Apresa - HTTPS custom certificate.txt
===========================================

Apresa can create a self-signed certificate, but these will generate a browser warning.
To avoid this, a signed certificated must be obtained from a trusted certificate authority.
A certificate can be installed into Apresa using the command line.
Apresa uses the lighttpd web server.

To use a custom certificate, what Apresa needs is a PEM file,
containing both the private key, and the certificate.
This .pem file needs to be stored on the server.
The PEM file has this expected format:
-----BEGIN RSA PRIVATE KEY-----
......
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
It might be that the key is already generated,
or that the key is stored encrypted in another container format.
Apresa has `openssl` installed, a program that can be used to
convert files between different formats.
Use SFTP (filezilla) to transfer files to/from the Apresa.
Use Putty to place it in the right directory.
Suggested file name /etc/lighttpd/cert/myserver.pem

The web server needs to be configured to use this file.
Open or create /etc/lighttpd/conf-enabled/server-cert.conf
Its content should be like this:

$SERVER["socket"] == ":443"  {
  ssl.engine = "enable"
  ssl.ca-file = "/etc/lighttpd/cert/ca.crt"
  ssl.pemfile = "/etc/lighttpd/cert/myserver.pem"
}

The ca-file entry is needed in cases where the intermediate CA is not trusted in the browser.

Restart the web service to let changes take effect:
service lighttpd restart

References:
- https://www.digicert.com/ssl-certificate-installation-lighttpd.htm