Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Securing Webmin using OpenSSL UNIX
Webmin is a great tool for Unices, just OK for OS X client and server. I use it to manage my Sun Solaris 8 servers at work rather than SMC. The big caveat is that using it as-is over http is unsecure. Anyone using snoop or a packet sniffer can compromise your machine(s). Using OpenSSL under MacOS X secures this wonderful and free tool.

Until recently, the headers for ssl were not available, but now they are. Apple has released the "Darwin Development Environment" which includes these headers.

For a Step-by-Step on securing Webmin via SSL, read on...

Start by getting Webmin at:
curl -0 http://www.webmin.com/download/webmin-0.92.tar.gz
I then placed it in the Utilities Folder, ou can put it anywhere you like.

Untar the file:
tar -zxvf webmin-0.92.tar.gz
Now read the manual to see how to setup webmin.

Download "Darwin Development Environment for Mac OS X" and install it. If you have troubles installing Darwin, you might want to check out this hint (you will need your admin password here):
curl -0 http://www.opensource.apple.com/projects/darwin/1.4/darwintools.pkg.tar
tar -xvf darwintools.pkg.tar
Download and install the Perl Mod "Net_SSLeay.pm"
curl -0 http://www.cpan.org/modules/by-module/Net/Net_SSLeay.pm-1.13.tar.gz
tar -zxvf Net_SSLeay.pm-1.13.tar.gz
cd Net_SSLeay.pm-1.13
./Makefile.PL -t # builds and tests it, or "perl Makefile.PL"
make install # You probably have to su to root to do this
perldoc Net::SSLeay # optional, but highly recommended
perldoc Net::SSLeay::Handle
If the command perl -e 'use Net::SSLeay' doesn't output any error message, then the SSL support that Webmin needs is properly installed.

You can now log into Webmin and enable SSL by going here:
http://127.0.0.1:10000/webmin/edit_ssl.cgi

Now you can use HTTPS by simply going to:
https://127.0.0.1:10000/

You'll notice your browser will say somethings wrong (can't be verified) with the certificate. It's a "self-signed certificate" not verified by an external yahoo like verisign, hence the error. It is encrypted however.

You can create other certificates per webmin user. You'll have to change the path to openssl in webmin at:

https://127.0.0.1:10000/config.cgi?acl

The correct path under 10.1 is:

/usr/bin/openssl

You can also create another certificate authority (CA) at:

https://127.0.0.1:10000/webmin/edit_ca.cgi

That's it, you should now have a secure working copy of WebMin running.

[Editor's note: This hint requires a fair amount of knowledge at the command line prompt. If you are unsure of how to proceed, you might not want to try this without some help.]
    •    
  • Currently 3.67 / 5
  You rated: 5 / 5 (3 votes cast)
 
[11,582 views]  

Securing Webmin using OpenSSL | 5 comments | Create New Account
Click here to return to the 'Securing Webmin using OpenSSL' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Which dev tools...
Authored by: metafeather on Feb 27, '02 09:42:07AM

Do you have to use the Darwin dev tools stated or do the OpenSSL headers also come as part of the 10.1 Dev Tools from the ADC site?



[ Reply to This | # ]
Addendum
Authored by: Anonymous on Feb 27, '02 02:43:21PM

This hint relates specifically to Mac OS X (10.1). It can also apply to Darwin. The "Darwin Development Tools" include the neccessary headers for SSL, which were not included with the "Apple Developer Tools." You'll need to have both to be successful at securing Webmin.


I believe an Apple ADC membership is required to download the Apple dev tools. The Darwin tools require no membership.



[ Reply to This | # ]
Easier solution
Authored by: sharrissf on Sep 24, '03 01:08:35AM

First, install webmin for os x.

http://www.apple.com/downloads/macosx/unix_open_source/webmininstaller.html

Next down load the package from cpan.
http://www.cpan.org/modules/by-module/Net/
get Net_SSLeay.pm-1.25.tar.gz

Then click on the Others item on the top left. Then click Perl Modules.

select
From uploaded file and pick Choose File and select the Net_SSLeay.pm-1.25.tar.gz

Then click install. For me that did the trick. Then I just went into my webmin settings and changed them to use ssl and I was all set.

Hope this helps as it is my FIRST OS X hints post



[ Reply to This | # ]
Easier solution - problem on Panther
Authored by: browndavidb on Oct 27, '03 06:48:33AM

Hi I tried this, but got the following error


Error: Unable to locate installed Perl libraries or Perl source code.

It is recommended that you install perl in a standard location before
building extensions. Some precompiled versions of perl do not contain
these header files, so you cannot build extensions. In such a case,
please build and install your perl from a fresh perl distribution. It
usually solves this kind of problem.

(You get this message, because MakeMaker could not find "/System/Library/Perl/5.8.1/darwin-thread-mu
lti-2level/CORE/perl.h")
Checking if your kit is complete...
Looks good


How do I tell it where the Perl libraries are, i think it should be /System/Library/Perl/darwin/CORE ?


Cheers
David



[ Reply to This | # ]
problem on Panther: no Perl
Authored by: mhopeng on Oct 08, '04 12:08:53PM

Sounds like you don't have the Developer Tools installed...



[ Reply to This | # ]