Permissions issue with Create Certificate button in Webmin

[sackofspuds]

If you want to create a new LDAPS certificate in Turnkey OpenLDAP you can do the following:

1. From the Webmin console, navigate to Servers > LDAP Server.
2. Click on the OpenLDAP Server Configuration button.
3. Click on the Generate SSL Certificate button.
4. The hostname defaults to openldap. Change this value to match the DNS name of the
5. appliance. For example, openldap.example.com
6. Complete the Country code field. Note that XX can be used as the country code for a
7. self-signed internal certificate.
8. Click the Create Certificate button.
9. Click on the Apply Configuration button.

Unfortunately this fails because the openldap group does not have permission over the new certificate and key.

The workaround is after step 8 above to ssh to the appliance or navigate to Tools > Terminal in the Webmin web console, then give the group openldap read access to the files:

chgrp openldap /etc/ldap/tls/openldap_crt.pem
chmod g+r /etc/ldap/tls/openldap_crt.pem
chgrp openldap /etc/ldap/tls/openldap_key.pem
chmod g+r /etc/ldap/tls/openldap_key.pem 

You can then proceed to step 9.

Perhaps these permissions could be changed to avoid this workaround.

[JedMeister]

Thanks for reporting the bug and bonus points for posting a fix/workaround.

It sounds like it's actually an issue/oversight in Webmin itself when generating the new cert.