Submitted by hescominsoon on Sat, 02/02/2019 - 10:03 Pro Licensee
I had tried to generate a CSR for one of my newest webservers so I could have the security warnings go away. It turns out the self-signed cert was a higher security than the one for the CSR generation....
what is the proper way to generate a CSR with the highest TLS? LE is not an option here as the machine is named bleh3.*.com and *.com is actually another machine. I need to generate a proper CSR that is TLS enabled so browsers will not lock clients and myself out of virtualmin.
Status:
Closed (cannot reproduce)
Comments
Submitted by andreychek on Sat, 02/02/2019 - 14:44 Comment #1
Howdy -- thanks for contacting us!
When a CSR is generated, it is signed with an SHA algorithm (SHA-256 I believe).
You can use that with any TLS version.
The issue you mentioned in your previous request mentioned an issue with the RC4 cipher.
That's not related to generating the SSL certificate, but is specific to the protocol used when the browser communicates with the web server.
If your server was requiring RC4, that may have been a configuration issue on your system there, but that's not a Webmin or Virtualmin default. If it were, no one would ever be able to access Webmin and I'd spend all my time having people change that :-)
You can specify which SSL protocols and ciphers are used by Webmin in Webmin -> Webmin -> Webmin Configuration -> SSL Encryption.
Submitted by andreychek on Sat, 02/02/2019 - 14:48 Comment #2
Also, note that for SSL Certificates generated using Virtualmin, you can specify the key size for that by going into System Settings -> Virtualmin Config -> SSL Settings.
The default is 2046, but you could increase it to 4096 if that's something you're interested in.
However, I don't know how you'd adjust that for certs generated in Webmin itself, Jamie would need to comment on whether that's possible.
An option you can use though is generate the cert for a Virtual Server in Virtualmin, then just use the "Copy to Webmin" button in the Manage SSL Certificates screen.
Submitted by hescominsoon on Sat, 02/02/2019 - 15:06 Pro Licensee Comment #3
the server was webmin itself..as i noted in my other thread ALL advanced encryption was disabled by default...that's on webmin not the server.
Submitted by JamieCameron on Sat, 02/02/2019 - 19:23 Comment #4
Certs generated for webmin itself can have their size set on the page at Webmin -> Webmin Configuration -> SSL Encryption -> Certificate Signing Request.
What exactly do you plan to use this CSR for though?
Submitted by JamieCameron on Fri, 10/25/2019 - 00:15 Comment #6
The TLS level isn't an attribute of the CSR though - it's a webserver setting.
Submitted by craigh on Fri, 10/25/2019 - 01:32 Pro Licensee Comment #7
OK, I will butt in on someone else's ticket here, because qasimali22 is clearly zombie-posting to post spam.
Submitted by hescominsoon on Fri, 10/25/2019 - 07:39 Pro Licensee Comment #8
This system is no longer operating. i took it offline...:)