Annotation of embedaddon/lighttpd/doc/outdated/ssl.txt, revision 1.1.1.1
1.1 misho 1: ===========
2: Secure HTTP
3: ===========
4:
5: ------------
6: Module: core
7: ------------
8:
9: :Author: Jan Kneschke
10: :Date: $Date: 2004/08/29 09:44:53 $
11: :Revision: $Revision: 1.2 $
12:
13: :abstract:
14: How to set up SSL in lighttpd
15:
16: .. meta::
17: :keywords: lighttpd, ssl
18:
19: .. contents:: Table of Contents
20:
21: Description
22: ===========
23:
24: lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl.
25:
26: Configuration
27: -------------
28:
29: To enable SSL for the whole server you have to provide a valid
30: certificate and have to enable the SSL engine.::
31:
32: ssl.engine = "enable"
33: ssl.pemfile = "/path/to/server.pem"
34:
35: The HTTPS protocol does not allow you to use name-based virtual
36: hosting with SSL. If you want to run multiple SSL servers with
37: one lighttpd instance you must use IP-based virtual hosting: ::
38:
39: $SERVER["socket"] == "10.0.0.1:443" {
40: ssl.engine = "enable"
41: ssl.pemfile = "www.example.org.pem"
42: server.name = "www.example.org"
43:
44: server.document-root = "/www/servers/www.example.org/pages/"
45: }
46:
47: If you have a .crt and a .key file, cat them together into a
48: single PEM file:
49: ::
50:
51: $ cat host.key host.crt > host.pem
52:
53:
54: Self-Signed Certificates
55: ------------------------
56:
57: A self-signed SSL certificate can be generated like this: ::
58:
59: $ openssl req -new -x509 \
60: -keyout server.pem -out server.pem \
61: -days 365 -nodes
62:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ssl.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated