Setting up a simple SSL configuration

Setting up a simple SSL configuration with Lighttpd is quite easy. Though this method should be used with care because this setup will only provide proper encryption, not authentication! The user will be presented with a query whether to accept the certificate or not!

First, go into your SSL Certificates directory and do:

cd /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chmod 400 lighttpd.pem

The previous instuctions were saying the file should be owned by www-data (depending on the OS)
but this is a really bad idea (in case the server gets compromised etc.). As lighttpd starts
with root-privileges and drops his rights, you can safely set the owner of the certificate
to root and chmod 400 it.

Then edit /etc/lighttpd/lighttpd.conf and add:

$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" 
}

After restarting the webserver

/etc/init.d/lighttpd restart; # old versions
services lighttpd restart; # new versions

you should be able to access your webserver through https.

Because without ssl.ca-file configured, firefox will not accept this certificate, even if it’s valid certificate.

See Also

========

creditz: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL

worked for me:

Linux debian7 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux
lighttpd/1.4.31

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!
admin