Menu
What's new
By:
Filters Better Search

CSR Certificate Generation

A

AdrianH

Occasional Visitor
Hi All,

Is there a "easy" way to generate a CSR for a SSL certificate that can be used on my Asus-RTAX88U router.

I just want to buy a 5 year Positive SSL from Comodo to use with my domain currently setup at Google Domains (that is currently setup in DDNS), but Comodo and probably all others want a CSR.

I currently use ZeroSSL but they can "Auto-Generate CSR" which is nice.

Any ideas?
 
dave14305

dave14305

Part of the Furniture
Can you follow any internet guide to generate a CSR using openssl at the command line?
 
A

AdrianH

Occasional Visitor
Yeah, I can give it a go :)

I found this but I don't think this is the same as this is self-signed.

www.snbforums.com

Create and install a Root CA and self-signed SSL certificate

If you use official Asus firmware on your router and you want a secure connection to your router from ANY random computer, you have no other option than to install a certificate that was issued by an official/public certificate authority like Let's Encrypt. The downside of free certificates...
www.snbforums.com www.snbforums.com
 
dave14305

dave14305

Part of the Furniture
What about something like this?

help.comodosslstore.com

Apache OpenSSL

CSR Generation Instructions The following instructions will guide you through the CSR generation process on Apache OpenSSL. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request ar...
help.comodosslstore.com help.comodosslstore.com

Just be sure to save the files to /jffs or USB so you don’t lose them on a reboot.
 
A

AdrianH

Occasional Visitor
@dave14305

I managed to generate a CSR with that link you posted. Did take a little tweaking, but will post what I did below.

Firstly, I created a file in the tmp folder on the router named altnames.cnf. This file was then populated with the below which had the details of the certificate I needed. mydomain.com is just an example domain, use your own, along with your own regional/org details.

Code: 
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = GB
ST = Essex
L = MyHomeTown
O = Private
OU = Private
CN = home.mydomain.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = home.mydomain.com
DNS.2 = mydomain.com

I than ran the following command while in that same folder as above (note the filename at end of the command):

Code: 
openssl req -new -newkey rsa:2048 -nodes -keyout home.mydomain.com.key -out home.mydomain.com.csr -config altnames.cnf

This then generated the CSR and private key in the tmp folder. I could then use the home.mydomain.com.csr to generate a certificate at your SSL provider (mine being https://cheapsslsecurity.co.uk) by just copying the text directly out of the CSR file. After validating the domain by adding a cname to my domain, the certificate was available for download.

Upon uploading the SSL certificate, I could upload to the router. You will need to upload the private key file, namely the home.mydomain.com.key file. And then you upload the certificate from the provider, and Bob's your uncle!


1657035888653.png
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
X Webui SSL Certificate - ECDSA certificate Asuswrt-Merlin 4
S Let's Encrypt uses FQDN for certificate Asuswrt-Merlin 24
XIII Let's Encrypt R3 certificate (used for router web interface) expired; how to fix? Asuswrt-Merlin 1
S Solved webgui SSL certificate install script Asuswrt-Merlin 5
J No encrypt certificate not working with DDNS service Asuswrt-Merlin 26

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 539 (members: 40, guests: 499)
Top