AC5300 / FW: 380.62_1 - SSL Issues

[Inch]

Hi there,

Sorry if I'm possting in the wrong location.

However I'm trying to add my own fully signed SSL to my own router. Having followed this guide: https://www.rickygao.com.au/blog/how-to-upload-ssl-certificate-to-asus-router/
(sorry i hope im not breaking any rules posting an external link).

Upon following it and subsequently rebooting the device all .pem files key/cert's are reset to what seem to be defaults.

Is this a bug? Is it even supported anymore? Or is the above guide wrong in some way?

Thank you in advanced,
Inch

 

[Inch]

Is anyone able to assist regarding this matter please.

Thanks,

 

[HeMaN]

search and you can find

http://www.snbforums.com/threads/do...te-change-with-each-reboot.34554/#post-279267

 

[Inch]

Thank you very much sir!

Sorry tried searching it didn't yeild any results I'll give this a test tonight.

Once again cheers!

 

[HeMaN]

NP, hope this will fix your issue. Saw it is already mentioned in the guide you used (step 5).
check what the current value is, it must be 1
nvram get https_crt_save

If you do a check for the content of the file, you must get the values for your own certificate you pasted before when following that guide
nvram get https_crt_file

 

[john9527]

NP, hope this will fix your issue. Saw it is already mentioned in the guide you used (step 5).
check what the current value is, it must be 1
nvram get https_crt_save

If you do a check for the content of the file, you must get the values for your own certificate you pasted before when following that guide
nvram get https_crt_file

Actually, you can't check the contents of https_crt_file, since what gets stored is actually a tar of the cert and key.

But, if you have been trying this a few times, things may have gotten out of sync. Before you execute the 'service restart_httpd' step in the guide, also check that https_crt_gen is 0.

 

[Inch]

Hey again,

OK, so I even tried using winSCP to connect via SCP to my router and manually change the .pem contents with the one of my private key and certificate.
Instead of doing a cat >path/cert etc

I then used SSH to 'set https_crt_save=1' and 'set https_cert_gen=0' and then used 'nvram commit', restarted the httpd service. It then took the certs they WERE showing as valid. Immediately after reboot they revered again even though i set cert_gen to 0 and (i believe) committed it to nvram.

Any tips - anything I'm doing blatantly wrong?

Thanks once again,

 

[john9527]

set https_cert_gen=0

If not a typo...it's

https_crt_gen

not https_cert_gen

 

[Inch]

No was a typo sorry. I did it correctly via SSH.

 

[john9527]

No wasn't a typo sorry.

Still not sure if it will help, but worth a try

 

[Inch]

Re-checked to be sure, I re-did everything from scratch to confirm. Still wiping the pem files on reboot.