SSL - Self-signed Setup & Certificate authority
Création PKI & mise en place
//source : //
Conversion .key + .crt vers *.pem
cat .key .crt > *.pem
First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!
Setting up Lighttpd can be more extensive than this, but here some basic instructions:
wget http://lighttpd.net/download/lighttpd-1.4.9.tar.gz tar xzf lighttpd-1.4.9.tar.gz cd lighttpd-1.4.9/ ./configure --with-openssl make make install
All operations should be performed as user root.
Make sure you have SSL built into Lighttpd: lighttpd -v lighttpd-1.4.6 (ssl) - a light and fast webserver Build-Date: Dec 5 2005 22:11:14
Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.
Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server. Save also the sub.class1.server.ca.pem (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.
Now decrypt the private key you received: openssl rsa -in ssl.key -out ssl.key
Add the key to your certificate: cat ssl.key >> ssl.crt
Create a unified CA chain certificate: cat sub.class1.server.ca.pem ca.pem >> ca-certs.crt
Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:
server.document-root = "/www/html/site" server.name = "yourdomain.com" server.errorlog = "/www/logs/yourdomain_error.log" accesslog.filename = "/www/logs/yourdomain_access.log" ## SSL related stuff below ssl.engine = "enable" ssl.ca-file = "/etc/lighttpd/ca-certs.crt" ssl.pemfile = "/etc/lighttpd/ssl.crt" } ``` Now you should be ready to start/restart your SSL enabled Lighttpd server. //source :