SSL how to: install ssl on Lighttpd

Following describes how to get StartSSL certificates working with lighttpd. First of all read how to get free ssl certificate from StartSSL and actually create certificates or you can read to create self-signed certificate and use self-signed certificates and use them here changed the steps accordignly.

Than lets create all required by lighttpd files using certificates that we have already created.

$ cat www_certificate.pem www_privatekey.pem > /etc/ssl/private/lighttpd.pem
$ chown root:www-data /etc/ssl/private/lighttpd.pem
$ chmod 640 /etc/ssl/private/lighttpd.pem
$ wget http://www.startssl.com/certs/ca.pem -O ca.pem
$ wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O 
$ sub.class1.server.ca.pem
$ cat ca.pem sub.class1.server.ca.pem > /etc/ssl/certs/lighttpd.pem
$ chown root:root /etc/ssl/certs/lighttpd.pem
$ chmod 644 /etc/ssl/certs/lighttpd.pem

The SSL portion of the lighttpd config should look something like this.

$SERVER["socket"] == "0.0.0.0:443" {
                  ssl.engine                  = "enable"
                  ssl.ca-file                 = "/etc/ssl/certs/lighttpd.pem"
                  ssl.pemfile                 = "/etc/ssl/private/lighttpd.pem"
 }

Test https

$ wget http://www.startssl.com/certs/ca.pem -O /tmp/ca.pem
$ openssl s_client -CAfile /tmp/ca.pem -connect www.yoursite.com:443

If you are using self-signed certificat you should not define ssl.ca-file option in your lighttpd.conf file.

Posted by:
Enjoyed this post? Share and Leave a comment below, thanks! :)