Store https certificate in NVRAM

Discussion in 'Asuswrt-Merlin' started by adolchristin, Feb 28, 2013.

  1. adolchristin

    adolchristin New Around Here

    Joined:
    Feb 28, 2013
    Messages:
    8
    First of all I'm a recent convert to merlinwrt and I must say that I think it's fantastic.

    Is there a way to store the certificate for https in NVRAM so it's not regenerated at boot every time?
     
  2. sabot105mm

    sabot105mm Regular Contributor

    Joined:
    Feb 1, 2013
    Messages:
    52
  3. adolchristin

    adolchristin New Around Here

    Joined:
    Feb 28, 2013
    Messages:
    8
    I'm not quite sure I understand. So once I have this certificate stored in jffs how do I use it to override the https server certificate in merlin wrt?
     
  4. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    Yeah, how would I set httpd to use this certificate instead of the auto-generated, self-signed one? I want to replace it with one that's trusted on my computers. I don't think it's in the NVRAM anywhere. "nvram show|grep CERTIFICATE" only brought up my VPN certificates. It doesn't look like the process has any more files open:

    Code:
    admin@RT-AC66U:~# ls -l /proc/`ps | grep 'httpd -s' | awk '{print $1}' | head -1`/fd/*
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/0 -> /dev/null
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/1 -> /dev/null
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/10 -> /tmp/Semaphore3
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/11 -> /tmp/Semaphore3
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/12 -> socket:[1641]
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/13 -> socket:[1728]
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/2 -> /dev/null
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/3 -> /dev/nvram
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/4 -> /tmp/Semaphore0
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/5 -> /tmp/Semaphore0
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/6 -> /tmp/Semaphore1
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/7 -> /tmp/Semaphore1
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/8 -> /tmp/Semaphore2
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/9 -> /tmp/Semaphore2
    
    I can't figure out what the Semaphore files are for... they all have a 0 byte size.
     
    Last edited: Jun 18, 2013
  5. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    I figured out the default locations for the certificate. It's the same as dd-wrt (I'm guessing the same http server is used).

    Put your certificate and key in /jffs/keys. Then add the following to /jffs/scripts/services-start
    Code:
    mv /tmp/etc/key.pem /tmp/etc/key.pem.bak
    mv /tmp/etc/cert.pem /tmp/etc/cert.pem.bak
    cp /jffs/keys/key.pem /tmp/etc/key.pem
    cp /jffs/keys/cert.pem /tmp/etc/cert.pem
    service restart_httpd
    
     

Share This Page