ok i fixed that error by creating a symbolic link as follows:
ln -s /proc/self/fd /dev/fd
but now i have a new error:
root@OpenWrt:/tmp# openssl x509 -sha256 -req -extfile <(print
f "subjectAltName=DNS:localhost") -days 365 -in server.csr -C
A ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Signature ok
subject=C = CN, ST = GD, L = SZ, O = "Acme, Inc.", CN = localhost
Can't open ca.crt for reading, No such file or directory
3069793176:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('ca.crt','r')
3069793176:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate
where do i get the ca certificate from to read ?
I have installed the package ca-bundle but there does not seem to be a ca.crt file in the etc/ss/cert directory.
ash shell doesn't support process substitution. So, instead of the construction <(command) — that in bash is like a file — in ash the easiest solution is to create a file with the content. So, the simplest way would be:
# Create CA key and certificate. Import ca.crt as root certificate to the computers accessing the router and save ca.key for future use.
[ -e "./ca.key" ] || openssl genrsa -out ca.key 2048
[ -e "./ca.crt" ] || openssl req -new -x509 -days 7300 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
# Create server key and certificate. use server.key and server.crt as valid files for uhttpd, ttyd, etc.
[ -e "./server.key" ] || openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out server.csr
echo "subjectAltName=IP:192.168.1.1,DNS:Openwrt.lan,DNS:myserver.myddns.org,DNS:www.myserver.myddns.org" > /tmp/subjectAltName.txt
openssl x509 -sha256 -req -extfile /tmp/subjectAltName.txt -days 825 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Obviously, change the DNS entries with your own internal/external, and IPs you use to access the router.