SSL Certificate

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
niXta
DD-WRT Novice


Joined: 26 Oct 2014
Posts: 30
Location: Sweden

PostPosted: Sun Jul 24, 2016 19:37    Post subject: SSL Certificate Reply with quote
Hi!

I have been using this startup script to change the cert on my dd-wrt r7000, it has been working perfectly and my certificate is about to expire. So I renewed the cert and installed it on my NAS which asked for "Private Key", "Certificate" and Intermediate certificate".

From Comodo I got a zip with:
www_URL_com.ca-bundle
www_URL_com.crt

These files was generated from the NAS:
server.key
server.csr

So I put:
Private Key = server.key
Certificate = www_URL_com.crt
Intermediate certificate = www_URL_com.ca-bundle

All went well there and it is working as it should.

But when I am trying to add it to my startup script on the R7000 it does not work and I get a "connection timed out".

I got the "server.key" replacing the "key.pem" and "www_URL_com.crt" replacing the "cert.pem" in the script below:

Code:
mkdir /tmp/ssl
echo "-----BEGIN RSA PRIVATE KEY-----
...
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
-----END RSA PRIVATE KEY-----" > /tmp/ssl/key.pem
echo "-----BEGIN CERTIFICATE-----
...
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
...
-----END CERTIFICATE-----" > /tmp/ssl/cert.pem
chmod 0600 /tmp/ssl/key.pem
mount -o bind /tmp/ssl/cert.pem /etc/cert.pem
mount -o bind /tmp/ssl/key.pem /etc/key.pem
stopservice httpd
startservice httpd



The ca-bundle file contains two certificates, the root certificate and intermediate certificate.

Can someone help me out getting the certificate correct in the script?

_________________
_______________________
Netgear R7000
Sponsor
niXta
DD-WRT Novice


Joined: 26 Oct 2014
Posts: 30
Location: Sweden

PostPosted: Sun Jul 24, 2016 21:38    Post subject: Reply with quote
Ok, so somewhere along the line intermediate certificates became a requirement.
Apache is fine with stacking intermediate/bundle certificates on top of each other in cert.pem after the server cert.

So:
echo "-----BEGIN RSA PRIVATE KEY-----
server.key
-----END RSA PRIVATE KEY-----" > /tmp/ssl/key.pem

echo "-----BEGIN CERTIFICATE-----
www_URL_com.crt
-----END CERTIFICATE-----
www_URL_com.ca-bundle (root cert?)
-----END CERTIFICATE-----
www_URL_com.ca-bundle (intermediate cert?) (same file)
-----END CERTIFICATE-----" > /tmp/ssl/cert.pem


Up and running!

_________________
_______________________
Netgear R7000
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum