[SOLVED] uHTTPD: Organizational Unit (OU) in config file

Hi all,

in the User Guide section

https://openwrt.org/docs/guide-user/services/webserver/uhttpd#https_enable_and_certificate_settings_and_creation

neither Organization nor Organizational Unit (OU) parameters are included in /etc/config/uhttpd file.

But, while I was able to get Organization in the Cert by adding it to config and restarting uhttpd, no way to do the same for OU: is it possible?

(Maybe it must be added to LuCI... ref. Uhttpd generates certificate with random parameters (organization not in config file) - #5 by hnyman...).

BTW, it is NOT a matter of life and death!

Thanks a lot.

It doesn't look to be implemented as of now, you would need to do the same for Organizational Unit as was done for Organization in https://github.com/openwrt/openwrt/commit/2c6c1501af664490ec9b701b46a201e21c670b96. If you then add an option in LuCI which listens to uhttpd.defaults.organizationalunit, that field will be used as the OU when generating a new cert with luci-app-uhttpd.

In the meantime, you could always generate your cert directly via say OpenSSL (or even through the default px5g, I just verified that it also supports OU as a parameter in the subject) where you can specify OU and have uHTTPd use that one.

1 Like

Yes, the OU parameter is not included in the certificate generation command.

But it could be added there.

However, the self-signed certs for uhttpd are meant to be simple and just fullfil the requirements of browsers.
(I am currently proposing to modernize them a bit in https://github.com/openwrt/openwrt/pull/15366 to better match the browsers' requirements.)

2 Likes

I didn't know that was a stated goal but I like it to keep the complexity down, if users want to add OU (or other as-of-now not supported fields that's strictly not necessary to make browsers happy) to their certificates they can just generate them manually. I haven't run into the subjectAltName issue since I only use Firefox, which doesn't complain about it, nice that it's being added.

Thanks a lot, it's enough.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.