Lighty and SSL

by Peter Saint-Andre

2007-07-10

For my future reference, here's what I did to get SSL working with lighttpd. (With help from Eddy Nigg and this forum post.)

  1. Obtained a cert from StartCom
  2. Renamed the files to stpeter.im.key, stpeter.im.csr, and stpeter.im.crt
  3. Copied the files to /etc/lighttpd/ssl/ on the VPS
  4. openssl rsa -in stpeter.im.key -out stpeter.key
  5. wget http://cert.startcom.org/ca.crt
  6. wget http://cert.startcom.org/sub.class3.server.ca.crt (get the right ICA cert for your domain cert -- mine is a Class 3 cert so I got sub.class3.server.ca.crt)
  7. cat ca.crt sub.class3.server.ca.crt > startcom.certs.crt
  8. cp stpeter.im.crt stpeter.crt
  9. cat stpeter.key > stpeter.crt

Then I edited my .conf to include the following lines:

$SERVER["socket"] == "207.210.219.225:443" {
    ssl.engine = "enable"
    ssl.ca-file = "/etc/lighttpd/ssl/startcom.certs.crt"
    ssl.pemfile = "/etc/lighttpd/ssl/stpeter.crt"
    server.name = "stpeter.im"
    server.document-root = "/home/stpeter/public_html/stpeter.im/"
}

Seems to be working OK. :)


Peter Saint-Andre > Journal