Description: The webserver service support both cleartext and encrypted transports, just like regular websites.

Follow the steps below to enable an HTTPS website on your Canary device.

Step 1: Generate your certificate and key

The encrypted website relies on regular certificates, so the first step is to obtain or create a certificate and key.

If you like, you can purchase a certificate or obtain one from your internal CA (if you have).

On the other hand, you can quickly generate a self-signed certificate to get up and running with this command (it requires the free OpenSSL tool):

$ openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=www.example.com"

This generates a certificate for "www.example.com", and outputs the key into key.pem, and the certificate into cert.pem. You can generate certificates for any hostname you wish.

With the certificate and key in hand, it's time to move onto Step 2.

Step 2:

Open the configuration page for the Canary you want to enable the HTTPS website on (if you need help getting to the configuration, see this.)

Step 3:

Scroll down to the "Webserver" section, and ensure that "Webserver" and "Secure website" are both checked.

Step 4:

Choose a port for the HTTPS webserver (443 is the standard).

Step 5:

Open the cert.pem file, copy the contents and paste into the Certificate field:

Step 6:

Open the key.pem file, copy the contents and paste into the Key field:

Step 7:

Click "Deploy new configuration" to push the new settings to your bird.