How to configure SSL in Lighttpd Server

All sites running with SSL use the https protocol on the default port 443. SSL provides secure data communication by encrypting data between the server and client.

In our previous article, we have introduced how to Install LightTPD and Create a virtual host## in CentOS/RHEL system #. This article will continue to introduce configuring SSL in the LightTPD server. For the examples in this article, we are using a self-signed certificate.

If you want to find configure ssl in apache/httpd, you may need to read

this article.

Step 1: Create a Certificate Signing Request (CSR)

For creating an SSL certificate, the first requirement is to create the private key and CSR. A CSR is a file that contains all the details about a domain, including the public key. First create a directory where you create the CSR and key.

# mkdir /etc/lighttpd/ssl/
# cd /etc/lighttpd/ssl/

Now create the CSR and key files using the following commands. Change the file names example.com.key and example.com.csr according to the domain. This command will ask for information about your domain. Learn more about creating a CSR.

# openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Generating a 2048 bit RSA private key
....+++
...............+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:Delhi
Organization Name (eg, company) [Default Company Ltd]:TecAdmin Inc.
Organizational Unit Name (eg, section) []:web
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:user@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Leave Blank]
An optional company name []: [Leave Blank]

Step 2: Request a certificate from the CA

After creating the CSR, request an SSL certificate from any certificate provider (such as geotrust, comodo, digicert or godaddy, etc.) .

Or create a self-signed certificate for internal use

# openssl x509 -req -days 365 -inexample.com.csr-signkeyexample.com.key-outexample.com.crt

will get the created certificate file in the current directory named example.com.crt. Now create the pem file by combining the key file and certificate in one file

# cat example.com.key  example.com.crt > example.com.pem

Step 3: Set up virtual host with SSL

Edit lighttpd configuration file /etc /lighttpd/lighttpd.conf and add the following values.

$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/ssl/tecadmin.net.pem"
      # ssl.ca-file = "/etc/lighttpd/ssl/CA_issuing.crt"
        server.name = "site1.tecadmin.net"
        server.document-root = "/sites/vhosts/site1.tecadmin.net/public"
        server.errorlog = "/var/log/lighttpd/site1.tecadmin.net.error.log"
        accesslog.filename = "/var/log/lighttpd/site1.tecadmin.net.access.log"
}

Step 4: Verify configuration and restart lighttpd

Before starting the lighttpd service, verify the syntax of the configuration file.

# lighttpd -t -f /etc/lighttpd/lighttpd.conf

Syntax OK

If all syntax is found to be normal, let's restart the service.

# service lighttpd restart

[Related recommendations:

Linux video tutorial]

The above is the detailed content of How to configure SSL in Lighttpd Server. For more information, please follow other related articles on the PHP Chinese website!