How do I create a self signed SSL certificate for lighttpd (lighty)?

this is just a rough guide, but should work out fine:

  • cd ˜
  • openssl genrsa -des3 -out server.key 1024
  • openssl req -new -key server.key -out server.csr
  • cp server.key server.key.org
  • openssl rsa -in server.key.org -out server.key
  • openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • cp server.crt www.gosi.at.crt
  • cp server.key www.gosi.at.key
  • mkdir /etc/lighttpd/cert/
  • cat www.gosi.at.key www.gosi.at.crt > /etc/lighttpd/cert/www.gosi.at.pem

now alter your lighttpd config accordingly and have fun:

$SERVER["socket"] == "IPADDRESS:443" {
ssl.engine                  = "enable"
ssl.pemfile                 = "/etc/lighttpd/cert/www.gosi.at.pem"
server.name                 = "www.gosi.at"          
server.document-root        = "/var/www/gosi.at/public_html/"
}

 
If you ever are in need of installing a paid certificate you might need a intermediate certificate, you can handle that this way:

 

$SERVER["socket"] == "IPADDRESS:443" {
ssl.engine                  = "enable"   
ssl.ca-file                 = "/etc/lighttpd/cert/thawte.pem"
ssl.pemfile                 = "/etc/lighttpd/cert/www.gosi.at.pem"
server.name                 = "www.gosi.at"
server.document-root        = "/var/www/gosi.at/public_html/"
}
 

You cannot comment on this entry