Replace webmin self-signed certificate to avoid sec_error_invalid_key error


badcertRecent browser versions (e.g. Firefox 33) refuse to work with older Webmin installs.

They give a sec_error_invalid_key error, offer a ‘Try again’ button, but do not offer an option to add an exception.

Firefox 33 no longer supports certificates with private keys smaller than 1024 bits.

You can replace your webmin certificate with a new one by running this command:

file=/etc/webmin/miniserv.pem
openssl req -x509 -newkey rsa:2048 -keyout $file  -out $file \
 -days 3650 -nodes -subj \
 "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" 
openssl x509 -x509toreq -in $file -signkey $file >> $file
/etc/init.d/webmin restart

This command will create a ‘pem’ file with both the private key and self-signed certificate in the same file.  -nodes will let you create the file without a passphrase.  The -subj option saves you having to manually enter certificate details.

Or you can do it by setting ssl=0 in /etc/webmin/miniserv.conf; restarting webmin with “/etc/init.d/webmin restart” then using the web interface to make the certificate change at Webmin -> Webmin Configuration -> SSL Encryption -> Self Signed Certificate


One response to “Replace webmin self-signed certificate to avoid sec_error_invalid_key error”