[SOLVED] Own SSL certificate for admin/LUCI web

pgotze · November 29, 2016, 6:16pm

Hello,

where to load ssl certificate, which I have for my domain, to have https administration luci pages with my ssl?

Thanks.

pavel

Ondrej_Caletka · November 16, 2016, 2:55pm

The default self-signed certificate is in file /etc/lighttpd-self-signed.pem, bundled together with private key – that is how lighttpd expects it.

Fell free to put your certificate wherever, then update the configuration file /etc/lighttpd/conf.d/ssl-enable.conf. Don’t forget to add the chain certificate as well, into the lighttpd option ssl.ca-file, otherwise your certificate could not be recognised as valid.

See this example config for Let’s Encrypt.

pgotze · November 16, 2016, 3:40pm

Works, thanks.

Pavel

bortzmeyer · January 14, 2017, 3:38pm

For my CAcert certificate, what I did, was to generate the CSR on a Debian LXC container:

% openssl req  -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr -days 1000

Then, I paste the server.csr file in the CAcert Web form, and I download the server.crt file signed by CAcert. I then concatenate the private key and the signed certificate:

% cat server.key server.crt > server.pem

Then I copy server.pem to the Turris, change the lighttpd config as indicated and everything works.

Jan.H · January 4, 2018, 12:10pm