How To Configure SSL For LSWS Web Admin GUI

As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.

The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed.

LSWS reads the following files for its WebAdmin SSL configuration:

• Certificate File: /usr/local/lsws/admin/conf/cert/admin.crt
• Key File: /usr/local/lsws/admin/conf/cert/admin.key
• CABundle: /usr/local/lsws/admin/conf/cert/admin.cabundle

This configuration can be changed at any time by replacing these files directly.
Make sure the files are owned by lsadm:lsadm. This can be achieved by running the following command:

chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/*

Perform a graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate.

The following will work for all versions of LSWS via the Web Admin GUI.

1. Log in to the Web Admin GUI and navigate to Web Console > Listeners.
2. Click View/Edit for the adminListener
   
   
3. In the General tab, click Edit and change Secure from No to Yes. Then hit Save.
   
   
   
4. Click on the SSL tab, hit Edit under the SSL Private Key & Certificate section, and add the following:
   • Private Key File: </path/to/ssl/key_file>
   • Certificate File: </path/to/ssl/cert_file>
   • Chained Certificate: Yes
   • CA Certificate File: </path/to/ssl/ca_bundle>
     
     Note: Make sure that these files can be read by lsadm. If not, run chown lsadm:lsadm on each file so that the Web Admin GUI can read these files.
     
     
     
5. Save and perform a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.