Menu
What's new
By:
Filters Better Search

certificate override feature request

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Calisro

Calisro

Senior Member
Merlin, would you consider allowing us to override the default certificate for https with our own by placing override config files in jffs/config? I've done what is in this link and it works but my problem is:

1) it takes a large amount of nvram to hold a quality cert and ca.
2) It would be nice if I have to factory reset, that it would pick up my new cert easily with my replaced jffs configs rather than messing with doing it manually.

reference:
https://gist.github.com/davidbalbert/6815258

I'm sure I can just hack my own startup script to fix it after a factory reset but the nvram issue remains.
 
After I typed this, I realized I can just add 3 lines to one of the startup scripts and its done without using nvram. This is probably safer than messing with asus's code.

cp /jffs/key.pem.home /etc/key.pem
cp /jffs/cert.pem.home /etc/cert.pem
service restart_httpd
 
good move - key is only 1024 bit RSA (.55 firmware)

can you point me to a good place where I can learn how to generate my own cert and key for this?
 
cosmoxl said:
good move - key is only 1024 bit RSA (.55 firmware)
can you point me to a good place where I can learn how to generate my own cert and key for this?
Click to expand...

Yes, you can use https://www.startssl.com/ to create a free certificate for a domain name that you own.

First, use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server. Then execute the following steps (if you use a class 2 certificate replace class1 by class2 in the instructions below):

Decrypt the private key by using the password you entered when you created your key:
openssl rsa -in /tmp/ssl.key -out /jffs/key.pem.home

Fetch the Root CA and Class 1 Intermediate Server CA certificates:
wget http://www.startssl.com/certs/sub.class1.server.ca.pem

Create a unified certificate from your certificate (downloaded from startssl) and the CA certificates:
cat ssl.crt sub.class1.server.ca.pem > /jffs/cert.pem.home

cp /jffs/key.pem.home /etc/key.pem
cp /jffs/cert.pem.home /etc/cert.pem
service restart_httpd
 
You must log in or register to reply here.

Similar threads

M
Importing own certificate broken on 3004.388.6 ?
Replies
9
Views
2K
RMerlin
RMerlin
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
811
nino_070
N
R
AC68U v386.9 - VPN server 1 - faulty connection
Replies
1
Views
1K
redbird71
R
Zigster
Trouble with Server Certificate for WebGUI
Replies
3
Views
1K
Zigster
Zigster
S
Solved webgui SSL certificate install script
Replies
5
Views
3K
sarmenator
S
Similar threads
Thread starter Title Forum Replies Date
N HTTPS/SSL Certificate issue when using WWW.NAMECHEAP.COM in DDNS Asuswrt-Merlin 4
M DuckDNS DDNS with Let's Encrypt certificate Asuswrt-Merlin 1
M Importing own certificate broken on 3004.388.6 ? Asuswrt-Merlin 9
TheAccountOfTeo997 Router using wrong Certificate after update to 3004.388.6 Asuswrt-Merlin 7
Skeptical.me DDNS>Webui SSL Certificate>Server Certificate: "Authorizing” Asuswrt-Merlin 8
J Why do I need a Let's Encrypt certificate? Asuswrt-Merlin 11
N Solved Unable to connect to VPN server with self-signed certificate Asuswrt-Merlin 0
F Several Questions Re:Asuswrt-Merlin Feature Implementation Asuswrt-Merlin 2
L Feature suggest: web notifications Asuswrt-Merlin 1
D Feature request: Two factor authentication web login. (TOTP) Asuswrt-Merlin 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 506 (members: 20, guests: 486)
Top