Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Store https certificate in NVRAM

Discussion in 'Asuswrt-Merlin' started by adolchristin, Feb 28, 2013.

  1. adolchristin

    adolchristin New Around Here

    Joined:
    Feb 28, 2013
    Messages:
    8
    First of all I'm a recent convert to merlinwrt and I must say that I think it's fantastic.

    Is there a way to store the certificate for https in NVRAM so it's not regenerated at boot every time?
     
  2. sabot105mm

    sabot105mm Regular Contributor

    Joined:
    Feb 1, 2013
    Messages:
    52
  3. adolchristin

    adolchristin New Around Here

    Joined:
    Feb 28, 2013
    Messages:
    8
    I'm not quite sure I understand. So once I have this certificate stored in jffs how do I use it to override the https server certificate in merlin wrt?
     
  4. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    Yeah, how would I set httpd to use this certificate instead of the auto-generated, self-signed one? I want to replace it with one that's trusted on my computers. I don't think it's in the NVRAM anywhere. "nvram show|grep CERTIFICATE" only brought up my VPN certificates. It doesn't look like the process has any more files open:

    Code:
    [email protected]:~# ls -l /proc/`ps | grep 'httpd -s' | awk '{print $1}' | head -1`/fd/*
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/0 -> /dev/null
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/1 -> /dev/null
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/10 -> /tmp/Semaphore3
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/11 -> /tmp/Semaphore3
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/12 -> socket:[1641]
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/13 -> socket:[1728]
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/2 -> /dev/null
    lrwx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/3 -> /dev/nvram
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/4 -> /tmp/Semaphore0
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/5 -> /tmp/Semaphore0
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/6 -> /tmp/Semaphore1
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/7 -> /tmp/Semaphore1
    lr-x------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/8 -> /tmp/Semaphore2
    l-wx------    1 admin    root            64 Jun 18 02:27 /proc/557/fd/9 -> /tmp/Semaphore2
    
    I can't figure out what the Semaphore files are for... they all have a 0 byte size.
     
    Last edited: Jun 18, 2013
  5. ingenium

    ingenium Occasional Visitor

    Joined:
    Jan 22, 2013
    Messages:
    10
    I figured out the default locations for the certificate. It's the same as dd-wrt (I'm guessing the same http server is used).

    Put your certificate and key in /jffs/keys. Then add the following to /jffs/scripts/services-start
    Code:
    mv /tmp/etc/key.pem /tmp/etc/key.pem.bak
    mv /tmp/etc/cert.pem /tmp/etc/cert.pem.bak
    cp /jffs/keys/key.pem /tmp/etc/key.pem
    cp /jffs/keys/cert.pem /tmp/etc/cert.pem
    service restart_httpd
    
     

Share This Page