Trusting others routers https certificate?

I want to send an https request to another router.
There is the package nss-utils in OpenWrt that brings certutil with it. Is that possible to use that for trusting anothers router https certificate?

The application you are using to "send" your https request must support this.

If you just want to pull files from the https server I would use wget or curl and just ignore the certificates, e. g.:

wget --auth-no-challenge --user=root --ask-password --no-check-certificate https://192.168.1.1/index.html

You could provide the certificates from your router to wget directly also if you want.

2 Likes

What do you actually want?

  • just HTTPS communication, between hosts with self-signed certs without a proper trust chain. Just encrypted messaging, but no real verification?

    Most tools offer something like --no-check-certificate (like mentioned above), which achieves this. You just encrypt the messaging, but there is no host verification.

  • real "host has a valid cert meant for just this host" verification? No man in the middle.

2 Likes

I already use curl --insecure. But actually I would like to have the certificate somewhere in a github and then use that, to prevent man in the middle. :slight_smile:

2 Likes

Okay thanks! :slight_smile:
Then I will have to maintain the certificate file myself with different routers.^^ I thought maybe I could just put certificates to some place and then use curl.

Thanks a lot! :slight_smile:

1 Like
opkg files ca-certificates
2 Likes

Did something chaged? Suddenly I get an error:

On 19.07.6 there is no error.

Either those routers are on a public network, then just get Let's Encrypt certs. If they are on a closed/private network then distributing the certs as part of your setup is the correct way.
Depending of the size of your "network" you can also establish your CA and have that trusted.

Perhaps curl switched to wolfSSL?

Yep. :confused:

1 Like