banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

Install SSL Certificate for OpenWrt

#软路由#Openwrt105
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
To set up an SSL certificate on OpenWrt, first obtain an SSL certificate (e.g., from a free provider like Goose Cloud). Download the certificate and key files, and upload them to the router using the file management system or SCP via SSH. Next, modify the uhttpd configuration file to point to the uploaded certificate and key files. If using a public IP, check if port 443 is blocked by your ISP; if so, change it to a preferred port. Save the changes and restart the uhttpd service. Finally, test the setup both internally and externally, ensuring proper port mapping and DDNS configuration.

There's no point in having a nice internal network; accessing it from the external network is another story.

Installing an SSL certificate on OpenWrt is not as difficult as imagined. My firmware does not compile OpenSSL and does not need to. During testing, I compiled it casually with default HTTPS access; the official version feels a bit lacking without enabling the internal network.

To install an SSL certificate on OpenWrt, you first need an SSL certificate. I used Goose Cloud here (I applied for a free SSL certificate inside, and I applied for one with the encryption algorithm ECC 256).

image

Download; select Nginx for the certificate server type, and you only need the key .key and the certificate .crt from the compressed package.

Use the built-in file management in the firmware to find a random place; I chose /www, upload the two files, select the extraction location, and execute the upload.

Check if the upload was successful with the command cd /www && ls

If the firmware does not have file management, you can use your handy SSH tool to upload via scp; here’s a demonstration of the command in Windows terminal scp C:\Users\【User】\Desktop\****.crt [email protected]:/www for reference.

Use vim to modify vi /etc/config/uhttpd

config uhttpd 'main'
        list listen_http '0.0.0.0:80'
        list listen_http '[::]:80'
        list listen_https '0.0.0.0:443'
        list listen_https '[::]:443'
        option redirect_https '0'
        option home '/www'
        option rfc1918_filter '1'
        option max_connections '100'
        option cert '/etc/uhttpd.crt'
        option key '/etc/uhttpd.key'

Replace /etc/uhttpd.crt in option cert '/etc/uhttpd.crt' with /www/****.crt
Replace /etc/uhttpd.key in option key '/etc/uhttpd.key' with /www/****.key

If you have a public IP, check if the ISP has blocked port 443; if so, change 443 to your preferred port and replace '0.0.0.0:443' in list listen_https '0.0.0.0:443' with your preferred port.

Save by pressing Esc, Shift + ;(:) type wq to exit vim (:wq)

Then restart uhttpd with /etc/init.d/uhttpd restart

Test both internal and external networks; remember to set up port mapping and DDNS domain resolution; IPv6 migration has no restrictions, and 443 can be accessed normally.

This way, the certificate installation is successful.

image

This article is synchronized and updated to xLog by Mix Space. The original link is https://www.miaoer.net/posts/network/openwrt-ssl

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.