how to create a secure CSR for virtualmin

I had tried to generate a CSR for one of my newest webservers so I could have the security warnings go away. It turns out the self-signed cert was a higher security than the one for the CSR generation....

what is the proper way to generate a CSR with the highest TLS? LE is not an option here as the machine is named bleh3.*.com and *.com is actually another machine. I need to generate a proper CSR that is TLS enabled so browsers will not lock clients and myself out of virtualmin.



Howdy -- thanks for contacting us!

When a CSR is generated, it is signed with an SHA algorithm (SHA-256 I believe).

You can use that with any TLS version.

The issue you mentioned in your previous request mentioned an issue with the RC4 cipher.

That's not related to generating the SSL certificate, but is specific to the protocol used when the browser communicates with the web server.

If your server was requiring RC4, that may have been a configuration issue on your system there, but that's not a Webmin or Virtualmin default. If it were, no one would ever be able to access Webmin and I'd spend all my time having people change that :-)

You can specify which SSL protocols and ciphers are used by Webmin in Webmin -> Webmin -> Webmin Configuration -> SSL Encryption.

Also, note that for SSL Certificates generated using Virtualmin, you can specify the key size for that by going into System Settings -> Virtualmin Config -> SSL Settings.

The default is 2046, but you could increase it to 4096 if that's something you're interested in.

However, I don't know how you'd adjust that for certs generated in Webmin itself, Jamie would need to comment on whether that's possible.

An option you can use though is generate the cert for a Virtual Server in Virtualmin, then just use the "Copy to Webmin" button in the Manage SSL Certificates screen.

the server was webmin i noted in my other thread ALL advanced encryption was disabled by default...that's on webmin not the server.

Certs generated for webmin itself can have their size set on the page at Webmin -> Webmin Configuration -> SSL Encryption -> Certificate Signing Request.

What exactly do you plan to use this CSR for though?