Dieses Blog durchsuchen

Seiten

Labels

Raspberry (8) RPI (8)

Donnerstag, 1. Februar 2018

Raspberry Lighttp and SSL

All based on Raspberry Zero W with an "Debian Stretch" installed!
 
Since the Amazon Echo server only wants to communicate via https, I have to use for the Lighttp server a  "self-singed ceriticate".

First, let's start with a configuration for the certificate (please replace everything between <..> with your values):

cd ~
mkdir ssl
cd ssl
pico ssl.cfg
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = [[dein land=""]]
ST = [[dein bundesland=""]]
L = [[deine stadt=""]]
O = keine
CN = [[dein skillname=""]]

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @subject_alternate_names

[subject_alternate_names]
DNS.1 = [[domain die von außen aufgerufen wird z.b.23213qwesd.myfritz.net]]
DNS.2 = [[interne domain z.b. rpi-zero]]

Now we execute the following commands:
 
openssl genrsa -out private-key.pem 2048
openssl req -new -x509 -days 365 -key private-key.pem -config ssl.cfg -out certificate.pem
cat private-key.pem  certificate.pem > lighttp.pem
sudo mkdir /etc/lighttpd/ssl
sudo cp lighttp.pem /etc/lighttpd/ssl/


Almost done now we have to configure Lighttpd:

sudo pico /etc/lighttpd/lighttpd.conf

Enter the following at the end of the file

$SERVER["socket"] == "0.0.0.0:443" {
 ssl.engine = "enable"
 ssl.pemfile = "/etc/lighttpd/ssl/lighttp.pem"
}

Now restart the server

sudo service lighttpd restart


So the certificate is installed!

Keine Kommentare:

Kommentar veröffentlichen