====== Enable HTTPS ======

===== Reactivate self-signed certificate procedure =====

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product but using self-signed certificate. It's an easy way but at least with 2 drawbacks:
  * web navigators will ask for a security exception
  * certificates are valid only for 365 days

==== Procedure ====

  - Regenerate the self-signed certificate:
    * ''/etc/init.d/lighttpd  gen_certificate''
  - Activate the 01-ssl-selfsigned configuration on lighttpd :
    * ''cp /etc/lighttpd.d/01-ssl-selfsigned.conf.sample /etc/lighttpd.d/01-ssl-selfsigned.conf''
  - Restart the lighttpd service
    * ''/etc/init.d/lighttpd restart''
  - Connect to the web interface: https://your_product_name/
    * ex: ''https://klk-wifc-020003/''

===== Activate full chained certificate procedure =====

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product with a full chained certification. It's the most secured way but you need to have a DNS entry pointing to your product and the associated certificates provided from a Certificate Authority (like Let's Encrypt).

==== Procedure ====

  - Create the certificates directory:
    * ''mkdir -p /etc/lighttpd/certs/''
  - Copy of this directory the 2 following files (file names must be respected)
    * pkcert.pem: the certificate with private key. The certificate MUST include the private key in the same pem file. If it is in 2 separate files (cert.pem and privkey.pem), you need to merge them using this command: ''cat cert.pem privkey.pem > pkcert.pem''
    * chain.pem: CA file
  - Activate the 01-ssl-fullchain.conf configuration on lighttpd :
    * ''cp /etc/lighttpd.d/01-ssl-fullchain.conf.sample /etc/lighttpd.d/01-ssl-fullchain.conf.conf''
  - Restart the lighttpd service
    * ''/etc/init.d/lighttpd restart''
  - Connect to the web interface: https://FQDN_of_the_product/
    * ex: ''https://myboard.mydomain.com/''