Knowledgebase
Lighttpd Print this Article
OpenSSL is required for installation.
1. Save your issued SSL certificate as domain_name.crt in simple text editor.
2. Move it to /etc/lighttpd/ssl/ server directory.
3. Do the same with your private key and save it as domain_name.key
4. Join the certificate with your key into one file domain_name.pem:
# cat domain_name.key domain_name.crt > domain_name.pem
5. Add 4 following lines into a conf file (usually /etc/lighttpd/lighttpd.conf):
1.2.3.4:443 - it is an IP address and SSL port,
ssl.engine - it is activation of SSL function,
ssl.pemfile - it is file with certificate and key,
ssl.ca-file - intermediate(s) certificate(s) of your CA.
$SERVER["socket"] == "1.2.3.4:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain_name.pem"
ssl.ca-file = "/etc/lighttpd/ssl/ca.crt"
}
6. Set the permission to the file:
# chown root:root /etc/lighttpd/ssl/domain_name.pem
# chmod 400 /etc/lighttpd/ssl/domain_name.pem
7. Restart your server. Certificate is ready to use.
In case of multi-domains security, you can protect it in 2 ways:
a) use individual IP address for every domain name - it changes with PEM file as the example:
$SERVER["socket"] == "IP1:443" {
ssl.pemfile = "/etc/lighttpd/ssl/www.domain_name1.pem"
}
$SERVER["socket"] == "IP2:443" {
ssl.pemfile = "/etc/lighttpd/ssl/domain_name2.pem"
}
etc.
b) install UC, SAN or Wildcard certificate.
1. Save your issued SSL certificate as domain_name.crt in simple text editor.
2. Move it to /etc/lighttpd/ssl/ server directory.
3. Do the same with your private key and save it as domain_name.key
4. Join the certificate with your key into one file domain_name.pem:
# cat domain_name.key domain_name.crt > domain_name.pem
5. Add 4 following lines into a conf file (usually /etc/lighttpd/lighttpd.conf):
1.2.3.4:443 - it is an IP address and SSL port,
ssl.engine - it is activation of SSL function,
ssl.pemfile - it is file with certificate and key,
ssl.ca-file - intermediate(s) certificate(s) of your CA.
$SERVER["socket"] == "1.2.3.4:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/domain_name.pem"
ssl.ca-file = "/etc/lighttpd/ssl/ca.crt"
}
6. Set the permission to the file:
# chown root:root /etc/lighttpd/ssl/domain_name.pem
# chmod 400 /etc/lighttpd/ssl/domain_name.pem
7. Restart your server. Certificate is ready to use.
In case of multi-domains security, you can protect it in 2 ways:
a) use individual IP address for every domain name - it changes with PEM file as the example:
$SERVER["socket"] == "IP1:443" {
ssl.pemfile = "/etc/lighttpd/ssl/www.domain_name1.pem"
}
$SERVER["socket"] == "IP2:443" {
ssl.pemfile = "/etc/lighttpd/ssl/domain_name2.pem"
}
etc.
b) install UC, SAN or Wildcard certificate.
Was this answer helpful?
Related Articles
SSL Installations
SSL installation depends on the type of server you are securing. Please select below the server...
SSL installation depends on the type of server you are securing. Please select below the server...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Barracuda VPN server
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Cisco ACS Server
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...
