banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

Set SSL Certificate for Openwrt

#软路由#Openwrt119
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The text discusses the process of installing an SSL certificate on OpenWrt. It emphasizes that while the internal network may seem fine, external access can be problematic. The author uses a free SSL certificate from a service called "鹅云" with ECC 256 encryption. To install the certificate, the user must download the certificate and key files, upload them to the OpenWrt device, and modify the configuration file (`/etc/config/uhttpd`) to point to the new certificate and key locations. The user is also advised to check if port 443 is blocked by their ISP and change it if necessary. Finally, the user should restart the uhttpd service and test the setup for both internal and external access, ensuring proper port mapping and DDNS configuration.

There's no point in using the internal network; it feels good, but accessing it from the external network is another story.

Installing an SSL certificate on OpenWrt is not as difficult as imagined. My firmware did not compile OpenSSL, nor did it need to. During testing, I casually compiled it to access via https by default. The official version didn't use the internal network either, which felt a bit lacking.

To install an SSL certificate on OpenWrt, you first need an SSL certificate. Here, I used Goose Cloud (where I applied for a free SSL certificate, and I applied for one with an encryption algorithm of ECC 256.

image

Download; select Nginx as the certificate server type, and you only need the key .key and certificate .crt from the compressed package.

Use the built-in system file management of the firmware to find a place to put it; I chose /www, upload the two files, select the extraction location, and execute the upload.

Check if the upload was successful with the command cd /www && ls

If the firmware does not have file management, you can use your handy ssh tool scp to upload; here’s a demonstration of the command in Windows terminal scp C:\Users\【User】\Desktop\****.crt [email protected]:/www for reference.

Use vim to modify vi /etc/config/uhttpd

config uhttpd 'main'
        list listen_http '0.0.0.0:80'
        list listen_http '[::]:80'
        list listen_https '0.0.0.0:443'
        list listen_https '[::]:443'
        option redirect_https '0'
        option home '/www'
        option rfc1918_filter '1'
        option max_connections '100'
        option cert '/etc/uhttpd.crt'
        option key '/etc/uhttpd.key'

Replace /etc/uhttpd.crt in option cert '/etc/uhttpd.crt' with /www/****.crt
Replace /etc/uhttpd.key in option key '/etc/uhttpd.key' with /www/****.key

If you have a public IP, check if your ISP has blocked port 443; if so, change 443 to a port you prefer and replace '0.0.0.0:443' in list listen_https '0.0.0.0:443' with your preferred port.

Save by pressing Esc, Shift + ;(:) type wq to exit vim (:wq)

Then restart uhttpd with /etc/init.d/uhttpd restart

Test both the internal and external networks; remember to set up port mapping and DDNS domain resolution; IPv6 migration has no restrictions, and 443 can be accessed normally.

This way, the certificate installation is successful.

image

This article is synchronized and updated to xLog by Mix Space. The original link is https://www.miaoer.net/posts/network/openwrt-ssl

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.