press Alt+K
- You’ll need to paste the below OpenSSL command to create the CSR as well as the Private Key in the terminal screen popup
Note: Change the highlighted part of the command according to your information.
detasudo openssl req -new -newkey rsa:2048 -nodes -keyout /etc/ssl/yourdomainname.com.key -out /etc/ssl/yourdomainname.com.csr -subj /C=US/ST=Florida/L=Saint Petersburg/O=Rapid Web Services/OU=Support/CN=yourdomainname; cat /etc/ssl/yourdomainname.csr
- /etc/ssl/example.com.key & /etc/ssl/yourdomainname.csr: The path where you want to store CSR and private key
- C: Your 2-digit country code
- ST: Write the full name of the state. For example, Florida.
- L: Write the full name of the city. For example, in New York.
- O: Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must write the legal name of your organization.
- OU: Name of the department (e.g., Marketing Department)
- CN: www.yourdomaninname.com or yourdomainname.com. If you want to install a Wildcard SSL certificate, you must include an asterisk at the front of the domain/subdomain (for example: *.sub.yourdomainname.com)
If everything went alright, the CSR and Private Key should get generated. You must copy the contents from —–BEGIN CERTIFICATE REQUEST—— to —–END CERTIFICATE REQUEST—– and paste the contents in a text editor such as Notepad.
Install an SSL at Webmin Server
- First, if you haven’t already downloaded your certificate files. The certificate files were usually sent by the Certification Authority to you by email. If not, you can sign in and add those files to your CA dashboard. The file extension will be .crt
- Now you have to copy the authorization files to your Webmin server and your private key.
- Locate your file at miniserv.pem now. It will possibly be located at /etc / webmin or where the miniserv.conf file has been stored.
- Now you need to make your private key & main certificate with a new miniserv.pem file, and replace it with the existing one. You’ll have to run the command below to do so:
cat private.key yourcommonname.crt > new_miniserv.pem
Change “secure.key” to the private key file name you created, and you should also change “yourcommonname.crt” to the SSL certificate file name. Should not forget to backup your old miniserv.pem file while doing so.
- If you got an intermediate certificate from the CA you must add a “extracas” line to your miniserv.conf file:
If everything went as directed restart your Webmin server. Visit your website, visit the https website and enjoy the moment!