Hello, I would like to run a https server on OpenWrt (Backfire) that is visible from WAN and certified by a CA recognized by most browsers.
If I put the ssl certificate and the corresponding private key file in
/etc/uhttpd.key respectively, the site works after opening port 443 on the firewall, but browsers still complain because of the lack of the certificate chain to the trusted authoritiy.
Question: where does this certificate chain file go and how to configure it in uhttpd? Just for the reference, in Apache, it is configured by SSLCertificateChainFile.
…certfile.crt-intermediate to the input file of the second
openssl command below.
Generating the key is fairly easy. Actually, you only generate the key; the certificate comes from the Certification Authority (CA). The most straightforward way for getting these files is first generating a key and a certification request using:
as described in the corresponding openssl man page (req) and getting the request signed by some CA (see their corresponding webpages for instructions, they are quite different). Finally, you need to convert the private key and the certificate from the ascii-armored PEM format in which they are usually available to the more economical binary DER format used by uhttpd: Code:
openssl rsa -in yourkeyfile.pem -outform DER -out uhttpd.key openssl x509 -in yourcertfile.pem -outform DER -out uhttpd.crt
Bla, bla use package: