Join the revolution - StartCom Linux  
Join the revolution - StartCom Linux

Official StartCom Public User Forum

 FAQ FAQ   View the advanced search options Advanced search   Members Members   Groups Groups  Register Register 
 User Control Panel User Control Panel       Login Login 
 


Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: HOWTO: Certificate installation instructions for Lighttpd
PostPosted: Fri Feb 02, 2007 11:23 pm 
Offline
Site Admin

Joined: Mon Oct 04, 2004 2:06 am
Posts: 1733
Location: Israel
First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!

Setting up Lighttpd can be more extensive than this, but here some basic instructions:

Code:
wget http://lighttpd.net/download/lighttpd-1.4.9.tar.gz
tar xzf lighttpd-1.4.9.tar.gz
cd lighttpd-1.4.9/
./configure --with-openssl
make
make install


All operations should be performed as user root.

Make sure you have SSL built into Lighttpd:
Code:
lighttpd -v   
lighttpd-1.4.6 (ssl) - a light and fast webserver
Build-Date: Dec  5 2005 22:11:14


Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.

Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server.
Save also the sub.class1.server.ca.pem (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.

Now decrypt the private key you received:
Code:
openssl rsa -in ssl.key -out ssl.key


Add the key to your certificate:
Code:
cat ssl.key >> ssl.crt


Create a unified CA chain certificate:
Code:
cat sub.class1.server.ca.pem ca.pem >> ca-certs.crt


Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:
Code:
$SERVER["socket"] == "YOURIPADDRESS:443" {
   server.document-root             = "/www/html/site"
   server.name = "yourdomain.com"
   server.errorlog            = "/www/logs/yourdomain_error.log"
   accesslog.filename          = "/www/logs/yourdomain_access.log"
        # SSL related stuff below
   ssl.engine                  = "enable"
   ssl.ca-file = "/etc/lighttpd/ca-certs.crt"
   ssl.pemfile                 = "/etc/lighttpd/ssl.crt"
}


Now you should be ready to start/restart your SSL enabled Lighttpd server.

_________________
StartCom Ltd. at http://www.startcom.org
StartSSL™ at http://www.startssl.com


Last edited by startcom on Wed May 16, 2012 10:15 pm, edited 5 times in total.
Correcting CA certificates location


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Mon Jan 21, 2008 10:39 am 
Offline

Joined: Mon Jan 21, 2008 10:27 am
Posts: 1
Thanks for your guide.It's really useful.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Mon Mar 24, 2008 4:48 pm 
Offline

Joined: Mon Mar 24, 2008 4:26 pm
Posts: 1
Location: NL
Thanks very much for the howto!

For those using class2 certificates:


Code:
cat ca.pem sub.class2.server.ca.pem >> ca-certs.crt


  • If you have a class2 wildcard certificate (e.g. *.example.tld), you may leave the 'servername' out. This is what i use:

Code:
$SERVER["socket"] == "YOURIPADDRESS:443" {
   server.document-root = "/www/html/site"
   # SSL related stuff below
   ssl.engine = "enable"
   ssl.ca-file  = "/etc/lighttpd/ca-certs.crt"
   ssl.pemfile = "/etc/lighttpd/ssl.crt"
}


Last edited by startcom on Mon Nov 16, 2009 6:56 am, edited 1 time in total.
Correcting CA certificates location


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Mon Oct 06, 2008 11:42 pm 
Offline

Joined: Mon Oct 06, 2008 11:38 pm
Posts: 1
Location: FI
startcom wrote:
Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server.
Save also the Intermediate CA and StartCom Root CA to your server.

I had to use the Intermediate CA here: http://www.startssl.com/certs/sub.class1.server.ca.crt
Looking at the info this seems newer so please update the info in the original post if necessary.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Thu Oct 16, 2008 10:30 am 
Offline

Joined: Thu Oct 16, 2008 10:27 am
Posts: 1
Quote:
$SERVER["socket"] == "YOURIPADDRESS:443" {
server.document-root = "/www/html/site"
# SSL related stuff below
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/ca-certs.crt"
ssl.pemfile = "/etc/lighttpd/ssl.crt"
}


I found error in last ssl.pemfile = "/etc/lighttpd/ssl.crt" i don't now what error is please help me.

