• Home
• Blog
• Geek
• Stuff
• Software

• Jared Henley
• My blog

Self-signed certificate in lighttpd

Is this what you want to do? Understand the implications of self-signed certificates, and passwordless keys too probably.

Create the certificate

Create a key:

openssl genrsa -des3 -out testing.key 2048

This creates a key with a password. Lighttpd will ask you for the password when it starts - this is usually not what you want.

Create a key without a password:

openssl genrsa -des3 -out testing.key 2048

Create a certificate signing request:

openssl req -new -key testing.key -out testing.csr

Create a certificate:

openssl x509 -req -days 365 -in testing.csr -signkey testing.key -out testing.crt

Create a .pem file

cat testing.key testing.crt > certificate.pem

Set up lighttpd

Copy the .pem and .crt files over to /etc/lighttpd/.

These are the essential directives - implement them as you wish.

$SERVER["socket"] == ":443" {
   ssl.engine = "enable"
   ssl.pemfile = "/etc/lighttpd/certificate.pem"
   ssl.ca-file = "/etc/lighttpd/testing.crt"
   server.name = "something"
}

Posted Thursday, August 26, 2021

Blog contents

This website is Copyright © 2005-2020 Jared Henley

Built with 0cms.

All content is licenced CC-BY-ND unless otherwise noted. Code is licenced under GPLv3. Credits

Last built: Tuesday, December 20, 2022 at 13:18:31

Last modified: Thursday, August 26, 2021 at 20:09:48