TomatoUSB

Tomato has a built-in feature to generate and use self-signed SSL certificates for the WAN-side HTTPS administration (when enabled). Self-signed certificates are fine for home usage and usually require an explicit approval that varies from browser to browser.

How to use self-signed certficates for HTTPS

Go to Administration » Admin Access, and configure as follows:

• Local Access = HTTPS or HTTP & HTTPS
• Regenerate = TRUE
• Save in NVRAM = TRUE
• Remote Access = HTTPS

Then hit Save. The certificates will be generated and stored in NVRAM.

How to use standard signed SSL certificates

First, follow the steps above and verify that the admin access works with the self-signed certificate. Then:

• Replace "/etc/cert.pem" and "/etc/key.pem" files by your own cert files.
• In terminal session, execute the following command:

tar -C / -czf /tmp/cert.tgz etc/cert.pem etc/key.pem

• Save the created /tmp/cert.tgz file to nvram:

nvram setfb64 https_crt_file /tmp/cert.tgz
nvram commit

• Restart the httpd service:

service httpd restart

Remember, that if you ever save the settings on the Admin Access page with the Regenerate box checked, or with Save in NVRAM box unchecked, you will loose your certificate and you will have to do these steps all over again.