How to Configure SSL in Lighttpd?

Posted on April 4th, 2018

How to Configure SSL in Lighttpd?

SSL provides secure data communication by encrypting data between server and client. All the sites running with SSL are used https protocol on default port 443. We can configure SSL in Lighttpd server like apache server.

 

Create Certificate Signing Request (CSR)

For create SSL certificate, the first requirement is to create private key and CSR. CSR is the file that has all details about domain including and public key.

1) Create a directory to create CSR and public key.

# mkdir /etc/lighttpd/ssl/

# cd /etc/lighttpd/ssl/

 

2) We can create CSR and key file by running the following command.

# openssl req -new -newkey rsa:2048 -nodes -keyout abc.com.key -out abc.com.csr

 

This command will ask to enter the details.

Generating a 2048 bit RSA private key

….+++

……………+++

writing new private key to ‘abc.com.key’

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields, there will be a default value,

If you enter ‘.’, the field will be left blank.

–

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:abc

Locality Name (eg, city) [Default City]:USA

Organization Name (eg, company) [Default Company Ltd]:interserver.com.

Organizational Unit Name (eg, section) []:web

Common Name (eg, your name or your server’s hostname) []:abc.com

Email Address []:[email protected]

 

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []: [Leave Blank]

An optional company name []: [Leave Blank]

 

Request Certificate from CA

After creating CSR, request an SSL certificate from any certificate providers or create a self-signed certificate for internal use.

# openssl x509 -req -days 365 -in abc.com.csr -signkey abc.com.key -out abc.com.crt

 

We will get created certificate file in directory abc.com.crt. Create pem file by combining key file and certificate file.

# cat abc.com.key abc.com.crt > abc.com.pem

 

Setup virtual Host with SSL

To set up Virtual Host with SSL, edit lighttpd config file /etc/lighttpd/lighttpd.conf with the following values.

 

$SERVER[“socket”] == “:443” {

ssl.engine = “enable”

ssl.pemfile = “/etc/lighttpd/ssl/interserver.com.pem”

# ssl.ca-file = “/etc/lighttpd/ssl/CA_issuing.crt”

server.name = “site1.interserver.net”

server.document-root = “/sites/vhosts/site1.interserver.net/public”

server.errorlog = “/var/log/lighttpd/site1.interserver.net.error.log”

accesslog.filename = “/var/log/lighttpd/site1.interserver.net.access.log”

}

 

Verify Configuration

To verify the syntax of configuration, use the following command.

# lighttpd -t -f /etc/lighttpd/lighttpd.conf

Syntax OK

 

Restart Lighttpd

If all the syntax is ok, then restart the Service

# service lighttpd restart

 

If you need any further help please do reach our support department.