Enable HTTPS

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product but using self-signed certificate. It's an easy way but at least with 2 drawbacks:

• web navigators will ask for a security exception
• certificates are valid only for 365 days

1. Regenerate the self-signed certificate:
   • /etc/init.d/lighttpd gen_certificate
2. Activate the 01-ssl-selfsigned configuration on lighttpd :
   • cp /etc/lighttpd.d/01-ssl-selfsigned.conf.sample /etc/lighttpd.d/01-ssl-selfsigned.conf
3. Restart the lighttpd service
   • /etc/init.d/lighttpd restart
4. Connect to the web interface: https://your_product_name/
   • ex: https://klk-wifc-020003/

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product with a full chained certification. It's the most secured way but you need to have a DNS entry pointing to your product and the associated certificates provided from a Certificate Authority (like Let's Encrypt).

1. Create the certificates directory:
   • mkdir -p /etc/lighttpd/certs/
2. Copy of this directory the 2 following files (file names must be respected)
   • pkcert.pem: the certificate with private key. The certificate MUST include the private key in the same pem file. If it is in 2 separate files (cert.pem and privkey.pem), you need to merge them using this command: cat cert.pem privkey.pem > pkcert.pem
   • chain.pem: CA file
3. Activate the 01-ssl-fullchain.conf configuration on lighttpd :
   • cp /etc/lighttpd.d/01-ssl-fullchain.conf.sample /etc/lighttpd.d/01-ssl-fullchain.conf.conf
4. Restart the lighttpd service
   • /etc/init.d/lighttpd restart
5. Connect to the web interface: https://FQDN_of_the_product/
   • ex: https://myboard.mydomain.com/