What's new

Seems GUI goes more smoother with personal SSL

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ganfye83

New Around Here
Hi All,

I'm not sure this issue has already been mentioned, I do notice the Asus web GUI interface is very slow and laggy when I browse with https://192.168.xxx.1:8443 (My primary XT8 node router IP). Sometimes pages can go very funny with the messy interface and have to force a refresh.
I have registered the DDNS with a subdomain of "asuscomm.com" at the beginning with "Let's Encrypt", but also not so smooth with the GUI.
Thus I have tried with "Personal" importing my own certificate purchase from ssls.com (Like 5$ per year for 4 years). And after that very noticeable performance on the GUI page loads.
I'm not sure if it is my personal certificates that make my browser more trust or I put my subdomain of xxx.asuscomm.com into my PC hosts (Pointing to 192.168.xxx.1) file and access the web GUI via https://xxx.asuscomm.com:8443.
When I access https://xxx.asuscomm.com:8443 with my personal SSL, it seems very smooth, loading of the page is also like a split second.

Just to share how I make the personal certificate from ssls.com:
1. Purchase the cheapest SSL certificate I can find (for now ssls.com)
2. Activate from ssls.com, and generate the key from ssls.com; download and save the "key" as a ".key" file.
3. Follow the instruction from ssls.com and choose the activate via HTTP with saving a file from ssls.com to your "domain" (this case xxx.asuscomm.com).
4. Because we cannot access the default web service in the Asus router (tried with ssh), what I did is temporarily enable a NAT port forwarding to my PC with port 80 (normal HTTP service) and my PC enable IIS.
5. I follow the instruction from ssls.com to create a ".well-known/pki-validation" folder under my PC's IIS webroot folder; temporarily disable my PC firewall for port 80 and enable IIS web service.
6. From ssls.com, wait for the certificate to be activated, or you can manually "check status" to confirm if you can access the URL (http://xxx.asuscomm.com:80/.well-known/pki-validatio/<xxxxxxxfilefromssls.com>.txt
7. Once approved, I received the ".crt" file from "Sectigo RSA Domain Validation Secure Server CA", and upload the ".crt" file along with the ".key" file (step 2) to the router, wait for the router to "apply settings".
8. Put a hosts file (c:\windows\system32\etc\drivers\hosts) which points my domain of "xxx.asuscomm.com" to 192.168.xxx.1.
9. Vala~, accessing https://xxx.asuscomm.com:8443, now is fast smooth and good speed in page loads, etc.
10. Remove NAT entry, turn off my PC IIS, done ^^

Maybe accessing the web GUI with port 80 is better, but I'm trying to make use of the "AiProtection" to look all "green".
That's all... Wish all of you have a great day onward, stay safe and be protected.

Charlie
 
You could have achieved the same thing by choosing the option in the GUI for the router to create its own Webui SSL Certificate and then importing that into your PC's certificate store.
 
You could have achieved the same thing by choosing the option in the GUI for the router to create its own Webui SSL Certificate and then importing that into your PC's certificate store.

I see, should have tried it, I'm also not sure if it was caused by my PC's BitDefender software, it's kind of hard to "trust" certificates from my own generated cert.
 
Close this access from WAN and use OpenVPN server to access your GUI. You don't need to purchase any certificates.
If I want to access the router outside my house I'm using the inbuild "Asus Instant Guard" VPN, but for LAN access...
 
I don't know what are you using, but you can do the same without any certificate purchases and https, on almost any Asus router.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top