Https connection to other router (TOFU)

I was searching for a way to implement somehow a "trusted rest call against a router". I can use --insecure, but actually I would like to have something like trust-on-first-use.

For that u need to edit /etc/config/uhttpd the common name to 10.0.0.3 (here) and regenerate your certificate.

However, now I check against a database and if not already a certificate exists, I do with openssl-utils:

openssl s_client -showcerts -connect 10.0.0.3:443 </dev/null 2>/dev/null|op
enssl x509 -outform PEM > cert.pem

After that I can just:

curl --cacert cert.pem --capath /tmp/ https://10.0.0.3:443

Is there a better way? Can I somehow set the CN to a complete wildcard? If you do not change the CN, the above steps won't work.

Do you mean wildcard as in the Global Root?

I don't advise generating/installing such a cert.

If security is actually required, then you should probably set up the keys/certs beforehand:

• As custom files during the build
• Using custom post-install SSH scripts
• With some config manager like Ansible

I do not install it, I just query a specific router with it via https.

I thought about something like this, too. But actually I need a dynamic solution with a changing environment. That is why I just want TOFU. I want to prevent a man-in-the-middle attack, after a router already established a connection.

Could you elaborate the criteria for dynamic environment?
If you control the DHCP server, you can trigger the provisioning scripts with hotplug.

Layer 3 Wirless-Mesh. If some gateway appears, I want to contact it via https. For the static gateways we can probably do the cacert package solution, but for other gateways, I need something else.

The same certificate on every device means if someone obtains the certificate's private key (which is of necessity deployed on every device), they can set up a MITM machine that matches all of them. If one node is hacked, the whole system is done.

Using the conventional approach of certificate CN matched to the device, and verify them with a private CA, a device's certificate / key is only useful to MITM that one CN. Without the CA private key, they can't generate more certificates.

Can I automatically add the correct CN IPs? Or mutliple CNs?

BTW. I implented the client side code now. I will release the code later and then I can point to it here, if u are intersted. The gateway side is still missing (with the uhttpd certificate).

Use a script to create and sign a batch of certificates, with sequential CNs based on the IP where you will use them. Nothing within a certificate can be changed after it has been signed, which is the whole point of signing them to a higher CA.

Again, any reuse of the same certificate on multiple devices makes it impossible to isolate one which has been compromised.

Did I made a mistake? I have downloaded the crt for a router (server) with a specific ip. I always use that crt for a request against the same router with the same ip. An attacker must compromise the client and exchange that crt on the client, to do a man in the middle?

That is correct(*). But then you started asking about how to make a certificate which can be used on more than one server, which is a very bad idea.

• with the considerable potential problem that you must trust the first time you download the certificate. If you get fooled into downloading and trusting the MITM's phony certificate, then you won't know it's a MITM.

So the way to avoid that is to use a CA so the trust is distributed out of band. You hold the CA directly on your client machine, you can be sure it is your CA because you never need to download it from the network. Also you don't have to remember all the server certificates, only check that they are signed with your CA.

Thanks. Yep. You have similar issues with ssh.

I will have a look at the CA version when I have time.