There are 3 easy steps to make your "Lighty on Tomato" https-sensitive.
First, you may need to fire your own self-signed SSL certificate with OpenSSL (that normally installs together with lighttpd, as a separate ipkg package). However, depending on your configuration, OpenSSL may be looking for its openssl.cnf in the wrong place (mine was found in "/opt/share/openssl/openssl.cnf"). If so, add "-config /path/to/your/openssl.cnf" to the openssl req parameters, as shown below:
cd /etc/lighttpd/certs openssl req -config /opt/share/openssl/openssl.cnf -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes chmod 400 lighttpd.pem After having some interactive fun with OpenSSL you would find your own fresh and hot certificate (lighttpd.pem) in the /certs folder.
Second, open lighttpd.conf and add the following conditional to SSL socket,
$SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/opt/etc/lighttpd/certs/lighttpd.pem" } then restart the server.
And third, don't forget to forward port 443 in your TomatoUSB Firewall script (as described above).
From now on your server should respond to https requests. However, this setup will provide only proper encryption, and NOT authentication. More elaborate configurations of https scheme can be found at Lighttpd Wiki
You may also give a try to Built-In Self-Signed SSL Generator in TomatoUSB