_________________
Big and tall Clothing


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Thu Oct 16, 2008 11:47 pm 
Offline

Joined: Mon Oct 04, 2004 11:41 am
Posts: 712
Location: Israel
Most likely this should be the combined private key and certificate file. Decrypt the private key and add the content of the certificate to the same file - here named ssl.crt.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Sat Oct 25, 2008 6:00 pm 
Offline

Joined: Sat Oct 25, 2008 5:54 pm
Posts: 1
Location: HU
Hi All!

I am new to this whole ssl business, and i am stuck. I followed the instructions for lighttpd, but now it gives me an error, when i try to start it:
2008-10-25 16:44:27: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D066:PEM routines:PEM_read_bio:bad end line /path/to/ssl.crt

What do i wrong? Is there anything i can try to fix this?

Thanks,
Roland


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Sat Oct 25, 2008 8:02 pm 
Offline

Joined: Mon Oct 04, 2004 11:41 am
Posts: 712
Location: Israel
Most likely you aren't using the corresponding private key. Either try to find the private key which matches your certificate or create a new certificate and new private key.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Fri Nov 07, 2008 7:32 pm 
Offline

Joined: Fri Nov 07, 2008 7:30 pm
Posts: 1
Hello,

is it also possible to have different certificates per domain on the same server?

- R.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Sat Nov 15, 2008 11:57 pm 
Offline

Joined: Sat Nov 15, 2008 11:42 pm
Posts: 1
Location: FR
gyroland wrote:
Hi All!

I am new to this whole ssl business, and i am stuck. I followed the instructions for lighttpd, but now it gives me an error, when i try to start it:
2008-10-25 16:44:27: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D066:PEM routines:PEM_read_bio:bad end line /path/to/ssl.crt

What do i wrong? Is there anything i can try to fix this?

Thanks,
Roland
I'm having the same problem here, Lighttpd Ver. 1.4.20(ssl) any ideas ?


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Sun Nov 16, 2008 1:07 am 
Offline

Joined: Mon Oct 04, 2004 11:41 am
Posts: 712
Location: Israel
I think the error is clearly stated. The private key doesn't match the certificate. Use the private key associated with this certificate. Make sure you don't mix up the files and decrypt the private key prior to using with the server.


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Tue Nov 25, 2008 1:43 pm 
Offline

Joined: Tue Nov 25, 2008 1:39 pm
Posts: 1
Hello when trying to use a certificate in lighty this error appears:
Starting lighttpd: 2008-11-25 12:29:36: (network.c.358) SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line /path/to/cert.ca

Any idea? :S I used this ca: https://www.startssl.com/certs/ca-bundle.crt

Thanks!


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Tue Nov 25, 2008 3:22 pm 
Offline

Joined: Mon Oct 04, 2004 11:41 am
Posts: 712
Location: Israel
It's described in the instructions above:

Create a unified CA chain certificate:

Code:
cat ca.pem sub.class1.server.ca.pem >> ca-certs.crt


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Sat May 30, 2009 7:56 am 
Offline

Joined: Sat May 30, 2009 7:52 am
Posts: 1
Hi,

I am new here and just watched these guide lines. Thanks for your guide. It's really useful.

_________________
blank t-shirts

Wholesale Clothing


Top
 Profile E-mail  
 
 Post subject: Re: Howto: Certificate installation instructions for Lighttpd
PostPosted: Fri Aug 07, 2009 7:55 pm 
Offline

Joined: Fri Aug 07, 2009 7:53 pm
Posts: 1
It's a great discussion as I found it very useful. I am new to using Lighttpd and this forum helps me a lot. Great job guys. Keep it up.

Pret immobilier


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 25 posts ]  Go to page 1, 2  Next

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: