2011年12月8日 星期四

[http + SSL] How To Lighttpd Create Self Signed SSL Certificates

Posted by   on   in , ,   / No comments 


How To Lighttpd Create Self Signed SSL Certificates



by Vivek Gite on October 19, 2006 · 8 comments



Lighttpd logo


If you are testing an application (web based) or just want secure login page for your application, you can create a self signed SSL Certificates. I have already explained the procedure for installing real third party signed SSL certificate.


Procedure is as follows:


Step # 1: Create self signed SSL Certificates



Create a directory to store SSL certificate:


# mkdir /etc/lighttpd/ssl/domain.com -p

# cd /etc/lighttpd/ssl/domain.com

# openssl req -new -x509 -keyout server.pem -out server.pem -days 3650 -nodes

# chown lighttpd:lighttpd /etc/lighttpd/ssl -R (can type or not)

# chmod 0600 /etc/lighttpd/ssl/domain.com


You need to provide information such as country name, your domain name etc.


Step # 2: Configure Lighttpd



Open lighttpd configuration file:

# vi /etc/lighttpd/lighttpd.conf Add config directives as follows:

$SERVER["socket"] == "Your Machine IP Address: Port number" {

server.document-root = "Your http file location"

ssl.engine = "enable"

ssl.pemfile = "/etc/lighttpd/ssl/domain.com/server.pem"

}




For example:

# vi /etc/lighttpd/lighttpd.conf Add config directives as follows:

$SERVER["socket"] == "192.168.1.100:443" {

server.document-root = "/home/lighttpd/domain.com"

ssl.engine = "enable"

ssl.pemfile = "/etc/lighttpd/ssl/domain.com/server.pem"

}







Make sure you replace ip 192.168.1.100 with your actual IP address.


Step # 3: Restart Lighttpd



Test config file for errors:

# lighttpd -t -f /etc/lighttpd/lighttpd.conf


If syntex is ok

    then Response

Syntex OK




Now Restart lighttpd:

# /etc/init.d/lighttpd restart


Make sure port 443 is open

# netstat -tulpn | grep :443


Configure firewall/iptables and open port 443. Following is sample iptabables rules. You need to append code to your iptables shell script:

SERVER_IP="192.168.1.100"

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s $SERVER_IP --sport 443 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


Redirect plain text login page to secure login page



Let us assume you would like to redirect all incoming wordpress requests http://domain.com/blog/wp-login.php request to https://domain.com/blog/wp-login.php

Add following code snippet to your lighttpd.conf file's port 80 section:

$HTTP["url"] =~ "^/(Your file location)" {

url.redirect = ( "^/(.*)" => "https://(Your Domain Name)/$1" )

}




For example :


$HTTP["url"] =~ "^/blog/wp-login.php*" {

url.redirect = ( "^/(.*)" => "https://www.domain.com/$1" )

}





You may need to modify your login page to submit form over SSL.


OPtion 2:


Skip all input and direct output server.pem


openssl req -new -x509 -keyout server.pem -out server.pem -days 3650 -nodes  -subj '/C=TW/O=UBEE/L=Taipei/CN=www.ubeeinteractive.com/'


Reference :

0 意見:

張貼留言

訂閱: 張貼留言 (Atom)