Can I change the SSL certificate within the web UI (LuCl)?

I want to enable HTTPS. A Google search result showed a post in this forum, and it told me to use a few commands to install packages. But I could do that within the web UI. Now, HTTPS is working. But it is using a self-signed autogerated certificate, which the browser on my computer rejects.

I have generated a certificate on my computer. It is signed by a CA certificate which is registered as a trusted CA. Now, I think I need to tell OpenWrt to use that certificate instead, but can I do that without using terminal?

Google search gave me this (https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings), but "In LuCi, go to Services → uHTTPd" does not seem valid. I cannot find "Services" menu in the web UI (OpenWrt 18.06.2). Is this not possible now and I have to use SSH terminal?

With the availability of nginx as a server, that may be a better choice than uhttpd. Installing the luci-ssl-nginx should give you all you need. It may not fit on devices with 8 MB of flash or less and you may need to use uhttpd for flash-limited devices.

For nginx, the certificates used can be found by examining /etc/nginx/nginx.conf

        ssl_certificate /etc/nginx/nginx.cer;
        ssl_certificate_key /etc/nginx/nginx.key;

(for default config)

I'll typically use SCP to copy the certs into place, or at least onto the machine to a reasonably secure, temporary location. Especially with signed certs, they are pretty sensitive information.

2 Likes

Yes, you can.
Install luci-app-uhttpd first (System - Software)
Then go to Services - uHTTPd and you can edit the web server, including erasing old certificates and uploading new.

4 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.