Enabling SSL for Pi Hole Admin Interface (lighttpd)
10#PiHole #SSL #lighttpd
Full steps can be found at https://i12bretro.github.io/tutorials/0115.html
This video is outdated after I found updating Pi-hole will overwrite the SSL config. The new video showing updated steps can be found at: https://youtu.be/yUdmBGe9wYA
--------------------------------------------------------------------
Prerequisites
--------------------------------------------------------------------
- A XCA PKI database https://youtu.be/ezzj3x207lQ
--------------------------------------------------------------------
Create Your SSL Certificate
--------------------------------------------------------------------
01. Launch XCA
02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
03. Click on the Certificates tab, right click on your Intermediate CA certificate
04. Select New
05. On the Source tab, make sure Use this Certificate for signing is selected
06. Verify your Intermediate CA certificate is selected from the drop down
07. Click the Subject tab
08. Complete the Distinguished Name section
internalName: Pi-Hole SSL
countryName: US
stateOrProvinceName: Virginia
localityName: Northern
organizationName: i12bretro
organizationUnitName: i12bretro Certificate Authority
commonName: pihole.i12bretro.local
09. Click the Generate a New Key button
10. Enter a name and set the key size to at least 2048
11. Click Create
12. Click on the Extensions tab
13. Select End Entity from the type list
14. Click Edit next to Subject Alternative Name
15. Add any DNS or IP addresses that the certificate will identify
16. Update the validity dates to fit your needs
17. Click the Key Usage tab
18. Under Key Usage select Digital Signature, Key Encipherment
19. Under Extended Key Usage select Web Server and Web Client Authentication
20. Click the Netscape tab
21. Select SSL Server
22. Click OK to create the certificate
--------------------------------------------------------------------
Exporting Required Files
--------------------------------------------------------------------
01. In XCA, click on the Certificates tab
02. Right click the Intermediate CA certificate ≫ Export ≫ File
03. Set the file name with a .pem extension and verify the export format is PEM chain (*.pem)
04. Click OK
05. Right click the SSL certificate ≫ Export ≫ File
06. Set the file name with a .pem extension and verify the export format is PEM + Key (*.pem)
07. Click OK
--------------------------------------------------------------------
Applying the Certificates
--------------------------------------------------------------------
01. Download PuTTY https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
02. Connect to the Raspberry Pi via PuTTY
a. If SSH is not enabled on the Raspberry Pi, enable it using Raspberry Pi Config
b. Launch PuTTY
c. Input the Raspberry Pi hostname or IP address
d. Click Connect
07. Install xrdp to simplify administration by running the following command
sudo apt-get install xrdp
08. Connect to the Raspberry Pi via Remote Desktop Client
09. Copy the certificates exported above to the Pi
10. Copy the certificates exported above to /etc/lighttpd
cp /home/pi/Downloads/PiHole.pem /etc/lighttpd
cp /home/pi/Downloads/ca-chain.pem /etc/lighttpd
11. Edit lighttpd.conf
mousepad
12. File ≫ Open /etc/lighttpd/lighttpd.conf
13. Add "mod_openssl" to server.modules
14. Add the following lines
server.name = "pihole.i12bretro.local"
server.port = 443
ssl.engine = "enable"
ssl.pemfile = "PiHole.pem"
ssl.ca-file = "ca-chain.pem"
15. File ≫ Save ≫ /home/pi/Downloads/lighttpd.conf
16. In terminal, paste the following commands
cp /home/pi/Downloads/lighttpd.conf /etc/lighttpd
service lighttpd restart
17. Open a web browser and navigate to PiHole via https://
### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro