When you set up webmin and download and install open ssl and the perl module to enable https://webminserver.com:10000 and enable one net ip address and one local IP addressas in my case (or excluse ips) for webmin access for the net. One is the certifcate secure and two is this be considered secure practice? Thanks, Mike
--On Wednesday, February 05, 2003 5:36 PM -0800 landers@lanlinecomputers.com wrote:> When you set up webmin and download and install open ssl and the perl > module to enable https://webminserver.com:10000 and enable one net ip > address and one local IP addressas in my case (or excluse ips) for webmin > access for the net. One is the certifcate secure and two is this be > considered secure practice? >The cert is secure provided that you are sure that you are REALLY connecting to webminserver.com (since it is a self-signed cert). Add IP restrictions as you''ve done and you about as safe as your going to be. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Go into webmin configuration/ssl encryption There you have the option to create your own cert should you not trust the cert that was shipped stock with webmin. These certificates are ''self-signed'' meaning there is no verifying authority (eg. verisign, thawte, etc.) and it''s up to you to trust it either implicitly or at a marginal level. Either way, it''s on your system and you made the cert you be the judge. If you''re paranoid, you could spend the cash on a comercial cert. This is a common practice since a ''real'' cert is quite costly in many cases. Well...I''m off-topic...back to lurking. -Paul On Wed, 5 Feb 2003 17:36:17 -0800 <landers@lanlinecomputers.com> opened up to us and said:> When you set up webmin and download and install open ssl and the perl > module to enable https://webminserver.com:10000 and enable one net ip > address and one local IP addressas in my case (or excluse ips) for > webmin access for the net. One is the certifcate secure and two is > this be considered secure practice? > > Thanks, > Mike > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- Paul Slinski System Administrator Global IQX http://www.globaliqx.com/ pauls@globaliqx.com
--On Thursday, February 06, 2003 8:59 AM -0500 Paul Slinski <pauls@globaliqx.com> wrote:> Go into webmin configuration/ssl encryption > > There you have the option to create your own cert should you not trust > the cert that was shipped stock with webmin. > > These certificates are ''self-signed'' meaning there is no verifying > authority (eg. verisign, thawte, etc.) and it''s up to you to trust it > either implicitly or at a marginal level. Either way, it''s on your > system and you made the cert you be the judge. If you''re paranoid, you > could spend the cash on a comercial cert. > > This is a common practice since a ''real'' cert is quite costly in many > cases.Yes -- for more, see http://lists.shorewall.net/Shorewall_CA_html.html (yes, there really is a stutter in the URL). Note also that the HTTPS model is designed to convey trust in the _server_ whereas in the case of Webmin, I would think that most admins are inclined to distrust the _client_. Alas, there seems to be no way to utilize client certs for authentication. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net