LuCi, ssl and Firefox

sspphheerraa · November 2, 2019, 4:52pm

Hello there, I have TL-WR1043ND and want to connect it via https.
I use that guide https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings
My actions:

ssh 192.168.1.1
opkg update
opkg install openssl-util luci-app-uhttpd luci-ssl
### I have set /etc/ssl/myconfig.conf as guide suggests
cd /etc/ssl
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout mycert.key -out mycert.crt -config myconfig.conf
### I set certificate files in LuCi -> Services -> uHTTPd as guide suggests
/etc/init.d/uhttpd restart
scp root@192.168.1.1:/etc/ssl/mycert.crt /mycert.crt
scp root@192.168.1.1:/etc/ssl/mycert.key /mycert.key

And now I have to add this certificate to my Firefox browser (Preferences -> Privacy&Security -> Certificates -> View Certificates -> Import -> /mycert.crt), but it returns error:

This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.

What's wrong? And what to do?

sspphheerraa · November 3, 2019, 7:13pm

If I try to import mycert.key - it requires password

Please enter the password that was used to encrypt this certificate backup:

Maybe I have missed something in cert creation?

lleachii · November 4, 2019, 4:26pm

It should be a server cert.

sspphheerraa · November 7, 2019, 3:42pm

I have reworked all this. I have created own CA (and root cert) on my workstation, and then (there, on workstation) created certificate for my router. The root cert was imported to Firefox's cert authorities, and the router cert was moved to router (using 'scp').

ps If anyone needs details, please, feel free to ask

system · November 17, 2019, 3:42pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.