• In recent years many well known websites are now by default served through https (server on port 443 and includes encryption)
• CoovaChilli was originally only capturing http traffic (served on port 80 and does not include encryption)
• There are however some advanced features included with CoovaChilli which allow it to also capture traffic going to port 443.
• This document will go through the steps you have to go through to get it working with the MESHdesk / APdesk firmware.

• A server with a public IP Address and FQDN having NGINX configured with a signed certificate by a known Certificate Authority (CA)
• A LEDE build environment as stipulated in the page's parent document.
• In our example we use here we have a server with a FQDN of 01.radiusdeskhosted.com
• We followed the standard instructions from LetsEncrypt to obtain a certificate for NGINX. (https://letsencrypt.org/)

• Copy the fullchain.pem and privkey.pem files from the public server to machine with the LEDE build environment. (For the location of these files, consult your NGINX setup)
• Copy these files to the package/zzz-MESHdesk/files/MESHdesk/captive_portals/ folder.
• We rename fullchain.pem to cert.pem.
• We rename privkey.pem to key.pem.

cd ~/lede
#We assume the files are under the lede directory
cp  fullchain.pem ./source/package/zzz-MESHdesk/files/MESHdesk/captive_portals/cert.pem
cp  privkey.pem ./source/package/zzz-MESHdesk/files/MESHdesk/captive_portals/key.pem

• Edit the package/zzz-MESHdesk/files/MESHdesk/captive_portals/common.conf file. Adapt to your enviroment

#Change this to the value of the domain of the certificate we are using e.g. wifi-dashboard.com in our case (01.wifi-dashboard.com)
domain "wifi-dashboard.com" 
#Change the default to be the same as the servername where the certificate is issued e.g. 01 in our case (01.wifi-dashboard.com)
uamaliasname "01"
redirssl
uamuissl
sslkeyfile=/etc/MESHdesk/captive_portals/key.pem
sslcertfile=/etc/MESHdesk/captive_portals/cert.pem

• Issue the make menuconfig command under the ~/lede/source directory.
• Go and select Network → Captive Portal → coova-chilli → Configuration → SSL Library → OpenSSL
• Save the changes and issue a make command to complete a new build with the HTTPS support included with CoovaChilli.
• Next we will look at all the technical issues around our work we just completed.