Hello Small Net Builders! Sorry, first post and it's a long one.
While I am no stranger to networking and router configuration I have never had to deal with https before and the installation of SSL certificates has me baffled. I am hoping to find some help here.
The goal is to allow secure client access via the Internet to a USB hard drive plugged into the router. Access could be either a browser or an FTP client.
My setup is as follows. The router is an Asus RT-AC5300 currently running Merlin's firmware (version 380.67). This is plugged into a Netgear ProSAFE GS108T smart switch, with various other devices attached including my workstation running a Linux distro. No other routers in the system.
Connected to the AC5300 is an USB hard drive (1TB). It is my ambition to have a small handful of clients access this drive from the Internet for the purpose of downloading or viewing various information files, and uploading files for my perusal. There will be no more than 8 clients authorized for access and individual file sizes will not exceed 10 MB. The processing power of the AC5300 seems more than sufficient for this purpose and all is set up and working via AiCloud - Cloud Disk. Smart Access and Smart Sync are turned off.
Access to the drive site from the Internet is through an asuscomm domain configured through the DDNS client in the router. Works great. In the USB Application tab AiDisk is active and under Media Service and Servers Network Place (Samba) Share / Cloud Disk is turned on, as is FTP Share. Client access privileges are defined here. No Guest access is allowed. UPnP is turned off. As stated, all this is working well.
HOWEVER, anyone accessing the site is warned that it is insecure, will infect your computer, steal your identity and probably kill babies. This does not instill confidence in my clients.
Since client login is via user name and password, and since this interface is exposed to the Internet, an encrypted https connection on port 443 of the router is desired to protect the user name and password. This is where my problems begin.
Following various instructions on the web I set up an Apache server on my workstation, redirected port 443 from the router to it, and installed a LetsEncrypt certificate chain. Port 443 was then un-redirected. Https login was activated via the router'sGUI. I cut and pasted the key and cert files (via SSH) from the server into the .pem files on the router. All seemed to go well until I restarted the router and all hell broke loose.
First, the installation didn't work. No https connection. Then this installation absolutely toasted my wi-fi setup, first slowing it down and then preventing Internet access from all the wireless connections. Then it would log them out and prevent re-connection. No amount of fiddling, undoing or resetting would restore the wireless connections. A full reset and re-installation of the firmware was required to regain wi-fi operations. (Note: this was using ASUSWRT firmware).
After three slightly varying attempts at this, all with the same result, I decided to give the Merlin firmware a chance. 30/30/30 reset and a trouble free flash. I have used Merlin's firmware in the past on an N66U and liked it, so thought it worth a try.
So now I have the router completely reconfigured including an OpenVPN server and client using a router generated certificate. Everything I want is working and tested EXCEPT for the https connection to access the files. All current settings are saved, and the info on the USB hard drive is backed up.
Other possibly pertinent info: Port 80 coming in from the 'net is forwarded by the router to a small informational website running on another machine on the LAN. Again, this works well.
BUT I am now a little gun shy. It is clear that I don't have the foggiest clue what I am doing when it comes to installing the SSL certificates. So before I toast my router yet again, I thought it prudent to come here and ask for advice.
Has anyone here successfully installed SSL certificates (on the AC5300 or similar) to work with AiCloud / Cloud Disk access via DDNS? If so what procedures were used? Has anyone else seen the installation process interfere with the wireless functionality? I'm so close to finishing this project, but so far away ...
Thank you in advance for any information or opinions you may have to offer.
Sharptail
While I am no stranger to networking and router configuration I have never had to deal with https before and the installation of SSL certificates has me baffled. I am hoping to find some help here.
The goal is to allow secure client access via the Internet to a USB hard drive plugged into the router. Access could be either a browser or an FTP client.
My setup is as follows. The router is an Asus RT-AC5300 currently running Merlin's firmware (version 380.67). This is plugged into a Netgear ProSAFE GS108T smart switch, with various other devices attached including my workstation running a Linux distro. No other routers in the system.
Connected to the AC5300 is an USB hard drive (1TB). It is my ambition to have a small handful of clients access this drive from the Internet for the purpose of downloading or viewing various information files, and uploading files for my perusal. There will be no more than 8 clients authorized for access and individual file sizes will not exceed 10 MB. The processing power of the AC5300 seems more than sufficient for this purpose and all is set up and working via AiCloud - Cloud Disk. Smart Access and Smart Sync are turned off.
Access to the drive site from the Internet is through an asuscomm domain configured through the DDNS client in the router. Works great. In the USB Application tab AiDisk is active and under Media Service and Servers Network Place (Samba) Share / Cloud Disk is turned on, as is FTP Share. Client access privileges are defined here. No Guest access is allowed. UPnP is turned off. As stated, all this is working well.
HOWEVER, anyone accessing the site is warned that it is insecure, will infect your computer, steal your identity and probably kill babies. This does not instill confidence in my clients.
Since client login is via user name and password, and since this interface is exposed to the Internet, an encrypted https connection on port 443 of the router is desired to protect the user name and password. This is where my problems begin.
Following various instructions on the web I set up an Apache server on my workstation, redirected port 443 from the router to it, and installed a LetsEncrypt certificate chain. Port 443 was then un-redirected. Https login was activated via the router'sGUI. I cut and pasted the key and cert files (via SSH) from the server into the .pem files on the router. All seemed to go well until I restarted the router and all hell broke loose.
First, the installation didn't work. No https connection. Then this installation absolutely toasted my wi-fi setup, first slowing it down and then preventing Internet access from all the wireless connections. Then it would log them out and prevent re-connection. No amount of fiddling, undoing or resetting would restore the wireless connections. A full reset and re-installation of the firmware was required to regain wi-fi operations. (Note: this was using ASUSWRT firmware).
After three slightly varying attempts at this, all with the same result, I decided to give the Merlin firmware a chance. 30/30/30 reset and a trouble free flash. I have used Merlin's firmware in the past on an N66U and liked it, so thought it worth a try.
So now I have the router completely reconfigured including an OpenVPN server and client using a router generated certificate. Everything I want is working and tested EXCEPT for the https connection to access the files. All current settings are saved, and the info on the USB hard drive is backed up.
Other possibly pertinent info: Port 80 coming in from the 'net is forwarded by the router to a small informational website running on another machine on the LAN. Again, this works well.
BUT I am now a little gun shy. It is clear that I don't have the foggiest clue what I am doing when it comes to installing the SSL certificates. So before I toast my router yet again, I thought it prudent to come here and ask for advice.
Has anyone here successfully installed SSL certificates (on the AC5300 or similar) to work with AiCloud / Cloud Disk access via DDNS? If so what procedures were used? Has anyone else seen the installation process interfere with the wireless functionality? I'm so close to finishing this project, but so far away ...
Thank you in advance for any information or opinions you may have to offer.
Sharptail
Last edited: