[Abandoned] Self Created SSL Certificates
Added by DebianUK over 2 years ago
Hello
I have upgraded Debian 10 to Debian 11.
This has upgraded lighttpd from 1.4.53 to to 1.4.59.
I now find that my SSL certificate - created by myself - no longer works.
This is for an internal test machine, not public facing.
SSL configuration:
---
ssl.pemfile = "/etc/lighttpd/ssl/subdomain.pem"
ssl.ca-file = "/etc/lighttpd/ssl/domain.pem"
---
This has worked for over 3 years until the update.
In Chrome, it outputs this error:
ERR_SSL_PROTOCOL_ERROR
In Firefox:
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT
Is it possible to use my own SSL certificate with lighttpd 1.4.59 ?
If so, is there an updated guide anywhere?
For now, I'm using a Let's Encrypt cert as a workaround.
However, I need to issue client certificates to the clients - I cannot do that with Let's Encrypt.
Replies (1)
RE: Self Created SSL Certificates - Added by gstrauss over 2 years ago
Is it possible to use my own SSL certificate with lighttpd 1.4.59 ?
Yes.
If so, is there an updated guide anywhere?
Rhetorical question: Did you read the lighttpd TLS documentation ?
In Chrome, it outputs this error:
ERR_SSL_PROTOCOL_ERRORIn Firefox:
Error code: SSL_ERROR_INTERNAL_ERROR_ALERT
That information is not very useful other than, yes, you have an TLS error somewhere, probably related to certificates. If you have the skills to create client certificates, can you provide more details as to why the clients do not like the certificate received?
Maybe the certificate chain is not being built? If you provide the chain in ssl.pemfile (as recommended in lighttpd TLS documentation), this error probably would not occur.