|
This setup only provides encryption, not authentication!
Note: Everything must be run as root.
Verify support of lighttpd:
# lighttpd -v
lighttpd-1.4.22 (ssl) - a light and fast webserver
Build-Date: Mar 19 2009 03:37:44
If it doesn't support ssl, then follow this guide here.
Create certs directory:
# mkdir /etc/lighttpd/ssl
Generate self-signed SSL certificate:
# cd /etc/lighttpd/ssl
# openssl req -new -x509 -keyout www.example.org.pem -out www.example.org.pem -days 365 -nodes
Generating a 1024 bit RSA private key
.................................................++++++
.++++++
writing new private key to 'goldmine.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
# chmod 400 lighttpd.pem
Enable SSL engine:
# vi /etc/lighhtpd/lighttpd.conf
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/www.example.org.pem"
}
Restart lighttpd:
# service lighttpd restart
Old version bug:
(network.c.336) SSL: error:00000000:lib(0):func(0):reason(0)
Fix:
ssl.use-sslv2 = "enable"
So it would look like this:
$SERVER["socket"] == ":443" {
ssl.use-sslv2 = "enable"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/www.example.org.pem"
}
Reference:
Lighttpd Secure HTTP
|
