This post originated from an RSS feed registered with Ruby Buzz by Guy Naor. Original Post: Lighttpd with SSL Feed Title: Famundo - The Dev Blog Feed URL: http://devblog.famundo.com/xml/rss/feed.xml Feed Description: A blog describing the development and related technologies involved in creating famundo.com - a family management sytem written using Ruby On Rails and postgres Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Guy Naor Latest Posts From Famundo - The Dev Blog

I need SSL (https) support for famundo - it is our expectation that almost everything on famundo will be accessed through https, as the information our customers will put on it might be sensitive, and in any case, there are always privacy issues that need to be taken care of.

My web server of choice is lighttpd, and while implementing the SSL (https) part, I had two problems and finding the solution took some digging. So here’s what I did to get it to work.

1. Listening to both http and https on the same server process - once ssl is activated in lighty using: ssl.engine = “enable”, the server start listening on port 443 only. It’s the SSL port, and now I can connect with https. But no more http connections are accepted. To solve this, the server needs to be instructed to bind to the SSL port as well as the regular port. In the config:

   $SERVER["socket"] == "0.0.0.0:443" {
       ssl.engine = "enable"
       ssl.pemfile = "/etc/lighttpd/server.pem"
   

   }

2. Using a chained certificate will not work correctly with this setting. You will get https communications, but the browser will complain that the certificate isn’t authorizing correctly. To fix that, add the following line to thew config file:

   ssl.ca-file = “/etc/lighttpd/YourCACert.crt”

The ceret file you point to, is of the certification authority that signed your certificate. The client will then authenticate fully.