diff options
Diffstat (limited to 'data/lighttpd/lighttpd-1.4.53/doc/outdated/ssl.txt')
-rw-r--r-- | data/lighttpd/lighttpd-1.4.53/doc/outdated/ssl.txt | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/data/lighttpd/lighttpd-1.4.53/doc/outdated/ssl.txt b/data/lighttpd/lighttpd-1.4.53/doc/outdated/ssl.txt new file mode 100644 index 000000000..447da4e52 --- /dev/null +++ b/data/lighttpd/lighttpd-1.4.53/doc/outdated/ssl.txt @@ -0,0 +1,62 @@ +=========== +Secure HTTP +=========== + +------------ +Module: core +------------ + +:Author: Jan Kneschke +:Date: $Date: 2004/08/29 09:44:53 $ +:Revision: $Revision: 1.2 $ + +:abstract: + How to set up SSL in lighttpd + +.. meta:: + :keywords: lighttpd, ssl + +.. contents:: Table of Contents + +Description +=========== + +lighttpd supports SSLv2 and SSLv3 if it is compiled against openssl. + +Configuration +------------- + +To enable SSL for the whole server you have to provide a valid +certificate and have to enable the SSL engine.:: + + ssl.engine = "enable" + ssl.pemfile = "/path/to/server.pem" + +The HTTPS protocol does not allow you to use name-based virtual +hosting with SSL. If you want to run multiple SSL servers with +one lighttpd instance you must use IP-based virtual hosting: :: + + $SERVER["socket"] == "10.0.0.1:443" { + ssl.engine = "enable" + ssl.pemfile = "www.example.org.pem" + server.name = "www.example.org" + + server.document-root = "/www/servers/www.example.org/pages/" + } + +If you have a .crt and a .key file, cat them together into a +single PEM file: +:: + + $ cat host.key host.crt > host.pem + + +Self-Signed Certificates +------------------------ + +A self-signed SSL certificate can be generated like this: :: + + $ openssl req -new -x509 \ + -keyout server.pem -out server.pem \ + -days 365 -nodes + |