Certificate Help

[abescalamis]

I wanted to know if you guys now where can I get certificates to put in the router, so every time I access it from the web browser by WAN, it doesn't tell me that the server that I'm trying to access is not safe. I know that I can get the self signed certificate from the router and install it on my computer, But if I use a different computer it will still say that.

Merlin Firmware has the option to import 3 certificates, do you now a site where I can get them?

 

[RMerlin]

I wanted to know if you guys now where can I get certificates to put in the router, so every time I access it from the web browser by WAN, it doesn't tell me that the server that I'm trying to access is not safe. I know that I can get the self signed certificate from the router and install it on my computer, But if I use a different computer it will still say that.

Merlin Firmware has the option to import 3 certificates, do you now a site where I can get them?

You need to own your own domain name to be able to purchase a valid certificate. It won't work with DDNS.

 

[scyto]

Ta

I wanted to know if you guys now where can I get certificates to put in the router, so every time I access it from the web browser by WAN, it doesn't tell me that the server that I'm trying to access is not safe. I know that I can get the self signed certificate from the router and install it on my computer, But if I use a different computer it will still say that.

Merlin Firmware has the option to import 3 certificates, do you now a site where I can get them?

You need to do several things.

1. Buy a domain name
2. Have the DNS for that domain registered with someone like noip or dyndys
3. have the DNS entries point to your router and have ports open to the machine you want to generate the certs on
4. then use this thread http://www.snbforums.com/threads/ho...ate-on-https-web-interface.31322/#post-248395

You can use dynamic DNS. My asus router updates my own owned DNS at dyndns.com; i happen to have a godaddy cert as the letsencrypt certs only last 30 days. You will need the key.pem, then chain.pem and the cert.pem file from whatever service you choose to supply your certs.

 

[Nullity]

You can create your own Certificate Authority and sign the created certs then load the CA and/or self-signed cert into your own browser.

 

[scyto]

You can create your own Certificate Authority and sign the created certs then load the CA and/or self-signed cert into your own browser.

I like your sig - you are not wrong but that is the super complicated way to do it - especially if you are planning to use mobile devices where it is a pain to install certs and i am unclear the OP wants to go on that journey (but if he does, more power to him!). The advantage of paying the small amount you need to get a real domain name and then using something like lets encrypt is cheap and simple (at least in my eyes). Also i am hoping that eventually merlin will include GUI for requesting certs and updating certs. Synology just added this to their DSM 6 and it is a boon of simplicity.

 

[Nullity]

I like your sig - you are not wrong but that is the super complicated way to do it - especially if you are planning to use mobile devices where it is a pain to install certs and i am unclear the OP wants to go on that journey (but if he does, more power to him!). The advantage of paying the small amount you need to get a real domain name and then using something like lets encrypt is cheap and simple (at least in my eyes). Also i am hoping that eventually merlin will include GUI for requesting certs and updating certs. Synology just added this to their DSM 6 and it is a boon of simplicity.

(Thanks, regarding my sig.)

Personally, I prefer free, partly because of lack of expense and partly because of the knowledge gained.

In agreement with you, using openssl's CLI to create & self-sign certs was one of the most arduous & confusing activities I have ever encountered. Honestly nightmarish... so, yeah, alternatives are very likely better.

 

[scyto]

yeah i get that, i once setup full MS AD with CA many years ago, but because i couldn't get a root CA cert for my root CA for anything but silly prices i decided it was just as easy to import self signed certs into the different browsers. I am hoping that letsecrypt will eventually be fully automatable in terms of enrollment, renewal, CRLs etc across all sorts of devices and services... here's hoping... then we just need a community DNS server....