This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revision Both sides next revision
litespeed_wiki:config:admin-ssl [2015/07/20 19:26]
Michael Alegre created
litespeed_wiki:config:admin-ssl [2017/10/24 12:43]
Lisa Clarke [LSWS 5.2+]
Line 1: Line 1:
-====== How to secure web administration console with HTTPS/SSL ======+====== How To Configure ​SSL For LSWS Web Admin GUI ====== 
 +**As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** ​
-1. go to admin console ​-> listeners +The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed.
-  <​your.server>:​7080/​config/​confMgr.php?m=altop+
-2add a listener called adminListenerSSL or something like that, make it listen on port 7081 (suggestion) and require ​SSL+===== Install/​Change Certificates ===== 
 +==== LSWS 5.2+ ==== 
 +LSWS reads the following files for its WebAdmin ​SSL configuration:​ 
 +  * Certificate File: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.crt''​ 
 +  * Key File: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.key''​ 
 +  * CABundle: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.cabundle''​
-3then go to the SSL tab and edit it,  ​ +This configuration can be changed at any time by replacing these files directly.\\ 
-  <your.server>:7080/config/confMgr.php?​m=al_adminListenerSSL&​p=lsecure&​t=L_SSL_CERT&​a=e+Make sure the files are owned by ''​lsadm:​lsadm''​. This can be achieved by running the following command: 
 +chown -R lsadm:lsadm /usr/local/​lsws/​admin/​conf/​cert/​* 
 +Perform ​graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate. ​
-4. in the shell, go to lsws/​conf/​cert/​ +==== All Versions ==== 
-then ran: +The following will work for all versions of LSWS via the Web Admin GUI. 
-  ​openssl genrsa ​-out admin.key 1024 +  - Log in to the Web Admin GUI and navigate ​to Web Console -> Listeners. 
-and then this: +  - Click View/Edit for the adminListener\\ \\ {{ :​litespeed_wiki:​config:​admin-ssl-1.png?​nolink&​800 |}} 
-  ​openssl req -new -x509 -key admin.key -out admin.crt -days 365 +  - In the General tab, click edit and change Secure from No ->YesThen hit save.\\ \\ {{ :​litespeed_wiki:​config:​admin-ssl-3.png?​nolink&​800 |}} \\ 
- +  ​Click on the SSL tab, hit edit under the SSL Private Key & Certificate section, and add the following: 
-5. set Private Key File to $SERVER_ROOT/conf/cert/admin.key +    * **Private Key File:** ''<​/path/to/ssl/​key_file>''​ 
-6. set Certificate File to $SERVER_ROOT/conf/cert/admin.crt +    * **Certificate File:** ''<​/path/to/ssl/​cert_file>''​ 
- +    * **Chained Certificate:​** Yes 
-7save changes, graceful restart, make sure 7081 is open in your firewall +    * **CA Certificate File:** ''</​path/​to/​ssl/​ca_bundle>''​\\ \\ **Note:** Make sure that these files can be read by lsadmIf notrun chown lsadm:ladm on each file so that the Web Admin GUI can read these files. \\ \\ {{ :​litespeed_wiki:​config:​admin-ssl-4.png?​nolink&​800 |}} \\ 
- +  - Save and perform ​ a graceful restart ​of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :litespeed_wiki:​config:​brotli:​brotli-5.png?​nolink&​800 |}} \\ {{ :litespeed_wiki:​config:​brotli:​brotli-6.png?​nolink&​800 |}}
-try https://<your.server>:7081 and it works for me!+
  • Admin
  • Last modified: 2017/10/24 12:49
  • by Lisa Clarke