so i dont get the insecure warning when i log on to LuCI
all went well, with mycert.crt and mycert.key generated ok. But trying to import the crt to firefox (or Chrome) fails. I use preferences > privacy & security > certificates > view certificates and then navigate to the crt on my laptop. Hitting import generates the error "this personal certificate cannot be installed because you do not own the corresponding private key which was created when the certificate was requested."
I tried copying the key from my router, but still get this error when I try to import it.
It imho makes more sense to add OpenWrt's self-generated ssl cert to the few devices regularly used for administration tasks (as in accepting the certificate once, and yes, that works in firefox), than to generate a local CA and certs as described in that guide. The local CA is a) more work to create and deploy and b) has man-in-the-middle potential and might become a serious security risk, if not treated properly.
When encountering a self-signed certificate, firefox will offer you to create an override for it (to remember it), afterwards it won't bother you about this device/ cert combination anymore (aside from displaying a yellow warning label over the ssl-lock in the URL bar).
Hi there
my version of firefox (77.0.i) for Linux, doesn't offer to store the exception. It can just go back (recommended) or accept the risk and continue.
FF doesn't store the 'accept the risk' and theer is no button to create a permanent exception
Hiya
thought that had solved it, the server tab now logs the self signed cert as permanent, but on rebooting and log on to Luci I still get the browser warning!
Maybe this is something Ill just have to live with...