Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:config:admin-ssl [2015/07/20 19:26] Michael Alegre created |
litespeed_wiki:config:admin-ssl [2017/10/24 12:40] Lisa Clarke [How To Configure SSL For LSWS Web Admin GUI] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== How to secure web administration console with HTTPS/SSL ====== | + | ====== How To Configure SSL For LSWS Web Admin GUI ====== |
+ | **As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** | ||
- | 1. go to admin console -> listeners | + | The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed. |
- | <your.server>:7080/config/confMgr.php?m=altop | + | |
- | 2. add a listener called adminListenerSSL or something like that, make it listen on port 7081 (suggestion) and require SSL | + | ===== Install/Change Certificates ===== |
+ | ==== LSWS 5.2+ ==== | ||
+ | LSWS reads the following files for its WebAdmin SSL configuration: | ||
+ | * Certificate File | ||
+ | * /usr/local/lsws/admin/conf/cert/admin.crt | ||
+ | * Key File | ||
+ | * /usr/local/lsws/admin/conf/cert/admin.key | ||
+ | * CABundle | ||
+ | * /usr/local/lsws/admin/conf/cert/admin.cabundle | ||
+ | This configuration can be changed at any time by replacing these files directly.\\ | ||
+ | Make sure these files are owned by lsadm:lsadm. This can be achieved by running the following command: | ||
+ | <code> | ||
+ | chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/* | ||
+ | </code> | ||
+ | Perform a graceful restart after making any changes to have them applied. The Web Admin GUI should now be using the supplied certificate. | ||
- | 3. then go to the SSL tab and edit it, | + | ==== All Versions ==== |
- | <your.server>:7080/config/confMgr.php?m=al_adminListenerSSL&p=lsecure&t=L_SSL_CERT&a=e | + | The following will work for all versions of LSWS via the Web Admin GUI. |
- | + | - Log in to the Web Admin GUI and navigate to Web Console -> Listeners. | |
- | 4. in the shell, go to lsws/conf/cert/ | + | - Click View/Edit for the adminListener\\ \\ {{ :litespeed_wiki:config:admin-ssl-1.png?nolink&800 |}} |
- | then ran: | + | - In the General tab, click edit and change Secure from No ->Yes. Then hit save.\\ \\ {{ :litespeed_wiki:config:admin-ssl-3.png?nolink&800 |}} \\ |
- | openssl genrsa -out admin.key 1024 | + | - Click on the SSL tab, hit edit under the SSL Private Key & Certificate section, and add the following: |
- | and then this: | + | * **Private Key File:** ''</path/to/ssl/key_file>'' |
- | openssl req -new -x509 -key admin.key -out admin.crt -days 365 | + | * **Certificate File:** ''</path/to/ssl/cert_file>'' |
- | + | * **Chained Certificate:** Yes | |
- | 5. set Private Key File to $SERVER_ROOT/conf/cert/admin.key | + | * **CA Certificate File:** ''</path/to/ssl/ca_bundle>''\\ \\ **Note:** Make sure that these files can be read by lsadm. If not, run chown lsadm:ladm on each file so that the Web Admin GUI can read these files. \\ \\ {{ :litespeed_wiki:config:admin-ssl-4.png?nolink&800 |}} \\ |
- | 6. set Certificate File to $SERVER_ROOT/conf/cert/admin.crt | + | - Save and perform a graceful restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :litespeed_wiki:config:brotli:brotli-5.png?nolink&800 |}} \\ {{ :litespeed_wiki:config:brotli:brotli-6.png?nolink&800 |}} |
- | + | ||
- | 7. save changes, graceful restart, make sure 7081 is open in your firewall | + | |
- | + | ||
- | try https://<your.server>:7081 and it works for me! | + | |