Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
litespeed_wiki:config:admin-ssl [2015/07/20 19:26] Michael Alegre created |
litespeed_wiki:config:admin-ssl [2017/10/24 12:49] (current) Lisa Clarke [All Versions] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== How to secure web administration console with HTTPS/SSL ====== | + | ====== How To Configure SSL For LSWS Web Admin GUI ====== |
| + | **As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** | ||
| - | 1. go to admin console -> listeners | + | The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed. |
| - | <your.server>:7080/config/confMgr.php?m=altop | + | |
| - | 2. add a listener called adminListenerSSL or something like that, make it listen on port 7081 (suggestion) and require SSL | + | ===== Install/Change Certificates ===== |
| + | ==== LSWS 5.2+ ==== | ||
| + | LSWS reads the following files for its WebAdmin SSL configuration: | ||
| + | * Certificate File: ''/usr/local/lsws/admin/conf/cert/admin.crt'' | ||
| + | * Key File: ''/usr/local/lsws/admin/conf/cert/admin.key'' | ||
| + | * CABundle: ''/usr/local/lsws/admin/conf/cert/admin.cabundle'' | ||
| - | 3. then go to the SSL tab and edit it, | + | This configuration can be changed at any time by replacing these files directly.\\ |
| - | <your.server>:7080/config/confMgr.php?m=al_adminListenerSSL&p=lsecure&t=L_SSL_CERT&a=e | + | Make sure the files are owned by ''lsadm:lsadm''. This can be achieved by running the following command: |
| + | <code> | ||
| + | chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/* | ||
| + | </code> | ||
| + | Perform a graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate. | ||
| - | 4. in the shell, go to lsws/conf/cert/ | + | ==== All Versions ==== |
| - | then ran: | + | The following will work for all versions of LSWS via the Web Admin GUI. |
| - | openssl genrsa -out admin.key 1024 | + | - Log in to the Web Admin GUI and navigate to **Web Console > Listeners**. |
| - | and then this: | + | - Click **View/Edit** for the ''adminListener''\\ \\ {{ :litespeed_wiki:config:admin-ssl-1.png?nolink&800 |}} |
| - | openssl req -new -x509 -key admin.key -out admin.crt -days 365 | + | - In the **General** tab, click **Edit** and change **Secure** from ''No'' to ''Yes''. Then hit **Save**.\\ \\ {{ :litespeed_wiki:config:admin-ssl-3.png?nolink&800 |}} \\ |
| - | + | - Click on the **SSL** tab, hit **Edit** under the **SSL Private Key & Certificate** section, and add the following: | |
| - | 5. set Private Key File to $SERVER_ROOT/conf/cert/admin.key | + | * **Private Key File:** ''</path/to/ssl/key_file>'' |
| - | 6. set Certificate File to $SERVER_ROOT/conf/cert/admin.crt | + | * **Certificate File:** ''</path/to/ssl/cert_file>'' |
| - | + | * **Chained Certificate:** ''Yes'' | |
| - | 7. save changes, graceful restart, make sure 7081 is open in your firewall | + | * **CA Certificate File:** ''</path/to/ssl/ca_bundle>''\\ \\ **Note:** Make sure that these files can be read by ''lsadm''. If not, run ''chown lsadm:lsadm'' on each file so that the Web Admin GUI can read these files. \\ \\ {{ :litespeed_wiki:config:admin-ssl-4.png?nolink&800 |}} \\ |
| - | + | - Save and perform a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :litespeed_wiki:config:brotli:brotli-5.png?nolink&800 |}} \\ {{ :litespeed_wiki:config:brotli:brotli-6.png?nolink&800 |}} | |
| - | try https://<your.server>:7081 and it works for me! | + | |