Project

General

Profile

HowToSimpleSSL » History » Revision 13

Revision 12 (syso, 2009-03-11 05:31) → Revision 13/40 (syso, 2009-03-11 05:34)

h2. Setting up a simple SSL configuration 


 Setting up a simple SSL configuration with Lighttpd is quite easy. Though this method should be used with care because this setup will only provide proper encryption, not authentication! The user will be presented with a query whether to accept the certificate or not! 

 First, go into the SSL Certs directory and do: 

 <pre> 
 

 cd /etc/ssl/certs 
 openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes 
 chmod 400 lighttpd.pem 
 </pre> 

 The previous instuctions were saying Please mind the file should be owned by fact that not every operating system uses www-data (depending on the OS) 
 but to runs it's webserver (lighttpd), so this is a really bad idea (in case the server gets compromised etc.). As lighttpd starts 
 with root-privileges and drops his rights, you can safely set the owner of the certificate 
 to root and chmod 400 (-r--------) it. may vary. 

 Then edit /etc/lighttpd/lighttpd.conf and add: 

 <pre> 

 $SERVER["socket"] == ":443" { 
   ssl.engine = "enable" 
   ssl.pemfile = "/etc/ssl/certs/lighttpd.pem" 
 } 
 </pre> 


 After restarting the webserver, you should be able to access your webserver through https. 

 Because without ssl.ca-file configured, firefox will not accept this certificate, even if it's valid certificate. 

 See Also 

 ======== 

 * [[lighttpd:Docs:SSL|Secure HTTP]]