Following describes how to get
StartSSL certificates working with lighttpd. First of all read
how to get free ssl certificate from StartSSL and actually create certificates.
cat www_certificate.pem www_privatekey.pem > /etc/ssl/private/lighttpd.pem
chown root:www-data /etc/ssl/private/lighttpd.pem
chmod 640 /etc/ssl/private/lighttpd.pem
wget http://www.startssl.com/certs/ca.pem -O ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O sub.class1.server.ca.pem
cat ca.pem sub.class1.server.ca.pem > /etc/ssl/certs/lighttpd.pem
chown root:root /etc/ssl/certs/lighttpd.pem
chmod 644 /etc/ssl/certs/lighttpd.pem
The SSL portion of the lighttpd config should look something like this.
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/ssl/certs/lighttpd.pem"
ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
}
Test https
wget http://www.startssl.com/certs/ca.pem -O /tmp/ca.pem
openssl s_client -CAfile /tmp/ca.pem -connect www.flexion.org:443