1=========== 2Secure HTTP 3=========== 4 5------------ 6Module: core 7------------ 8 9:Author: Jan Kneschke 10:Date: $Date: 2004/08/29 09:44:53 $ 11:Revision: $Revision: 1.2 $ 12 13:abstract: 14 How to set up SSL in lighttpd 15 16.. meta:: 17 :keywords: lighttpd, ssl 18 19.. contents:: Table of Contents 20 21Description 22=========== 23 24lighttpd supports TLS with mod_openssl. 25 26The latest lighttpd SSL/TLS doc can be found at: 27https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL 28 29Configuration 30------------- 31 32To enable SSL for the whole server you have to provide a valid 33certificate and have to enable the SSL engine.:: 34 35 ssl.engine = "enable" 36 ssl.pemfile = "/path/to/server.pem" 37 38To enable SSL for a specific port, put the directives within a 39$SERVER["socket"] condition: :: 40 41 $SERVER["socket"] == "*:443" { 42 ssl.engine = "enable" 43 ssl.pemfile = "www.example.org.pem" 44 server.name = "www.example.org" 45 46 server.document-root = "/www/servers/www.example.org/pages/" 47 } 48 49If you have a .crt and a .key file, cat them together into a 50single PEM file: :: 51 52 $ cat host.key host.crt > host.pem 53 54or provide both ssl.pemfile and ssl.privkey directives: :: 55 56 ssl.pemfile = "host.crt" 57 ssl.privkey = "host.key" 58 59Self-Signed Certificates 60------------------------ 61 62A self-signed SSL certificate can be generated like this: :: 63 64 $ openssl req -new -x509 \ 65 -keyout server.pem -out server.pem \ 66 -days 365 -nodes 67 68