TomatoUSB

How do i get a valid ssl certificate into the admin login part ?

Good question I would like a answer too.

anyone?

Just a guess….

How about just using WinSCP to copy the pem files it into /tmp/etc?

I think you want to rename the cert and key files, "cert.pem" and "key.pem", respectivly.

Good luck!

so just create key and certificate files and replace the ones in that folder? will it actually work ?

Chris- I may have misunderstood what you meant by "valid" certificate. I assumed you meant NOT self-signed.

Tomato can created a self-signed cert/key pair for you, if that's all you need.

On "Admin Access" page, Web Admin, Local Access, select "HTTPS". Check the "Regenerate" box and then "save".

Your client will complain about the self-signed cert but you can force it to accept it.

Regards

I meant a not self signed.. so that its valid , but whats the difference is the regenerate box is on and not?

When the box is checked, and the page is "saved" a new key is generated…. WEB page should then refresh with box unchecked, if I recall. Check the /tmp/etc directory and you'll see the cert/key pair appear/change.

If you have a valid CA-signed cert/key pair in the OpenSSL format, I think you can, with one precaution, just replace the Tomato generated pair. What I would do is check the "Regenerate" box and uncheck the "Save in NVRAM" box and then "save" the page. This will assure the public key is cleared from NVRAM.

Change the names of your the "valid" CA-signed pair to key.pem and cert.pem and copy them into the /tmp/etc directory. You can also use the same approach to replace the 512-bit Tomato generated key with, say; a 1024-bit self-signed one you generate with OpenSSL.

I think this should work… let us all know.

To get the custom cert stored in Tomato and survive the reboots, here's what you need to do:

1. Check both - the "Regenerate" box and the "Save in NVRAM" box - and then hit "Save". This will create "/etc/cert.pem" and "/etc/key.pem" files.
2. Replace "/etc/cert.pem" and "/etc/key.pem" files by your own cert files.
3. In terminal session, execute the following command:

tar -C / -czf /tmp/cert.tgz etc/cert.pem etc/key.pem

nvram setfb64 https_crt_file /tmp/cert.tgz
nvram commit

service httpd restart

Remember, that if you ever save the settings on the "Admin Access" page with the "Regenerate" box checked, or with "Save in NVRAM" box unchecked, you will loose your certificate and you will have to do these steps all over again.

Just copied teddy_b's tutorial to Use SSL certificate for WAN admin.