Project

General

Profile

Actions

HowToSimpleSSL » History » Revision 12

« Previous | Revision 12/40 (diff) | Next »
syso, 2009-03-11 05:31
Setting the certificates and key files owner to www-data is a really bad idea. Lighttpd starts with root privileges and drops them, so owner can be root.


Setting up a simple SSL configuration

Setting up a simple SSL configuration with Lighttpd is quite easy. Though this method should be used with care because this setup will only provide proper encryption, not authentication! The user will be presented with a query whether to accept the certificate or not!

First, go into the SSL Certs directory and do:


cd /etc/ssl/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chmod 400 lighttpd.pem

Please mind the fact that not every operating system uses www-data to runs it's webserver (lighttpd), so this may vary.

Then edit /etc/lighttpd/lighttpd.conf and add:


$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/ssl/certs/lighttpd.pem" 
}

After restarting the webserver, you should be able to access your webserver through https.

Because without ssl.ca-file configured, firefox will not accept this certificate, even if it's valid certificate.

See Also

========

Updated by syso over 15 years ago · 12 revisions