SW Designs

Technology and Photography

Creating Self Signed SSL Certificates for Lighttpd

It’s common practice to use self signed certs in development environments. Here’s how to do it for Lighttpd.

First we generate a certificate using openssl,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$ openssl req -new -x509 -keyout ~/cert.pem -out ~/cert.pem -days 365 -nodes
Generating a 1024 bit RSA private key
....++++++
...................................................................................................++++++
writing new private key to '/root/cert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SW Designs
Organizational Unit Name (eg, section) []:SW Designs
Common Name (eg, YOUR name) []:*.sw-designs.co.uk
Email Address []:

Move the cert to its new location,

1
2
3
4
$ sudo mkdir /etc/lighttpd/private
$ sudo mv ~/cert.pem /etc/lighttpd/private
$ sudo chown -r root:root /etc/lighttpd/private/
$ sudo chmod -r 0600 /etc/lighttpd/private/

Finally load the cert in the Lighttpd config,

1
2
3
ssl.engine  = "enable"
ssl.pemfile = "/etc/lighttpd/private/cert.pem"
ssl.use-sslv2 = "disable"

Comments