Hi there, I downloaded the latest OpenWRT version available (19.07.3) today for my linksys WRT2300ACM. One of the first things I wanted to do was to install a custom self-signed certificate, unfortunately I've been dealing with that for hours and I still can't make it work.
I followed the steps here
https://openwrt.org/docs/guide-user/luci/luci.essentials#installation to install luci-ssl-nginx, and then I also followed the steps here https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings to update the certificate and private key file through LuCI.
I'd like to say that I'm fairly familiar with SSH, TLS/SSL Certificates and Linux, and I do understand the process described in those links, particularly the last one, but having said that I wouldn't call my self an expert since I don't do this everyday and I may be doing something wrong.
I initially tried installing my own self-signed certificate which I generated using openssl on a Linux machine. I also generated and installed a CA certificate for my computer and used that CA to sign the new router certificate, then I copied the router certificate and private key files to /etc/ssl on the router using SFTP (installed previously). Here I started following the steps to select my CRT and KEY files through LuCI (Services > uHTTPd), clicked Save and Apply, Rebooted the router, refreshed the browser but nothing changed, I still see the old certificate on the browser.
I verified the configuration file manually (/etc/config/uhttpd) by SSHing into the router and it looks good, the configuration file shows the correct path for the files.
option cert '/etc/ssl/router.crt'
option key '/etc/ssl/router.key'
I've gone through the same process with some variations, copied the files to /etc, /etc/ssl, /etc/ssl/certs and /etc/ssl/private, every time I make a change I save the files or use "Save and Apply" if I'm in the GUI and restart uhttpd either through to the GUI or with "services uhttpd restart" or even reboot the router if that doesn't work. It doesn't matter what I do, the router won't pick up the new files, it is still serving the original files created during the installation. I even deleted the CRT and KEY files on the router (/etc/uhttpd.crt and /etc/uhttpd.key) and all the files I created, rebooted and the router is still serving the original CRT and KEY files... how is it serving the original files if I deleted them!?
It all makes me believe that the original certificate and key files are cached somewhere. LuCI is correctly updating the configuration file (/etc/config/uhttpd) but that doesn't matter because the router won't pick up the files.
I also cleared the cache in my browser several times, but that didn't make any difference either.
My last test was to follow the steps in the second link above religiously, I only updated the DNS and IP, and that didn't work either.
I'm out of ideas, appreciate any help!