SSL Certificate Installation on Lighttpd Server

Lighttpd is a secure, fast, compliant, and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other web servers and takes care of the CPU load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make Lighttpd the perfect web server-software for every server that suffers load problems.

SSL Installation Steps:

    1. Copy the Certificate files to your server.Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from the CA account and then copy them to the directory on your server; you will keep your certificate and key files. Make them readable by root only.
    2. Concatenate the certificate and key file.

You need to concatenate the key file and the certificate file into a single pem file by running the following command:

cat your_domain_name.key your_domain_name.crt > your_domain_name.pem

    1. Edit the Lighttpd configuration file.

Now open your lighttpd.conf file and add the following:

var.confdir = “/etc/lighttpd”
$SERVER[“socket”] == “15.15.15.15:443” {
ssl.engine = “enable”
ssl.pemfile = var.confdir + “/your_domain_name.pem”
ssl.ca-file = var.confdir + “/DigiCertCA.crt”
server.name = “your.domain.com”
server.document-root = “/my/document/root/”
}

Ensure that the var.confdir (/etc/lighttpd) matches the location where you saved your certificate files. Also, change the IP address (15.15.15.15) to match your IP address.

  1. Restart Lighttpd.Troubleshooting:
    • If your web site is publicly accessible, our Check SSL Certificate tool can help you diagnose common problems.
    • Open a web browser and visit your site using HTTPS. It is best to test with both Internet Explorer and Firefox because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, Lighttpd may not yet listen on port 443. If your web request takes a very long time and then times out, a firewall blocking traffic on TCP port 443 to the web server.

If you receive a “not trusted” warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid to fields. If DigiCert issues the certificate, then your ssl.ca-file is not correctly configured.

We hope this article helped you with this easy process. If you cannot use these instructions, we recommend you contact either the vendor of your software or the hosting organization that supports it.

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »