Menu Close

Tutorial – Adding SSL to this Lighttpd Blog

Today I am using SSL to add more securities in this Blog, and the SSL is provided by StartCom / StartSSL.
And now, let’s go trough the tutorial for installing SSL in a Lighttpd VPS
How to get Free SSL :

  1. Go to StartSSL
  2. Click the StartSSL Free
  3. Choose the Express Lane, fill the required data, and also make sure you are using valid phone number. We use the phone number for verification.

 
Preparing the Lighttpd VPS for SSL installation :

  1. Generate a CSR ( Certificate Signing Request ), and in this example we are using domain www.erawanarifnugroho.com
    # mkdir -p /etc/lighttpd/ssl
    # cd /etc/lighttpd/ssl/
    

    Create the Private Key :

    # openssl genrsa -des3 -out ssl.key 2048

    Create the CSR :

    # openssl req -new -key ssl.key -out ssl.csr

    You will be prompted to enter domain name and another data. At the “Common Name”, use your domain name, for example www.erawanarifnugroho.com
    Next you will need to submit the csr key to the Certificate Authority, in this case StartCom/StartSSL. Once your order have been validated, you can download the certificate to be used for the Lighttpd VPS.
    Save the Certificate as “certificate.crt” and upload the Certificate to the /etc/lighttpd/ssl

  2. Preparing the Certificate
    If we use the encrypted Private Key, Lighttpd will ask the password when restarted. Therefore, we need to decrypt the key so the Lighttpd will not ask the password.
    Decrypting the Private Key :

    # openssl rsa -in ssl.key -out no.pwd.key

    You will be prompted to enter the password for the Private Key.
    Create the .pem file :

    # cat no.pwd.key certificate.crt > ssl.pem
  3. Configuring the Lighttpd.conf
    # nano /etc/lighttpd/lighttpd.conf

    Add config section :

    $SERVER["socket"] == "vps.ip.address:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/ssl/ssl.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/certificate.crt"
    server.name = "www.erawanarifnugroho.com"
    server.document-root = "/var/www/www.erawanarifnugroho.com/"
    server.errorlog = "/var/log/lighttpd/serror.log"
    accesslog.filename = "/var/log/lighttpd/saccess.log"
    # The following code is used to secure the SSL from attack
    ssl.use-sslv2 = "disable"
    ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"}
  4. Restart the Lighttpd, and all done
    # service lighttpd restart

Leave a Reply

Your email address will not be published. Required fields are marked *