Lighttpd, pronounced as ‘lighty’, is the portmanteau of Light and httpd. Lighttpd is an open-source web server offering unparalleled performance. Lighttpd was launched way back in 2003 with a view to offering fast and superior services.
Jan Kneschke is the brain behind lighty web server. He wrote Lighttpd as a solution to manage the problem of handling 10000 connections in parallel for a single server. Therefore, making it an excellent choice for the servers suffering from load problems. The speed and flexibility offered by Lighttpd can be seen in very few servers. Powerful memory management is the reason behind it. It uses much less memory compared to its peers.
We can talk all day about the pros and cons of Lighttpd but you’re not here for that, right? Well then let’s get straight down to business and learn how you can install SSL on Lighttpd.
Step 1: First, you must download the Intermediate certificate provided by the CA. You would have received it via email.
Unfortunately, although apparently ssl.verifyclient.username enables an ID to be extracted from the client certificate, there is no explanation about how to use that information for client authentication at the lighttpd level. 2018-11-08 18:06:21: (connections-glue.c.126) SSL: renegotiation initiated by client, killing connection ii lighttpd 1.4.45-1 ii openssl 1.1.1-2+32532.5+jessie1.gbp90eb86 Debian 8.11 (Jes. (internal) openssl creates a session ticket encryption key per SSLCTX. Lighttpd 1.4.56 and later assigns a single session ticket encryption key for the lighttpd server (across all SSLCTX) for consistency. Behavior change with ssl.ca-dn-file (uncommon); applies to client. I would like to enable HTTPS in Lighttpd. I have a 'key' file (created using openssl), along with the certificate and intermediate certificates generated by the SSL provider but I'm not sure how these files are usedin Lighttpd. It seems like the config file is expecting a file in 'pem' format.
Step 2: Once you download the intermedia certificate, copy its contents and paste into a text editor (i.e. notepad).
Save the file as intermediate.crt.
Step 3: Now Download the x.509 SSL certificate sent by your CA. Save the file as SSL.crt.
It will look something like this:
—–BEGIN CERTIFICATE—–
(SSL Certificate)
![Request Request](/uploads/1/3/7/6/137650071/997561202.jpg)
—–END CERTIFICATE—–
Step 4: Now browse & locate the SSL.crt and .key files you had downloaded. Enter the below given command to copy them to your website SSL directory.
![Lighttpd Openssl Lighttpd Openssl](/uploads/1/3/7/6/137650071/603501374.jpg)
# cp ssl.crt /etc/lighttpd/ssl/yourdomain.com
# cp yourdomain.key /etc/lighttpd/ssl/yourdomain.com
Step 5: Once you have entered the afore-mentioned commands, it’s time to create a .pem file. This can be done by concatenating .key and .crt files. Enter the command below to concatenate and setup the permissions.
# cat yourdomain.key ssl.crt > yourdomain.pem
# chmod 0600 yourdomain.pem
# chown lighttpd:lighttpd /etc/lighttpd/ssl/yourdomain.com -R
Step 6: Open Lighttpd configuration file using the command below.
# vi /etc/lighttpd/lighttpd.conf
Step 7: Now add the following commands to the configuration section.
$SERVER[“socket”] “yourdomain.com:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/yourdomain.com/yourdomain.pem”
ssl.ca-file = “/etc/lighttpd/yourdomain.com/intermediate.crt”
server.name = “yourdomain.com”
server.document-root = “/home/lighttpd/yourdomain.com/https”
server.errorlog = “/var/log/lighttpd/yourdomain.com/serror.log”
accesslog.filename = “/var/log/lighttpd/yourdomain.com/saccess.log”
}
Lighttpd Openssl Version
where
ssl.engine = “enable” : Enable lighttpd SSL support
ssl.pemfile = “/etc/lighttpd/yourdomain.com/yourdomain.pem”
ssl.ca-file = “/etc/lighttpd/yourdomain.com/intermediate.crt”
Lighttpd Openssl Library
Save and close the file once you’re done.
Lighttpd Https
Step 8: Now restart the Lighttpd server using the following command.
# /etc/init.d/lighttpd restart