Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Securing Webmin via SSL' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Securing Webmin via SSL
Authored by: Anonymous on Feb 24, '02 06:45:19PM

Webmin is a great tool for Unices, just OK for OS X client and server. I use it to manage my Sun Solaris 8 servers at work rather than SMC. The big caveat is that using it as-is over http is unsecure. Anyone using snoop or a packet sniffer can compromise your machine(s). Using OpenSSL under MacOS X secures this wonderful and free tool.

Until recently, the headers for ssl were not available, now they are. Apple has released the "Darwin Development Environment" with includes these headers.

Get Webmin at:

curl -0 http://www.webmin.com/download/webmin-0.92.tar.gz

I mv'd it to WebMin and placed it in the Utilities Folder. You can put it anywhere.

do your extract mojo

RTFM to setup webmin first.

Under recently, the headers for ssl were not available, now they are. Apple has released the "Darwin Development Environment" with includes these headers.


Download "Darwin Development Environment for Mac OS X" at:

curl -0 http://www.opensource.apple.com/projects/darwin/1.4/darwintools.pkg.tar

Extract it:

tar -xvf darwintools.pkg.tar

Install it with your admin password.

Download the Perl Mod "Net_SSLeay.pm"

curl -0 http://www.cpan.org/modules/by-module/Net/Net_SSLeay.pm-1.13.tar.gz

do your extract mojo

cd Net_SSLeay.pm-1.13


./Makefile.PL -t # builds and tests it, or "perl Makefile.PL"
make install # You probably have to su to root to do this
perldoc Net::SSLeay # optional, but highly recommended
perldoc Net::SSLeay::Handle

If the command perl -e 'use Net::SSLeay' doesn't output any error message, then the SSL support that Webmin needs is properly installed.

Go to:

http://127.0.0.1:10000/webmin/edit_ssl.cgi

Of course you installed Webmin didn't you? It may just take you back to the login. If not use https.

Enable SSL

Go to https://127.0.0.1:10000/

You'll notice your browser with say somethings wrong (can't be verified) with the certificate. It's a "self-signed certificate" not verified by an external yahoo like verisign, hence the error. It is encrypted however.

You can create other certificates per webmin user. You'll have to change the path to openssl in webmin at:

https://127.0.0.1:10000/config.cgi?acl

The correct path under 10.1 is:

/usr/bin/openssl

You can also create another certificate authority (CA) at:

https://127.0.0.1:10000/webmin/edit_ca.cgi

For your webmin server.

Abracafiggindabra your done!




[ Reply to This | # ]
Addendum: Securing Webmin via SSL
Authored by: Anonymous on Feb 24, '02 08:34:56PM

You may have to use:

perl ./Makefile.PL /usr/bin/openssl

for it to successfully find openssl



[ Reply to This | # ]