Posts tagged ssl

How to setup lighttpd with a self signed ssl cert on debian with multiple host’s using name based virtual hosting.

Jan 27th

Posted by daniel in Blah

2 comments

Now first off let me say I take no responsibility if this works for you or not.

Also please note that this will only use the one self signed cert we’re going to make across all hosts, which is still encryption, just looks funny if your hosting for more then one business, being all the site’s I have on my server are my own, I don’t really care I just wanted some ssl encryption on my logins to my blogs and pages where I don’t want to send data in the clear. So going to https://stinebaugh.info will give you the same cert as going to http://twig.gs will, but they are still secure.

First off let’s create our self signed certificate. Yes this will throw your browsers into a panic but if you save your exception to the warning permanently (which is fine) you’ll only see it once, plus it’s free ;)

[codesyntax lang="bash" bookmarkname="Generate a self signed pem file"]

sudo openssl req -new -x509 -keyout selfsigned.pem -out selfsigned.pem -days  3650 -nodes

[/codesyntax]

This will  then ask you a bunch of questions that you can fill out for yourself, the one that matters is the -> Common Name (eg, YOUR name) []: prompt which is asking for the exact domain name you plan on using (eg. stinebaugh.info) and will create a .pem file in whatever directory your in (so choose a non web accessible folder like /etc/lighttpd/ for it as this is a secret!) the expiration date of the cert file is noted in my example using 3650 which will generate a cert that’s good for 10 years! (hey it’s self signed, do I really want to do this every year?!) Feel free to change it as you see fit.

Now let’s lock that file down with some permissions.

[codesyntax lang="bash" bookmarkname="chpwn that pem file!"]

sudo chown www-data:www-data selfsigned.pem

sudo chmod 600 selfsigned.pem

[/codesyntax]

Now being debian is awesome as well as lighttpd, you can just enter in the command

[codesyntax lang="bash" bookmarkname="bash"]

 sudo lighty-enable-mod ssl

[/codesyntax]

and it will enable the ssl extention for lighttpd!

now let’s setup lighttpd’s ssl conf.

[codesyntax lang="bash" bookmarkname="edit lighttpd's 10-ssl.conf"]

cd /etc/lighttpd/conf-enabled/
sudo nano 10-ssl.conf

[/codesyntax]

and it should look something like this.

[codesyntax lang="bash" bookmarkname="10-ssl.conf lighttpd ssl setup"]

$SERVER["socket"] == “0.0.0.0:443″ {
ssl.engine                  = “enable”
ssl.pemfile                 = “/etc/lighttpd/selfsigned.pem”
server.document-root = “/var/domain/http” #or wherever you web directory is so it doesnt display just the lighttpd default
}

[/codesyntax]

now restart lighttpd

[codesyntax lang="bash" bookmarkname="restart lighttpd"]

sudo /etc/init.d/lighttpd force-reload

[/codesyntax]

your lighttpd server should now reboot without any errors you can check the syntax for errors if you want by entering in

[codesyntax lang="bash" bookmarkname="check lighttpd's configuration file for errors"]

sudo lighttpd -t -f /etc/lighttpd/lighttpd.conf

[/codesyntax]

now try your server by viewing a page using https such as https://stinebaugh.info and viola you should get that warning in your browser like I was saying and it shoud be just fine after you accept it!

Your Welcome!

, , , , ,