From 8ea3f0a00dee7d684013743ddb337d6bd5d9704a Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Mon, 25 Jan 2021 11:03:27 +0100 Subject: [PATCH] Updated SSL certificates (Quick Installer) (markdown) --- SSL-certificates-(Quick-Installer).md | 34 --------------------------- 1 file changed, 34 deletions(-) diff --git a/SSL-certificates-(Quick-Installer).md b/SSL-certificates-(Quick-Installer).md index a2e93b7..0228de9 100644 --- a/SSL-certificates-(Quick-Installer).md +++ b/SSL-certificates-(Quick-Installer).md @@ -1,37 +1,3 @@ This wiki page has been sunsetted in favor of [RaspAP Docs](https://docs.raspap.com/). You will find an updated page at: ### https://docs.raspap.com/ssl-quick/ - -___ - - -### Quick Install method - -The Quick Installer may be used to generate SSL certs with `mkcert`. The installer automates the manual steps [described here](https://github.com/billz/raspap-webgui/wiki/SSL-(Manual-steps)/), including configuring lighttpd with SSL support. It's recommended to review the [manual setup](https://github.com/billz/raspap-webgui/wiki/SSL-(Manual-steps)/) to get an idea of what is happening behind the scenes. - -Simply append the `-c` or `--cert` option to the Quick Installer, like so: - -`curl -sL https://install.raspap.com | bash -s -- --cert` - -**Note:** this only installs `mkcert` and generates an SSL certificate with the input you provide. It does _not_ (re)install RaspAP. - -![](https://i.imgur.com/980pfUG.gif) - -The advantage with this method is it generates valid certificates signed by your own private CA, rather than self-signed certificates. The Quick Installer does not automatically configure clients to trust the certificates, however — that's up to you. See the steps below. - -### Client configuration -Open a browser and enter the address: http://raspberrypi.local/rootCA.pem (this URL may be your IP address or a different hostname, depending on your unique setup). Download the root certificate to your client and add it to your system keychain. Examples below illustrate this process on OSX: - -![](https://i.imgur.com/RCJJPYL.png) - -Be sure to set this certificate to "Always trust" to avoid browser warnings. - -![](https://i.imgur.com/Lx8Plqi.png) - -Finally, enter the address https://raspberrypi.local in your browser. Enjoy an encrypted SSL connection to RaspAP. - -### Mobile devices -For the certificates to be trusted on mobile devices and remote clients, you will have to install the root CA using the method described above. Alternatively, on iOS, you can either use AirDrop or email the CA to yourself. After installing it, be sure to enable full trust. - -More advanced topics are [covered at mkcert](https://github.com/FiloSottile/mkcert#advanced-topics). - \ No newline at end of file