Menu
What's new
By:
Filters Better Search

Webui SSL Certificate - ECDSA certificate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

X

xwildx

Occasional Visitor
Hi @RMerlin

It would be nice to support Let’s Encrypt ECDSA certificate on the webui.

As noted by NIST, ECDSA certificates can provide comparable security strength with smaller key sizes than RSA. As a result, conducting TLS handshakes with ECDSA certificates requires less networking and computing resources making them a good option for IoT devices that have limited storage and processing capabilities.

Let’s Encrypt accepts RSA keys that are 2048, 3072, or 4096 bits in length and P-256 or P-384 ECDSA keys.
(See https://letsencrypt.org/docs/integration-guide/ )

In the best world, it would be nice to have those 2 settings :

1. For the key type
2. For the key size (which depend on the key type)

1643660999651.png



I'm not sure if this is a really easy addon but once this is added into the GUI, I think it only needs to be added in the gencert.sh to specify openssl which certificate it need to be generated.


Let me know what you think,


Best regards,
 
xwildx said:
Hi @RMerlin

It would be nice to support Let’s Encrypt ECDSA certificate on the webui.

As noted by NIST, ECDSA certificates can provide comparable security strength with smaller key sizes than RSA. As a result, conducting TLS handshakes with ECDSA certificates requires less networking and computing resources making them a good option for IoT devices that have limited storage and processing capabilities.

Let’s Encrypt accepts RSA keys that are 2048, 3072, or 4096 bits in length and P-256 or P-384 ECDSA keys.
(See https://letsencrypt.org/docs/integration-guide/ )

In the best world, it would be nice to have those 2 settings :

1. For the key type
2. For the key size (which depend on the key type)

View attachment 39126


I'm not sure if this is a really easy addon but once this is added into the GUI, I think it only needs to be added in the gencert.sh to specify openssl which certificate it need to be generated.


Let me know what you think,


Best regards,
Click to expand...
If you are creative enough, you could generate it your own via a script. I do generate both an rsa and ecdsa since nginx supports running multiple. However I switched to using Zerossl.
 
Let's Encrypt implementation is closed source, and outside of my control.

Beside, you would never be able to notice the performance difference. That might make a difference on a web server that gets thousands of simultaneous connections, not on a router that gets only one single user at once.
 
Thank you for the quick reply,

Yes, you're absolutely right, it will not make much performance difference (since it is a router),

If it's too much work, that definitely not worth it, I thought it was 2-3 lines of codes to generate the certificate using ECDSA instead of RSA.
 
xwildx said:
Thank you for the quick reply,

Yes, you're absolutely right, it will not make much performance difference (since it is a router),

If it's too much work, that definitely not worth it, I thought it was 2-3 lines of codes to generate the certificate using ECDSA instead of RSA.
Click to expand...
It probably would be, but since it is in closed source code, Rmerlin has no access to do such.
 
You must log in or register to reply here.

Similar threads

chengr28
ECC certificates are not working in WebUI
Replies
3
Views
2K
RMerlin
RMerlin
B
update dropbear or disable ssh-dss support?
Replies
17
Views
3K
Brockp
B
P
RT-AX88U - 388.2_2 - Previously Working VPN Client (NordVPN) no longer functions - Suggestions for NordVPN Working Settings July 2023
Replies
2
Views
2K
PC Pilot
P
Phantomski
Solved [SOLUTION] Let’s Encrypt + DDNS/WAN Admin Domain Certificate Expired / not auto-renewed
Replies
0
Views
3K
Phantomski
Phantomski
M
Create and install a Root CA and self-signed SSL certificate
Replies
8
Views
21K
Qwinn
Q
Similar threads
Thread starter Title Forum Replies Date
Skeptical.me DDNS>Webui SSL Certificate>Server Certificate: "Authorizing” Asuswrt-Merlin 8
G RESOLVED: Lost access to WebUI from LAN, SSH is working Asuswrt-Merlin 1
E WebUI not working - AX86U (latest Merlin firmware) Asuswrt-Merlin 5
z2vip AiCloud WebUI bug under 3004.388.6 Asuswrt-Merlin 3
A Asus 58U same ssl cert on Chrome iOS Asuswrt-Merlin 0
N HTTPS/SSL Certificate issue when using WWW.NAMECHEAP.COM in DDNS Asuswrt-Merlin 4
M DuckDNS DDNS with Let's Encrypt certificate Asuswrt-Merlin 1
M Importing own certificate broken on 3004.388.6 ? Asuswrt-Merlin 9
TheAccountOfTeo997 Router using wrong Certificate after update to 3004.388.6 Asuswrt-Merlin 7
J Why do I need a Let's Encrypt certificate? Asuswrt-Merlin 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 733 (members: 29, guests: 704)
Top