Create SSL certs and enable https with Lighttpd

Posted in Linux , howto , security
2 comments

Setup a place to call home for your certificate

# mkdir -p /etc/lighttpd/ssl
# cd /etc/lighttpd/ssl

Here’s where the magic happens… If you want a trusted CA on the internet, you’ll just want to create a certificate signing request, but a self-signed cert will do just fine. I made it good for ~10 years, but standard is probably just 365 days.

# openssl req -new -x509 -keyout server.pem -out server.pem -days 3650 -nodes

Protect your ssl cert and directory.

# chown -R lighttpd:lighttpd /etc/lighttpd/ssl
# chmod 0600 /etc/lighttpd/ssl

Now edit the lighttpd.conf configuration file to enable ssl. Use the public facing interface’s IP address instead of mine, unless yours happens to be 192.168.1.2 too!

$SERVER["socket"] == “192.168.1.2:443″ {
server.document-root = “/var/www/lighttpd”
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/server.pem”

Restart the server and you should be able to connect via http:// or https://

# /etc/init.d/lighttpd restart

And nmap or netstat will let you know it’s listening on port 443

# nmap -sS -T5 192.168.1.2 | grep 443
# netstat -lpn | grep 443

Posted by admica   @   5 March 2009
2 comments

Related Posts

Post thumbnail of Redirect http to SSL encrypted https for specific domains in lighttpd
Redirect http to SSL encrypted https for specific domains in lighttpd
Post thumbnail of Use openssl to see if TLS/SSL is working between Linux and Active Directory
Use openssl to see if TLS/SSL is working between Linux and Active Directory
Post thumbnail of LDAP + Lighttpd :: Easy setup
LDAP + Lighttpd :: Easy setup
Post thumbnail of Download and build proxytunnel in Fedora
Download and build proxytunnel in Fedora
Post thumbnail of Redirect URLs in Lighttpd
Redirect URLs in Lighttpd
Post thumbnail of Fixing slow or broken NFS mounting issues
Fixing slow or broken NFS mounting issues
Post thumbnail of Wordpress Automatic Updates broken, asks for Connection Information - fixed!
Wordpress Automatic Updates broken, asks for Connection Information - fixed!
Post thumbnail of How to setup lighttpd.conf to rewrite wordpress urls the right way
How to setup lighttpd.conf to rewrite wordpress urls the right way
Post thumbnail of Install phpMyFAQ from scratch
Install phpMyFAQ from scratch

2 Comments
Add Comment

Comments
Mar 6, 2009
10:25 pm
#1 timcan :

You can also create requests for official certs with “openssl req -new -nodes -keyout server.key -out server.csr” where server is the name of your server.

Mar 6, 2009
11:10 pm
#2 admica :

Yep… If you’re serving the public or even a company intranet, you probably want to go that route. If you have a trusted CA onsite, I would just use that and save the money (for an intranet server). Because all you’re really after is the browser trust right? It is annoying and misleading when you open a site and get a security warning about an invalid certificate when you use self signed certs.

Leave a Comment

Name

Email

Website

Previous Post
« LDAP + Lighttpd :: Easy setup Next Post
Redirect http to SSL encrypted https for specific domains in lighttpd »
Login



Support Us!
Recent Comments
Powered by Wordpress   |   Lunated designed by ZenVerse