Menu
What's new
By:
Filters Better Search

Custom SSL certificate

  • Thread starter Deleted member 19827
  • Start date

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Deleted member 19827

Guest
Hi there


Model: RT-AC66U
Firmware:3.0.0.4.374.32 (Merlin build)

I have a question regarding custom ssl certificate for HTTPS connections. Is it possible to add my own certificate to my router permanently? If it is possible what steps are required to do so?

Many thanks in advance.


Regards DR_HAMMER
 
DR_HAMMER said:
Hi there


Model: RT-AC66U
Firmware:3.0.0.4.374.32 (Merlin build)

I have a question regarding custom ssl certificate for HTTPS connections. Is it possible to add my own certificate to my router permanently? If it is possible what steps are required to do so?

Many thanks in advance.


Regards DR_HAMMER
Click to expand...


I think there might be some confusion on what you are trying to do and how your router comes into play, at least for me there is confusion.

If you could give us some more details of what your goal is, this group can probably get you headed in the right direction.
 
Last edited:
I'm sorry for the confusion. I hope this will clarify it.

I would like to replace the auto generated ssl certificate from the HTTPS webserver:

ssl71s19.jpg


With a free signed certificate from https://www.startssl.com error messages like this would disappear:

ssl23bsey.jpg


I found something similar so far, but it doesn't seem to work: http://tomatousb.org/tut:use-ssl-certificate-for-wan-admin


Thanks a lot.

Regards
DR_HAMMER
 
Last edited by a moderator:
A self signed certificate (or email only validated cert) will give that error 100% of the time because the certificate is saying "I'm Xyz website, trust me." The whole CA concept works because of the "web of trust" system where a certificate can say "I'm Xyz website, but you don't have to take my word for it, ask any of these other CAs you already know & trust."

To have a URL that is trusted widely by browsers (and not be giving warnings like in the URL you provided), well first I don't think you could get one behind a dynamic IP in a SOHO/home setup. I have one that's already paid for at my registrar but I've never used it because I don't have a domain I own somewhere that runs the seriously professional level server backend that that specific cert integrates with.
 
You can't purchase a certificate signed for an IP. It has to be for a CN within a domain name, with you proving you have ownership of that domain.
 
RMerlin said:
You can't purchase a certificate signed for an IP. It has to be for a CN within a domain name, with you proving you have ownership of that domain.
Click to expand...

Oh mine is registered, in fact I am the master of my domain.

;)

thx merlin, so ya - owning a domain and proving you own it (with usually a combination of paperwork and putting files on its server) is a good place to start.
 
I do have all prerequirements like a domain. In apache2 I would just put the path of my certificates but I don't know how to configure this webserver.

The config file would look something like that:

http://www.startssl.com/?app=21

So is it really not possible to add custom certificates to this webserver of my router?
 
Officially, not. However there is still some leftover code from the Tomato days where the httpd daemon tries to use a certificate saved in the https_crt_file nvram var - no idea if that code is still working or is just dead code not used anywhere else. The code can be found in start_ssl() in router/httpd/httpd.c. Someone would need to take a look to see if it's working and/or usable.
 
troycarpenter said:
I found this on the web that worked for me:

https://gist.github.com/davidbalbert/6815258

However, note that until I rebooted the router, I got a "not found" error page. After rebooting, I got the green lock in my web browser and no annoying "Site not trusted" page.
Click to expand...

He's running httpd from /tmp/home/root, which won't work - httpd uses the current work directory for its web content.

The proper way would be to restart the httpd service rather than killing and running it from the shell.

Code: 
service restart_httpd
 
You must log in or register to reply here.

Similar threads

M
Importing own certificate broken on 3004.388.6 ?
Replies
9
Views
813
RMerlin
RMerlin
L
Custom DDNS vs Drop Down List for Same Provider
Replies
3
Views
335
lukehjo
lukehjo
TheAccountOfTeo997
Router using wrong Certificate after update to 3004.388.6
Replies
7
Views
739
Jeffrey Young
J
T
How to add SSL cert?
Replies
0
Views
476
trevor68
T
XIYO
Question on Setting up Scheduler for Wildcard Certificates and DDNS in Asuswrt-Merlin
Replies
5
Views
843
Jeffrey Young
J
Similar threads
Thread starter Title Forum Replies Date
K Solved How to insert a startup script for Merlin custom scripts Asuswrt-Merlin 16
P dnsmasq custom domain doesn't work on windows 10 Asuswrt-Merlin 1
Maverickcdn hostapd custom config Asuswrt-Merlin 4
L Custom DDNS vs Drop Down List for Same Provider Asuswrt-Merlin 3
icanfly custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS Asuswrt-Merlin 2
K Lower refresh rate for custom DDNS update on failure, do avoid update loop Asuswrt-Merlin 0
J Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config Asuswrt-Merlin 2
P Custom DNS for Guest Network Possible? Asuswrt-Merlin 15
tRiFFiD Custom DDNS not auto updating Asuswrt-Merlin 1
Gary_Dexter Custom WAN DNS not working Asuswrt-Merlin 35

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 701 (members: 22, guests: 679)
Top