如何在Lighttpd服务器上配置SSL

第1步：创建证书签名请求（CSR）

# mkdir /etc/lighttpd/ssl/
# cd /etc/lighttpd/ssl/

# openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Generating a 2048 bit RSA private key
....+++
...............+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:Delhi
Organization Name (eg, company) [Default Company Ltd]:youcl Inc.
Organizational Unit Name (eg, section) []:web
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:user@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [Leave Blank]
An optional company name []: [Leave Blank]

第2步：从CA申请证书

# openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.crt

# cat example.com.key  example.com.crt > example.com.pem

第3步：设置虚拟主机使用SSL

$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/lighttpd/ssl/youcl.com.pem"
      # ssl.ca-file = "/etc/lighttpd/ssl/CA_issuing.crt"
        server.name = "site1.youcl.com"
        server.document-root = "/sites/vhosts/site1.youcl.com/public"
        server.errorlog = "/var/log/lighttpd/site1.youcl.com.error.log"
        accesslog.filename = "/var/log/lighttpd/site1.youcl.com.access.log"
}

第4步：验证配置和重新启动Lighttpd

# lighttpd -t -f /etc/lighttpd/lighttpd.conf

Syntax OK

# service lighttpd restart