Uhttpd generates certificate with random parameters (organization not in config file)

openwrt snapshot on bananapi r2. In config I have stored
config cert 'defaults' option days '730' option bits '2048' option country 'DE' option location 'Erfurt' option commonname 'bananapi' option state 'TH'

Now the generated certificate contains a random generated value for organization.
/etc/init.d/uhttpd contains this line
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${organization:-OpenWrt$UNIQUEID}"/CN="${commonname:-OpenWrt}"
Seems there is an undocumented config variable named Organization, which does not show up in Luci
How can this solved?
Gotthard

  • To be clear, you're asking for the cert generation not to include an "Organization" parameter, or you wish to edit this - correct?
  • And how does the certificate your stored relate your issue?

I´m asking for cert generation including an organization variable from config file.
ATM the config file contains no variable for organization, even though the init script uses such a variable.

Thats a misunderstanding. I listed the values from the config file, I stored no certificate.

It is a rather new addition, in June 2020.

the support for that has apparently not been added to the LuCI GUI.

You can simply edit the config file /etc/config/uhttpd (with a text editor) and add that option line to correct section.
Note that the UCI option name is organization, not Organization.

Ps.

The default config files do not contain all possible options, so that is quite normal.

I will add it to LuCI.

Thanks for pointing this out.

EDIT:
Added with this commit, and also backported to 21.02.

1 Like

Oh, I will give it a try in the next days

It´s case sensitive? That needs attention, really.
Thanks for reply

With regards
Gotthard

I can confirm, works in build 18673, generated certificate is correct now.
Bad news: uhttpd crashes if you click on "Remove old certificate and key" in Luci and needs restart from cli. System log shows any entries regarding this issue.

Thanks for your efforts
Go