Custom SSL cert with Merlin FW....

[mlai]

Hello,
Is there any way to use certs from SSL vendors with Merlin FW? I am on 378.56/378.55 and I had followed online tutorials for previous firmware versions of uploading cert.pem and key.pem to /etc via SSH.

The problem is that when httpd is restarted, it ignores the existing cert.pem and key.pem and regenerates a self-issued cert........

 

[RMerlin]

Try this old guide:

https://gist.github.com/davidbalbert/6815258

 

[mlai]

Thanks RMerlin. That's also the guide I followed. But note wheelq's comment there as well. Everytime we restart httpd, cert.pem and key.pem get overwritten by a cert self-issued by the router with the restart date and time........

Try this old guide:

https://gist.github.com/davidbalbert/6815258[/Q

Try this old guide:

https://gist.github.com/davidbalbert/6815258

 

[sasa1978]

100% working
http://www.rickygao.com/how-to-upload-ssl-certificate-to-asus-router/

 

[mlai]

OK. I did 3 extra steps:
1) remove the existing cert.pem, key.pem, server.pem from /etc before restart_httpd
2) chmod to read only after uploading custom cert.pem and key.pem
3) clear any existing crt in nvram by "nvram set https_crt_file="

Now everything is a-ok!

 

[scyto]

I did the chmod (i used WinSCP to copy the files and change the perms as i hate all that mucking about on the command line).
I also note that a reboot wasn't needed and that the browser detected the new cert on the final restart_httpd
I also copied my keychain.pem over too.
I didn't remove the server.pem and it seems to work without needing to remove that

Thanks for the links and hints - worked well.

--edit-- after changing the admin pwd the old self signed cert returned and the cert.pem and key.pem reverted to the old one. I think solution may be to deleted the server.pem.