Lighty and SSL
2007-07-10
For my future reference, here's what I did to get SSL working with lighttpd. (With help from Eddy Nigg and this forum post.)
- Obtained a cert from StartCom
- Renamed the files to stpeter.im.key, stpeter.im.csr, and stpeter.im.crt
- Copied the files to /etc/lighttpd/ssl/ on the VPS
- openssl rsa -in stpeter.im.key -out stpeter.key
- wget http://cert.startcom.org/ca.crt
- wget http://cert.startcom.org/sub.class3.server.ca.crt (get the right ICA cert for your domain cert -- mine is a Class 3 cert so I got sub.class3.server.ca.crt)
- cat ca.crt sub.class3.server.ca.crt > startcom.certs.crt
- cp stpeter.im.crt stpeter.crt
- cat stpeter.key > stpeter.crt
Then I edited my .conf to include the following lines:
$SERVER["socket"] == "207.210.219.225:443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/ssl/startcom.certs.crt"
ssl.pemfile = "/etc/lighttpd/ssl/stpeter.crt"
server.name = "stpeter.im"
server.document-root = "/home/stpeter/public_html/stpeter.im/"
}
Seems to be working OK. :)
Peter Saint-Andre > Journal