SSL how to: install ssl on Lighttpd

Following describes how to get StartSSL certificates working with lighttpd. First of all read how to get free ssl certificate from StartSSL and actually create certificates or you can read to create self-signed certificate and use self-signed certificates and use them here changed the steps accordignly.

Than lets create all required by lighttpd files using certificates that we have already created.

$ cat www_certificate.pem www_privatekey.pem > /etc/ssl/private/lighttpd.pem
$ chown root:www-data /etc/ssl/private/lighttpd.pem
$ chmod 640 /etc/ssl/private/lighttpd.pem
$ wget -O ca.pem
$ wget -O 
$ cat ca.pem > /etc/ssl/certs/lighttpd.pem
$ chown root:root /etc/ssl/certs/lighttpd.pem
$ chmod 644 /etc/ssl/certs/lighttpd.pem

The SSL portion of the lighttpd config should look something like this.

$SERVER["socket"] == "" {
                  ssl.engine                  = "enable"
                         = "/etc/ssl/certs/lighttpd.pem"
                  ssl.pemfile                 = "/etc/ssl/private/lighttpd.pem"

Test https

$ wget -O /tmp/ca.pem
$ openssl s_client -CAfile /tmp/ca.pem -connect

If you are using self-signed certificat you should not define option in your lighttpd.conf file.

Posted by:
Enjoyed this post? Share and Leave a comment below, thanks! :)