This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
litespeed_wiki:config:admin-ssl [2015/07/20 19:26]
Michael Alegre created
litespeed_wiki:config:admin-ssl [2017/10/24 12:49]
Lisa Clarke [All Versions]
Line 1: Line 1:
-====== How to secure web administration console with HTTPS/SSL ======+====== How To Configure ​SSL For LSWS Web Admin GUI ====== 
 +**As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** ​
-1. go to admin console ​-> listeners +The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed.
-  <​your.server>:​7080/​config/​confMgr.php?m=altop+
-2add a listener called adminListenerSSL or something like that, make it listen on port 7081 (suggestion) and require ​SSL+===== Install/​Change Certificates ===== 
 +==== LSWS 5.2+ ==== 
 +LSWS reads the following files for its WebAdmin ​SSL configuration:​ 
 +  * Certificate File: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.crt''​ 
 +  * Key File: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.key''​ 
 +  * CABundle: ''/​usr/​local/​lsws/​admin/​conf/​cert/​admin.cabundle''​
-3then go to the SSL tab and edit it,  ​ +This configuration can be changed at any time by replacing these files directly.\\ 
-  <your.server>:7080/config/confMgr.php?​m=al_adminListenerSSL&​p=lsecure&​t=L_SSL_CERT&​a=e+Make sure the files are owned by ''​lsadm:​lsadm''​. This can be achieved by running the following command: 
 +chown -R lsadm:lsadm /usr/local/​lsws/​admin/​conf/​cert/​* 
 +Perform ​graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate. ​
-4. in the shell, go to lsws/​conf/​cert/​ +==== All Versions ==== 
-then ran: +The following will work for all versions of LSWS via the Web Admin GUI. 
-  ​openssl genrsa ​-out admin.key 1024 +  - Log in to the Web Admin GUI and navigate ​to **Web Console > Listeners**. 
-and then this: +  - Click **View/​Edit** for the ''​adminListener''​\\ \\ {{ :​litespeed_wiki:​config:​admin-ssl-1.png?​nolink&​800 |}} 
-  openssl req -new -x509 -key admin.key -out admin.crt -days 365 +  - In the **General** tab, click **Edit** ​and change **Secure** from ''​No''​ to ''​Yes''​. Then hit **Save**.\\ \\ {{ :litespeed_wiki:​config:​admin-ssl-3.png?​nolink&​800 |}} \\ 
- +  ​Click on the **SSL** tab, hit **Edit** under the **SSL Private Key & Certificate** section, and add the following: 
-5. set Private Key File to $SERVER_ROOT/conf/cert/admin.key +    * **Private Key File:** ''<​/path/to/ssl/​key_file>''​ 
-6. set Certificate File to $SERVER_ROOT/conf/cert/admin.crt +    * **Certificate File:** ''<​/path/to/ssl/​cert_file>''​ 
- +    * **Chained Certificate:​** ''​Yes''​ 
-7. save changes, graceful restart, make sure 7081 is open in your firewall +    * **CA Certificate File:** ''<​/path/to/​ssl/​ca_bundle>''​\\ \\ **Note:** Make sure that these files can be read by ''​lsadm''​. If not, run ''​chown lsadm:​lsadm''​ on each file so that the Web Admin GUI can read these files. \\ \\ {{ :​litespeed_wiki:​config:​admin-ssl-4.png?​nolink&​800 |}} \\ 
- +  - Save and perform ​ a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :​litespeed_wiki:​config:​brotli:​brotli-5.png?​nolink&​800 |}} \\ {{ :​litespeed_wiki:​config:​brotli:​brotli-6.png?​nolink&​800 |}}
-try https://<​your.server>:7081 and it works for me!+
  • Admin
  • Last modified: 2017/10/24 12:49
  • by Lisa Clarke