Project

General

Profile

[Abandoned] Self Created SSL Certificates

Added by DebianUK 2 months ago

Hello

I have upgraded Debian 10 to Debian 11.

This has upgraded lighttpd from 1.4.53 to to 1.4.59.

I now find that my SSL certificate - created by myself - no longer works.

This is for an internal test machine, not public facing.

SSL configuration:
---
ssl.pemfile = "/etc/lighttpd/ssl/subdomain.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.pem"
---

This has worked for over 3 years until the update.

In Chrome, it outputs this error:
ERR_SSL_PROTOCOL_ERROR

In Firefox:
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Is it possible to use my own SSL certificate with lighttpd 1.4.59 ?

If so, is there an updated guide anywhere?

For now, I'm using a Let's Encrypt cert as a workaround.

However, I need to issue client certificates to the clients - I cannot do that with Let's Encrypt.


Replies (1)

RE: Self Created SSL Certificates - Added by gstrauss 2 months ago

Is it possible to use my own SSL certificate with lighttpd 1.4.59 ?

Yes.

If so, is there an updated guide anywhere?

Rhetorical question: Did you read the lighttpd TLS documentation ?

In Chrome, it outputs this error:
ERR_SSL_PROTOCOL_ERROR

In Firefox:
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

That information is not very useful other than, yes, you have an TLS error somewhere, probably related to certificates. If you have the skills to create client certificates, can you provide more details as to why the clients do not like the certificate received?

Maybe the certificate chain is not being built? If you provide the chain in ssl.pemfile (as recommended in lighttpd TLS documentation), this error probably would not occur.

    (1-1/1)