Table of Contents

Enable HTTPS

Reactivate self-signed certificate procedure

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product but using self-signed certificate. It's an easy way but at least with 2 drawbacks:

Procedure

  1. Regenerate the self-signed certificate:
    • /etc/init.d/lighttpd gen_certificate
  2. Activate the 01-ssl-selfsigned configuration on lighttpd :
    • cp /etc/lighttpd.d/01-ssl-selfsigned.conf.sample /etc/lighttpd.d/01-ssl-selfsigned.conf
  3. Restart the lighttpd service
    • /etc/init.d/lighttpd restart
  4. Connect to the web interface: https://your_product_name/

Activate full chained certificate procedure

This procedure will enable HTTPS access to HTTP REST API and web user interface of the product with a full chained certification. It's the most secured way but you need to have a DNS entry pointing to your product and the associated certificates provided from a Certificate Authority (like Let's Encrypt).

Procedure

  1. Create the certificates directory:
    • mkdir -p /etc/lighttpd/certs/
  2. Copy of this directory the 2 following files (file names must be respected)
    • pkcert.pem: the certificate with private key. The certificate MUST include the private key in the same pem file. If it is in 2 separate files (cert.pem and privkey.pem), you need to merge them using this command: cat cert.pem privkey.pem > pkcert.pem
    • chain.pem: CA file
  3. Activate the 01-ssl-fullchain.conf configuration on lighttpd :
    • cp /etc/lighttpd.d/01-ssl-fullchain.conf.sample /etc/lighttpd.d/01-ssl-fullchain.conf.conf
  4. Restart the lighttpd service
    • /etc/init.d/lighttpd restart
  5. Connect to the web interface: https://FQDN_of_the_product/