[SOLVED] Own SSL certificate for admin/LUCI web

pgotze 2016-11-16 14:38:12 UTC #1

Hello,

where to load ssl certificate, which I have for my domain, to have https administration luci pages with my ssl?

Thanks.

pavel

Ondrej_Caletka 2016-11-16 14:55:51 UTC #2

The default self-signed certificate is in file /etc/lighttpd-self-signed.pem, bundled together with private key – that is how lighttpd expects it.

Fell free to put your certificate wherever, then update the configuration file /etc/lighttpd/conf.d/ssl-enable.conf. Don't forget to add the chain certificate as well, into the lighttpd option ssl.ca-file, otherwise your certificate could not be recognised as valid.

See this example config for Let's Encrypt.

pgotze 2016-11-16 15:40:28 UTC #3

Works, thanks.

Pavel

bortzmeyer 2017-01-14 15:38:33 UTC #4

For my CAcert certificate, what I did, was to generate the CSR on a Debian LXC container:

% openssl req  -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr -days 1000

Then, I paste the server.csr file in the CAcert Web form, and I download the server.crt file signed by CAcert. I then concatenate the private key and the signed certificate:

% cat server.key server.crt > server.pem

Then I copy server.pem to the Turris, change the lighttpd config as indicated and everything works.