OpenWrt connect to https failed

21.02.1 version -

config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '1'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '730'
	option key_type 'ec'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'

This part is not up to me to decide, and I can only use this set.

That wasn't the question, but I think we can assume the answer's no ...

I don't even understand your answer. I asked if it was custom hardware (as compared to something commercially available). I've also asked other direct questions so that we can help you understand if it is possible to upgrade.

It is clear that you are ignoring/avoiding the questions and advice we are providing. And you appear to have zero interest in actually doing the right thing for your network (or whoever's network this is). I hope you don't find out the hard way that your insistence on using that device with 15.05 is extremely dangerous.

Can you list the steps/commands you used to generate the certificate?
I’ve always done it on the router using the following:

openssl genpkey -algorithm RSA -out /etc/uhttpd.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key /etc/uhttpd.key -out /etc/uhttpd.csr -subj '/O=openwrt.org/CN=OpenWrt'
openssl x509 -req -days 3650 -in /etc/uhttpd.csr -signkey /etc/uhttpd.key -out /etc/uhttpd.crt
chmod 640 uhttpd.key
rm /etc/uhttpd.csr
chmod 640 uhttpd.crt

This definitely worked on 15.05.1 last I was running it.
The config looks ok, but I’ve always bound it to ‘0.0.0.0:80’ and ‘0.0.0.0:443’ instead of the router IP, but that shouldn’t make a difference.

And are any errors generated when restarting uhttpd?

I'm pretty sure he is working with a manufacturer supplied SDK. As he indicates himself he has no influence on what software is used. We all know how much work it is to pry a GPL archive from big network manufacturers as an individual. Here it's a (small) company but the dilemmas won't be any different I reckon.

@Borromini - yeah... if that is the case, it is understandable. However, unless I missed it, the OP has not been wiling to even confirm that this is some non-commercial product or something with an SDK that is out of their control. And the OP has also not given us any insight into why they must use this specific hardware and firmware -- it is entirely possible that there would be viable alternatives (although maybe not), but all we really know is that they are using an ancient version of OpenWrt.

With all of that said...

If this is the case, the version of OpenWrt on their device may not even be standard/official 15.05, so the OP should be talking to the manufacturer for help with the https problem -- it is entirely possible that a customized image might not contain all the prerequisites for https to work in the first place, or that other modifications have been made that make it behave differently than the official version.

Thanks for yor reply,
I have found the reason is that I don't have installed libopenSSL.ipk

Great. So you installed that and now it works?

ya thanks for your reply

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.