Skip to content

SSL certificates (installer)


The Quick Installer may be used to generate SSL certs with mkcert. The installer automates the manual steps described here, including configuring lighttpd with SSL support. It's recommended to review the manual setup to get an idea of what is happening behind the scenes.

Simply append the -c or --cert option to the Quick Installer, like so:

curl -sL | bash -s -- --cert

Note: this only installs mkcert and generates an SSL certificate with the input you provide. It does not (re)install RaspAP.

The advantage with this method is it generates valid certificates signed by your own private CA, rather than self-signed certificates. The Quick Installer does not automatically configure clients to trust the certificates, however — that's up to you. See the steps below.

Client configuration

Open a browser and enter the address: http://raspberrypi.local/rootCA.pem (this URL may be your IP address or a different hostname, depending on your unique setup). Download the root certificate to your client and add it to your system keychain. Examples below illustrate this process on OSX:

Be sure to set this certificate to "Always trust" to avoid browser warnings.

Finally, enter the address https://raspberrypi.local in your browser. Enjoy an encrypted SSL connection to RaspAP.

Mobile devices

For the certificates to be trusted on mobile devices and remote clients, you will have to install the root CA using the method described above. Alternatively, on iOS, you can either use AirDrop or email the CA to yourself. After installing it, be sure to enable full trust.

More advanced topics are covered at mkcert.