/etc/config/uhttpd contains the a cert section which contains parameters for certificate creation:
config cert 'defaults'
option days '730'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
Accordingly to this documentation, it will be needed only once, at the next restart. So i assume, at every start uhttpd checks if the period of validity is expired, and if so, a new self-signed certificate will be generated, is that correct?
I want to use my own certificate, which i will push automatically via scp (and restart uhttpd afterwards). But what worries me is the fact that OpenWRT creates it's own certificate. Is there a way to disable automatic creation of self-signed certificates?
When providing your own certificate, you can remove the cert section entirely. Make sure the cert and key file paths in the main section point to your certificate. I think that the key file must be readable only by root-- even if uhttpd does not enforce that it is a good practice.
root@sw:~# opkg whatdepends -A px5g-wolfssl
Root set:
px5g-wolfssl
What depends on root set
apfree-wifidog 4.08.1771-6 depends on px5g
luci-ssl git-20.244.36115-e10f954 depends on px5g-wolfssl
luci-ssl depends on px5g, so it seems like it is not possible to remove px5g without breaking the general SSL/TLS capability.
According to this documentation, px5g is triggered by the init script. How can this be disabled?