Lighty and SSL

by Peter Saint-Andre

2007-07-10

For my future reference, here's what I did to get SSL working with lighttpd. (With help from Eddy Nigg and this forum post.)

1. Obtained a cert from StartCom
2. Renamed the files to stpeter.im.key, stpeter.im.csr, and stpeter.im.crt
3. Copied the files to /etc/lighttpd/ssl/ on the VPS
4. openssl rsa -in stpeter.im.key -out stpeter.key
5. wget http://cert.startcom.org/ca.crt
6. wget http://cert.startcom.org/sub.class3.server.ca.crt (get the right ICA cert for your domain cert -- mine is a Class 3 cert so I got sub.class3.server.ca.crt)
7. cat ca.crt sub.class3.server.ca.crt > startcom.certs.crt
8. cp stpeter.im.crt stpeter.crt
9. cat stpeter.key > stpeter.crt

Then I edited my .conf to include the following lines:

$SERVER["socket"] == "207.210.219.225:443" {
    ssl.engine = "enable"
    ssl.ca-file = "/etc/lighttpd/ssl/startcom.certs.crt"
    ssl.pemfile = "/etc/lighttpd/ssl/stpeter.crt"
    server.name = "stpeter.im"
    server.document-root = "/home/stpeter/public_html/stpeter.im/"
}

Seems to be working OK. :)

Peter Saint-Andre > Journal