Namecheap SSL Tutorial (Lighttpd)

Namecheap’s cheap SSL certificates work great on desktop, but are missing the root cert therefore gave me an untrusted error on Android (and I assume iOS).

I spend a while trying to figure out how to fix this, and I finally have!

From the zip file they send you, combine the files using cat like this. The order is important for the mobile devices.

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle

Add your private key and certificate from Namecheap (domain_tld.crt file) to a single file, too.

cat privatekeyhere.key domain_tld.crt > certificate.pem

Use whatever names you want for the outputted files. Just make them consistent. You should probably make sure only your web-server/root user can read them to keep them secure.

Finally in your lighttpd.conf add something like the following to enable SSL globally for your server.

$SERVER["socket"] == "ip.address:443" 
{

server.document-root = "/var/www/"
ssl.engine = "enable"

ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"

ssl.ca-file = "/path/to/bundle"
ssl.pemfile = "/path/to/certificate.pem"

}

To force SSL connections only, you’ll want to add something like this:

$SERVER["socket"] == ":80" 
{
        $HTTP["host"] =~ "(.*)" 
        {
                url.redirect = ( "^/(.*)" => "https://%1/$1" )
        }
}

Thanks to Ben Green, SSL247, and Bill Patrianakos for all pointing me in the right direction 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s