====== Enable HTTPS ====== ===== Reactivate self-signed certificate procedure ===== This procedure will enable HTTPS access to HTTP REST API and web user interface of the product but using self-signed certificate. It's an easy way but at least with 2 drawbacks: * web navigators will ask for a security exception * certificates are valid only for 365 days ==== Procedure ==== - Regenerate the self-signed certificate: * ''/etc/init.d/lighttpd gen_certificate'' - Activate the 01-ssl-selfsigned configuration on lighttpd : * ''cp /etc/lighttpd.d/01-ssl-selfsigned.conf.sample /etc/lighttpd.d/01-ssl-selfsigned.conf'' - Restart the lighttpd service * ''/etc/init.d/lighttpd restart'' - Connect to the web interface: https://your_product_name/ * ex: ''https://klk-wifc-020003/'' ===== Activate full chained certificate procedure ===== This procedure will enable HTTPS access to HTTP REST API and web user interface of the product with a full chained certification. It's the most secured way but you need to have a DNS entry pointing to your product and the associated certificates provided from a Certificate Authority (like Let's Encrypt). ==== Procedure ==== - Create the certificates directory: * ''mkdir -p /etc/lighttpd/certs/'' - Copy of this directory the 2 following files (file names must be respected) * pkcert.pem: the certificate with private key. The certificate MUST include the private key in the same pem file. If it is in 2 separate files (cert.pem and privkey.pem), you need to merge them using this command: ''cat cert.pem privkey.pem > pkcert.pem'' * chain.pem: CA file - Activate the 01-ssl-fullchain.conf configuration on lighttpd : * ''cp /etc/lighttpd.d/01-ssl-fullchain.conf.sample /etc/lighttpd.d/01-ssl-fullchain.conf.conf'' - Restart the lighttpd service * ''/etc/init.d/lighttpd restart'' - Connect to the web interface: https://FQDN_of_the_product/ * ex: ''https://myboard.mydomain.com/''