SSL - Self-signed Setup & Certificate authority

Création PKI & mise en place

//source : //

Conversion .key + .crt vers *.pem

cat .key .crt > *.pem

source :

StartCom tutorial

First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!

Setting up Lighttpd can be more extensive than this, but here some basic instructions:

wget http://lighttpd.net/download/lighttpd-1.4.9.tar.gz tar xzf lighttpd-1.4.9.tar.gz cd lighttpd-1.4.9/ ./configure --with-openssl make make install

All operations should be performed as user root.

Make sure you have SSL built into Lighttpd: lighttpd -v lighttpd-1.4.6 (ssl) - a light and fast webserver Build-Date: Dec 5 2005 22:11:14

Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.

Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server. Save also the sub.class1.server.ca.pem (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.

Now decrypt the private key you received: openssl rsa -in ssl.key -out ssl.key

Add the key to your certificate: cat ssl.key >> ssl.crt

Create a unified CA chain certificate: cat sub.class1.server.ca.pem ca.pem >> ca-certs.crt

Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:



   server.document-root             = "/www/html/site" 
   server.name = "yourdomain.com" 
   server.errorlog            = "/www/logs/yourdomain_error.log" 
   accesslog.filename          = "/www/logs/yourdomain_access.log" 
        ## SSL related stuff below 
   ssl.engine                  = "enable" 
   ssl.ca-file = "/etc/lighttpd/ca-certs.crt" 
   ssl.pemfile                 = "/etc/lighttpd/ssl.crt" 

} ```  Now you should be ready to start/restart your SSL
enabled Lighttpd server.

  //source :