1=========== 2Secure HTTP 3=========== 4 5------------ 6Module: core 7------------ 8 9:Author: Jan Kneschke 10:Date: $Date: 2004/08/29 09:44:53 $ 11:Revision: $Revision: 1.2 $ 12 13:abstract: 14 How to set up SSL in lighttpd 15 16.. meta:: 17 :keywords: lighttpd, ssl 18 19.. contents:: Table of Contents 20 21Description 22=========== 23 24lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. 25 26Configuration 27------------- 28 29To enable SSL for the whole server you have to provide a valid 30certificate and have to enable the SSL engine.:: 31 32 ssl.engine = "enable" 33 ssl.pemfile = "/path/to/server.pem" 34 35The HTTPS protocol does not allow you to use name-based virtual 36hosting with SSL. If you want to run multiple SSL servers with 37one lighttpd instance you must use IP-based virtual hosting: :: 38 39 $SERVER["socket"] == "10.0.0.1:443" { 40 ssl.engine = "enable" 41 ssl.pemfile = "www.example.org.pem" 42 server.name = "www.example.org" 43 44 server.document-root = "/www/servers/www.example.org/pages/" 45 } 46 47If you have a .crt and a .key file, cat them together into a 48single PEM file: 49:: 50 51 $ cat host.key host.crt > host.pem 52 53 54Self-Signed Certificates 55------------------------ 56 57A self-signed SSL certificate can be generated like this: :: 58 59 $ openssl req -new -x509 \ 60 -keyout server.pem -out server.pem \ 61 -days 365 -nodes 62 63