banner
miaoer

miaoer

喵二の小博客 xLog 分站
tg_channel
telegram
HomeArchives

Install SSL Certificate for OpenWrt

#软路由#Openwrt64
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This text discusses how to set up an SSL certificate for Openwrt. The author explains that it is not difficult to do and does not require compiling OpenSSL. They recommend using a free SSL certificate from a service called "Goose Cloud" with an encryption algorithm of ECC 256. The author provides instructions for downloading the certificate and uploading it to the Openwrt firmware. They also explain how to modify the uhttpd configuration file to use the new certificate. The author suggests testing the setup both on the local network and from the internet, and mentions the importance of port forwarding and DDNS for external access.

It's useless to watch the intranet, but it's not necessarily the case when accessing the internet.

It is not as difficult as imagined to add an SSL certificate to Openwrt. I didn't compile OpenSSL in my firmware, and I don't need it. When testing, I compiled it on the fly with default access via HTTPS. It feels a bit meaningless to enable it in the official version without using the intranet.

To add an SSL certificate to Openwrt, you first need an SSL certificate. Here I use Goose Cloud (which provides free SSL certificates). I applied for an ECC 256 encryption algorithm certificate.

image

Download; select Nginx as the certificate server type, and only need the key .key and certificate .crt files from the compressed package.

Use the built-in system-file management of the firmware to find a place to put it. Here I choose /www and upload the two files to the selected extraction location.

Use the command to check if the upload is successful cd /www && ls

If the firmware does not have file management, you can use your handy ssh tool to upload it. Here is a demonstration of the command in the Windows terminal scp C:\Users\[user]\Desktop\****.crt [email protected]:/www for reference only.

Use vim to modify vi /etc/config/uhttpd

config uhttpd 'main'
        list listen_http '0.0.0.0:80'
        list listen_http '[::]:80'
        list listen_https '0.0.0.0:443'
        list listen_https '[::]:443'
        option redirect_https '0'
        option home '/www'
        option rfc1918_filter '1'
        option max_connections '100'
        option cert '/etc/uhttpd.crt'
        option key '/etc/uhttpd.key'

Replace /etc/uhttpd.crt in option cert '/etc/uhttpd.crt' with /www/****.crt
Replace /etc/uhttpd.key in option cert '/etc/uhttpd.key' with /www/****.key

If you have a public IP, you can check if the ISP has blocked port 443. If so, change 443 to your preferred port and replace '0.0.0.0:443' in list listen_https '0.0.0.0:443' with your preferred port.

Save Esc, Shift + ;(:) type wq to exit vim (:wq)

Then restart uhttpd /etc/init.d/uhttpd restart

Test both the intranet and the internet, and remember to do port mapping and DDNS domain name resolution. Guangyi IPv6 has no restrictions and can be accessed normally on port 443.

That's how you successfully add the certificate.

image

This article is synchronized and updated to xLog by Mix Space
The original link is https://www.miaoer.xyz/posts/network/openwrt-ssl

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.