Using a self-signed certificate with Lighttpd

To increase security a bit on my blog when using public networks such as those at libraries, I decided to create a self-signed certificate for the administration part of my wordpress installation, and I figured that I might as well write down the procedure here.

Of course all of is secured by SSL, not only the administration part, but since I'm using a self-signer certificate, most (if not all) modern browsers will warn the user that the certificate is not signed by a third-party, such as thawte.

Please note that this describes how to use a self-signed certificate on Debian Lenny, if you use a different distribution, you might have to change stuff. ;-)

Creating your certificate

sudo -s
mkdir /etc/lighttpd/certificates
cd /etc/lighttpd/certificates/
openssl req -new -x509 -keyout -out -days 365 -nodes
chown www-data:www-data /etc/lighttpd/certificates/ -R
chmod 600 /etc/lighttpd/certificates/

Setting up lighttpd

Add this to /etc/lighttpd/lighttpd.conf:

$SERVER["socket"] == "" {
  server.document-root = "/var/www/"
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certificates/"

Now you just need to restart lighttpd:

/etc/init.d/lighttpd restart

That's it. Now, go see if you can reach the https version of! :-)

Written by Jannich Brendle man 07 juni 2010 In How to

tags: lighttpdsecurity

Related posts