Outils pour utilisateurs

Outils du site


SSL - Self-signed Setup & Certificate authority

Création PKI & mise en place

Conversion *.key + *.crt vers *.pem

StartCom tutorial

First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!

Setting up Lighttpd can be more extensive than this, but here some basic instructions:

wget http://lighttpd.net/download/lighttpd-1.4.9.tar.gz
tar xzf lighttpd-1.4.9.tar.gz
cd lighttpd-1.4.9/
./configure --with-openssl
make install

All operations should be performed as user root.

Make sure you have SSL built into Lighttpd:

lighttpd -v   
lighttpd-1.4.6 (ssl) - a light and fast webserver
Build-Date: Dec  5 2005 22:11:14

Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.

Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server. Save also the sub.class1.server.ca.pem (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.

Now decrypt the private key you received:

openssl rsa -in ssl.key -out ssl.key

Add the key to your certificate:

cat ssl.key >> ssl.crt

Create a unified CA chain certificate:

cat sub.class1.server.ca.pem ca.pem >> ca-certs.crt

Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:

$SERVER["socket"] == "YOURIPADDRESS:443" {
   server.document-root             = "/www/html/site"
   server.name = "yourdomain.com"
   server.errorlog            = "/www/logs/yourdomain_error.log"
   accesslog.filename          = "/www/logs/yourdomain_access.log"
        # SSL related stuff below
   ssl.engine                  = "enable"
   ssl.ca-file = "/etc/lighttpd/ca-certs.crt"
   ssl.pemfile                 = "/etc/lighttpd/ssl.crt"
Now you should be ready to start/restart your SSL enabled Lighttpd server.

source : https://forum.startcom.org/viewtopic.php?t=719