SSL Certificate Installation in Lighttpd

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
OpenSSL CSR Creation for a Lighttpd Server.

Lighttpd Server SSL Certificate Installation

  1. Copy the Certificate files to your server.

    Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account, then copy them to the directory on your server where you will keep your certificate and key files. Make them readable by root only.

  2. Concatenate the certificate and key file.

    You need to concatenate the key file and the certificate file into a single pem file by running the following command:

    cat your_domain_name.key your_domain_name.crt > your_domain_name.pem

  3. Edit the Lighttpd configuration file.

    Now open your lighttpd.conf file and add the following:

    var.confdir = "/etc/lighttpd"
    $SERVER["socket"] == "15.15.15.15:443" {
    ssl.engine = "enable"
    ssl.pemfile = var.confdir + "/your_domain_name.pem"
    ssl.ca-file = var.confdir + "/DigiCertCA.crt"
    server.name = "your.domain.com"
    server.document-root = "/my/document/root/"
    }

    Make sure that the var.confdir (/etc/lighttpd) matches the location where you saved your certificate files. Also change the IP address (15.15.15.15) to match your IP address.

  4. Restart Lighttpd.

Troubleshooting:

  1. If your web site is publicly accessible, our Check SSL Certificate tool can help you diagnose common problems.

  2. Open a web browser and visit your site using https. It is best to test with both Internet Explorer as well as Firefox, because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, then Lighttpd may not yet be listening on port 443. If your web request takes a very long time, and then times out, a firewall blocking traffic on TCP port 443 to the web server.

    If you receive a "not trusted" warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid To fields. If the certificate is issued by DigiCert, then your ssl.ca-file is not correctly configured.

For more information, read the Lighttpd documentation for setting up SSL.

Installing your SSL Certificates in Lighttpd

How to install your SSL Digital Certificate in Lighttpd.

BUY NOW

Related Links

SSL Certificates

SSL Support