How To Configure SSL For LSWS Web Admin GUI
As of LiteSpeed Web Server v5.2, self-signed SSL certificates are automatically created for the Web Admin GUI.
The following instructions are useful if an older version of LSWS is being used, a different self-signed certificate is wanted, or a non-self-signed certificate is needed.
Install/Change Certificates
LSWS 5.2+
LSWS reads the following files for its WebAdmin SSL configuration:
- Certificate File:
/usr/local/lsws/admin/conf/cert/admin.crt
- Key File:
/usr/local/lsws/admin/conf/cert/admin.key
- CABundle:
/usr/local/lsws/admin/conf/cert/admin.cabundle
This configuration can be changed at any time by replacing these files directly.
Make sure the files are owned by lsadm:lsadm
. This can be achieved by running the following command:
chown -R lsadm:lsadm /usr/local/lsws/admin/conf/cert/*
Perform a graceful restart after making any changes. The changes will be applied, and Web Admin GUI will begin using the newly-supplied certificate.
All Versions
The following will work for all versions of LSWS via the Web Admin GUI.
- Log in to the Web Admin GUI and navigate to Web Console > Listeners.
- Click View/Edit for the
adminListener
- In the General tab, click Edit and change Secure from
No
toYes
. Then hit Save.
- Click on the SSL tab, hit Edit under the SSL Private Key & Certificate section, and add the following:
- Private Key File:
</path/to/ssl/key_file>
- Certificate File:
</path/to/ssl/cert_file>
- Chained Certificate:
Yes
- CA Certificate File:
</path/to/ssl/ca_bundle>
Note: Make sure that these files can be read bylsadm
. If not, runchown lsadm:lsadm
on each file so that the Web Admin GUI can read these files.
- Save and perform a Graceful Restart of the web server. The Web Admin GUI should now be using the non-self-signed certificate.