Skip to content

LiteServ With SSL

Jump to bottom
snej edited this page Dec 10, 2014 · 3 revisions

It's now possible to run LiteServ as an SSL server. But it takes a little bit of configuration first.

Create Or Import The Certificate

To Create

To create a self-signed SSL cert on OS X, do this:

  1. Open the Keychain Access app.
  2. Choose the menu command Keychain Access > Certificate Assistant > Create A Certificate...
  3. Set the "Certificate Type" pop-up to "SSL Server".
  4. In the "Name" field enter the hostname of the server. (The name actually doesn't matter because we'll have to disable cert verification on the client anyway.)
  5. Press the "Create" button.

To Import

If you got an SSL cert from somewhere else, like a bona fide certificate authority, it's probably in the form of an encrypted ".p12" file.

  1. Double-click the ".p12" file, or otherwise open it with the Keychain Access app.
  2. Enter the file's passphrase to let Keychain Access open it.
  3. Agree to import the cert.

Register The Certificate

Whether you created or imported the certificate, you'll need to assign it a name so LiteServ can find it.

  1. Back in Keychain Access, select "My Certificates" from the "Category" list in the left column. (If the left column isn't showing, press the button at the lower left of the window to show it.)
  2. Select the certificate with the name you just entered. It'll have a gold-bordered icon.
  3. Right-click it and choose "New Identity Preference..." from the context menu.
  4. Enter the same name as the cert's name.

Run LiteServ

When you start LiteServ, add the command-line arguments --sslid and the identity pref name, e.g.:

./LiteServ --sslid jens.local

(In version 1.0.3 or earlier, the flag is named --ssl.)

Connecting Over SSL

Just use the same URL but change the protocol to "https", e.g. https://jens.local:59840/.

Disabling Verification

An SSL client will normally refuse to accept a self-signed certificate, because it can't verify its identity. The easiest way around this is to disable cert verification. You should do this only for testing -- it negates many of the benefits of SSL and, in a real environment, leaves the client open to man-in-the-middle attacks. But we assume you're using LiteServ only for testing anyway, right?

How you disable verification depends on the API or tool you're using. For example, with curl you use the --insecure flag:

curl --insecure https://jens.local:59840/
Clone this wiki locally