Using a self-signed certificate with Lighttpd

To increase security a bit on my blog when using public networks such as those at libraries, I decided to create a self-signed certificate for the administration part of my wordpress installation, and I figured that I might as well write down the procedure here.

Of course all of bredsaal.dk is secured by SSL, not only the administration part, but since I'm using a self-signer certificate, most (if not all) modern browsers will warn the user that the certificate is not signed by a third-party, such as thawte.

Please note that this describes how to use a self-signed certificate on Debian Lenny, if you use a different distribution, you might have to change stuff. ;-)

Creating your certificate

sudo -s
mkdir /etc/lighttpd/certificates
cd /etc/lighttpd/certificates/
openssl req -new -x509 -keyout bredsaal.dk.pem -out bredsaal.dk.pem -days 365 -nodes
chown www-data:www-data /etc/lighttpd/certificates/ -R
chmod 600 /etc/lighttpd/certificates/

Setting up lighttpd

Add this to /etc/lighttpd/lighttpd.conf:

$SERVER["socket"] == "bredsaal.dk:443" {
  server.document-root = "/var/www/bredsaal.dk/"
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/certificates/bredsaal.dk.pem"
}

Now you just need to restart lighttpd:

/etc/init.d/lighttpd restart

That's it. Now, go see if you can reach the https version of bredsaal.dk! :-)


Written by Jannich Brendle man 07 juni 2010 In How to

tags: lighttpdsecurity

Related posts

social