@KaiHerlemann Yes, @JJ-Fullmer is right there. The installer is not made to handle custom certificates properly yet. We never found the time to make this work reliably. But if you are good with managing this yourself you can still do it.
The whole topic is a bit complex due to the different tools and layers involved.
Basic web access to the web UI - just adjust Apache config as you like But along with that the iPXE boot loader is using HTTP/HTTPS to load the menu items. So if you switch to HTTPS you also need to compile your own iPXE binaries - not very hard: https://docs.fogproject.org/en/latest/development/fog-release/#ipxe (but use ./buildipxe.sh /path/to/your/CAcert.pem and skip the armsupport=1 if you don’t have ARM CPUs) Now this was the easy part. I started to write about the fog-client here but then realized I did so in the wiki already: https://wiki.fogproject.org/wiki/index.php?title=HTTPS#Custom_CA_and_certificatesI know, this is not ideal having to stich together the pieces from various sources and make up the rest yourself. So if you are keen we would appreciate if you document exactly what you do and we’ll add it to the official documents. That would be really great!
@KaiHerlemann said:
Usually we use ACME to create certificates.
I would not setup a FOG server open to the public. There are ways to get certificates through ACME without facing it to the web, e.g. opening ports only for the time of cert renewal on the firewall, doing cert renewal on a separate machine and copy those over and so on. Please consider wisely because FOG is not made to run on a public IP/hostname safely.
@JJ-Fullmer said:
I would suggest at install time NOT selecting ssl and then altering the config to use your custom certificate.
In the one hand I agree. Doing it this way you can go step by step. On the other hand if you do a fresh install (don’t if you have a running server) then I tend to suggest you enable SSL straight away because it will generate a SSL enabled Apache config for you and save you some time.