Install Ssl On Lighttpd Server

5 days ago
Admin
2 minutes

Solution

To install the SSL certificate on Lighttpd server, perform the following steps:

Step 1: Download the Intermediate CA and the SSL Certificate Files to the Server.

  1. Download the RapidSSL Intermediate CA certificate.
    Copy the Intermediate CA certificate and paste it into a plain text editor e.g Notepad or VI. Save it as intermediate.crt.
  2. Download the X.509 RapidSSL Certificate and save file as ssl.crt. To obtain the certificate:
    Method 1: Copy the X.509 Certificate format sent by RapidSSL in the email or;
    Method 2: Download the RapidSSL Certificate from your User Portal or thru RapidSSL Security Center.

Example:

-----BEGIN CERTIFICATE-----

(Encoded Data)

-----END CERTIFICATE-----

Step 2: Prepare the SSL Certificate.

  1. Locate the ssl.crt file from step 1 and the *.key key file that was generated. Use the following commands to copy them to your web site ssl directory:

    # cp ssl.crt /etc/lighttpd/ssl/rapidssl.com
    # cp rapidssl.key /etc/lighttpd/ssl/rapidssl.com

  2. Create your final .pem file by concatenating the .key and .crt files and setup permission. Use the following commands to concatenate and setup the permissions:

    # cat rapidssl.key ssl.crt > rapidssl.pem
    # chmod 0600 rapidssl.pem
    # chown lighttpd:lighttpd /etc/lighttpd/ssl/rapidssl.com -R

Step 3:  Configure Lighttpd SSL support for your domain.

  1. Open the lighttpd configuration file using the following commands:

    # vi /etc/lighttpd/lighttpd.conf

  2. Add the following configuration section:

    $SERVER[“socket”] == “rapidssl.com:443” {
    ssl.engine = “enable”
    ssl.pemfile = “/etc/lighttpd/rapidssl.com/rapidssl.pem”
    ssl.ca-file = “/etc/lighttpd/rapidssl.com/intermediate.crt”
    server.name = “rapidssl.com”
    server.document-root = “/home/lighttpd/rapidssl.com/https”
    server.errorlog = “/var/log/lighttpd/rapidssl.com/serror.log”
    accesslog.filename = “/var/log/lighttpd/rapidssl.com/saccess.log”
    }

    where

    ssl.engine = “enable” : Enable lighttpd SSL support
    ssl.pemfile = “/etc/lighttpd/rapidssl.com/rapidssl.pem” – Your PEM file
    ssl.ca-file = “/etc/lighttpd/rapidssl.com/intermediate.crt” – Your intermediate certificate file saved from Step 1.2

  3. Save and close the file. Restart Lighttpd server with the following commands:

    # /etc/init.d/lighttpd restart

    NOTE: You will be prompted for your SSL private key password.