Hi there,
I was wondering if I need to update ssl certificates periodically and what is the best way to do that. Here is my problem....
I'm using Dynamic DNS service on my openwrt router. My DNS provider recommends I use SSL to connect whenever I update my IP so I installed libustream-openssl ca-certificates and I configured everything properly but when I started the service I got this message in the log file...
WARN : No valid certificate file '/etc/ssl/certs/' for HTTPS communication - TERMINATE
It sounded like I didn't have the right SSL certificate. I did some searching and found these instructions here: https://oldwiki.archive.openwrt.org/doc/howto/wget-ssl-certs
I installed openssl-util and ran the commands listed on the wiki. Specifically these commands....
cd /etc/ssl/certs
openssl s_client -connect freedns.afraid.org:443 < /dev/null > temporary.out
openssl x509 -outform PEM < temporary.out > freedns.afraid.org.cer
# create link using the hash value from openssl
# store certificate hash value in HASH append .0, if hash exists can store as .1 or .2 or .3 etc etc
HASH=`openssl x509 -hash -noout -in freedns.afraid.org.cer`.0
# create link
ln -s freedns.afraid.org.cer $HASH
Then I restarted the Dynamic DNS service and..... everything worked. Yay!
So my question is..... How often do I have to repeat this step? Every month? Every year? Everytime I restart the router? Should I put these commands in a script and set it up as cron job? Sorry for the noob questions, I know next to nothing about SSL except that it is necessary so that no one can see my username/password every time I update my IP. Thanks!