-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cannot import my own ssl certificate #541
Comments
My certificate issued by local CA Subject alternative names: Log entries with word cert, while trying to upload custom certificate:
|
the problem is in the certificate chain verification. openssl s_client -connect ns1.asuscomm.com:443 should fail. I tested it on beta2 but it works for me. ATM I cannot reproduce it. |
I guess, then there's something wrong with my generated certifficate :/ |
And fun fact - below described method to specify custom certificate on mesh router works. cd /tmp cat << EOF > etc/key.pem tar zcvf cert.tgz etc/cert.pem etc/key.pem |
Router Model Affected
Models: RT-AX92U
Firmware Version Affected
Is this bug present in upstream Merlin releases too?
I don't know.
But issue NOT present on:
Describe the bug
Cannot import my own SSL certificate for https interface (via "Webui SSL Certificate" section on WAN \ DDNS).
Upload web interface opens, all seems to be OK - I can upload certificate and key files. But this makes no effect - changes are reverted back to auto (localy generated ssl certificate).
Even if there were working custom certificate on previous firmware version (e.g. 388.5 stable), after upgrade to 388.6 beta, web interface reverts to locally generated ssl certificate.
To Reproduce
Steps to reproduce the behavior:
Tried renaming certificate and key file names before upload (some forums sugested exact names required: cert.pem and key.pem respectively)
Tried also to make changes via ssh (works on 388.5 stable release for RT-AX92U in mesh configuration, where web interface not available), this doesn't work on this 388.6 beta anymore as well:
create or upload certificate and key files under /tmp/etc
/tmp/etc/cert.pem
/tmp/etc/key.pem
then:
cd /tmp
tar zcvf cert.tgz etc/cert.pem etc/key.pem
mv /jffs/cert.tgz /jffs/cert.tgz.bak
mv cert.tgz /jffs/
service restart_httpd
Expected behavior
Selection stays on "Import Your Own Certificate" on web interface under WAN \ DDNS (Webui SSL Certificate), details of imported certificate shown below.
Screenshots
The text was updated successfully, but these errors were encountered: