SSL - Self-signed Setup & Certificate authority

Création PKI & mise en place

//source : //

Conversion .key + .crt vers *.pem

cat .key .crt > *.pem

source :

StartCom tutorial

First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!

Setting up Lighttpd can be more extensive than this, but here some basic instructions:

wget tar xzf lighttpd-1.4.9.tar.gz cd lighttpd-1.4.9/ ./configure --with-openssl make make install

All operations should be performed as user root.

Make sure you have SSL built into Lighttpd: lighttpd -v lighttpd-1.4.6 (ssl) - a light and fast webserver Build-Date: Dec 5 2005 22:11:14

Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.

Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server. Save also the (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.

Now decrypt the private key you received: openssl rsa -in ssl.key -out ssl.key

Add the key to your certificate: cat ssl.key >> ssl.crt

Create a unified CA chain certificate: cat ca.pem >> ca-certs.crt

Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:

   server.document-root             = "/www/html/site" = "" 
   server.errorlog            = "/www/logs/yourdomain_error.log" 
   accesslog.filename          = "/www/logs/yourdomain_access.log" 
        ## SSL related stuff below 
   ssl.engine                  = "enable" = "/etc/lighttpd/ca-certs.crt" 
   ssl.pemfile                 = "/etc/lighttpd/ssl.crt" 

} ```  Now you should be ready to start/restart your SSL
enabled Lighttpd server.

  //source :