Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
litespeed_wiki:config:admin-ssl [2015/07/20 19:26] Michael Alegre created |
litespeed_wiki:config:admin-ssl [2017/10/24 12:49] Lisa Clarke [All Versions] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== How to secure web administration console with HTTPS/SSL ====== | + | ====== How To Configure SSL For LSWS Web Admin GUI ====== |
+ | **As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.** | ||
- | 1. go to admin console -> listeners | + | The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed. |
- | <your.server>:7080/config/confMgr.php?m=altop | + | |
- | 2. add a listener called adminListenerSSL or something like that, make it listen on port 7081 (suggestion) and require SSL | + | ===== Install/Change Certificates ===== |
+ | ==== LSWS 5.2+ ==== | ||
+ | LSWS reads the following files for its WebAdmin SSL configuration: | ||
+ | * Certificate File: ''/usr/local/lsws/admin/conf/cert/admin.crt'' | ||
+ | * Key File: ''/usr/local/lsws/admin/conf/cert/admin.key'' | ||
+ | * CABundle: ''/usr/local/lsws/admin/conf/cert/admin.cabundle'' | ||
- | 3. then go to the SSL tab and edit it, | + | This configuration can be changed at any time by replacing these files directly.\\ |
- | <your.server>:7080/config/confMgr.php?m=al_adminListenerSSL&p=lsecure&t=L_SSL_CERT&a=e | + | Make sure the files are owned by ''lsadm:lsadm''. This can be achieved by running the following command: |
+ | <code> | ||
+ | chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/* | ||
+ | </code> | ||
+ | Perform a graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate. | ||
- | 4. in the shell, go to lsws/conf/cert/ | + | ==== All Versions ==== |
- | then ran: | + | The following will work for all versions of LSWS via the Web Admin GUI. |
- | openssl genrsa -out admin.key 1024 | + | - Log in to the Web Admin GUI and navigate to **Web Console > Listeners**. |
- | and then this: | + | - Click **View/Edit** for the ''adminListener''\\ \\ {{ :litespeed_wiki:config:admin-ssl-1.png?nolink&800 |}} |
- | openssl req -new -x509 -key admin.key -out admin.crt -days 365 | + | - In the **General** tab, click **Edit** and change **Secure** from ''No'' to ''Yes''. Then hit **Save**.\\ \\ {{ :litespeed_wiki:config:admin-ssl-3.png?nolink&800 |}} \\ |
- | + | - Click on the **SSL** tab, hit **Edit** under the **SSL Private Key & Certificate** section, and add the following: | |
- | 5. set Private Key File to $SERVER_ROOT/conf/cert/admin.key | + | * **Private Key File:** ''</path/to/ssl/key_file>'' |
- | 6. set Certificate File to $SERVER_ROOT/conf/cert/admin.crt | + | * **Certificate File:** ''</path/to/ssl/cert_file>'' |
- | + | * **Chained Certificate:** ''Yes'' | |
- | 7. save changes, graceful restart, make sure 7081 is open in your firewall | + | * **CA Certificate File:** ''</path/to/ssl/ca_bundle>''\\ \\ **Note:** Make sure that these files can be read by ''lsadm''. If not, run ''chown lsadm:lsadm'' on each file so that the Web Admin GUI can read these files. \\ \\ {{ :litespeed_wiki:config:admin-ssl-4.png?nolink&800 |}} \\ |
- | + | - Save and perform a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.\\ \\ {{ :litespeed_wiki:config:brotli:brotli-5.png?nolink&800 |}} \\ {{ :litespeed_wiki:config:brotli:brotli-6.png?nolink&800 |}} | |
- | try https://<your.server>:7081 and it works for me! | + | |