Literatur
Voraussetzung
In der VM eine dhparam.pem erstellen (dauert auf dem BBB zu lange)
$ openssl dhparam -out dhparam.pem 4096
die Dateien auf den Beaglebone kopieren
# scp dhparam.pem wnf@bone2013:schluessel
$ sudo -i
# service lighttpd stop
SSL für lighttpd auf dem Beaglebone einrichten
# cd /home/wnf/schluessel
# cat privkey1.pem cert1.pem > ssl.pem
# mkdir /etc/letsencrypt/live/
# cd /etc/letsencrypt/live/
# cp /home/wnf/schluessel/ssl.pem .
# cp /home/wnf/schluessel/fullchain1.pem ./fullchain.pem
# cd /etc/ssl/certs/
# cp /home/wnf/schluessel/dhparam.pem .
# cd /etc/lighttpd/conf-enabled
# touch letsencrypt.conf
# nano letsencrypt.conf
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/ssl.pem"
ssl.ca-file = "/etc/letsencrypt/live/fullchain.pem"
ssl.dh-file = "/etc/ssl/certs/dhparam.pem"
ssl.ec-curve = "secp384r1"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-compression = "disable"
setenv.add-response-header = (
"Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff"
)
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
Tags: beaglebone letsencrypt https