Certificates Overview

Please read about Public key certificate.

put this into an own article:

Hello, I would like to run a https server on OpenWrt (Backfire) that is visible from WAN and certified by a CA recognized by most browsers.

If I put the ssl certificate and the corresponding private key file in /etc/uhttpd.crt and /etc/uhttpd.key respectively, the site works after opening port 443 on the firewall, but browsers still complain because of the lack of the certificate chain to the trusted authoritiy.

Question: where does this certificate chain file go and how to configure it in uhttpd? Just for the reference, in Apache, it is configured by SSLCertificateChainFile.

Answer: Concatenate the …certfile.crt and …certfile.crt-intermediate to the input file of the second openssl command below.

Generating the key is fairly easy. Actually, you only generate the key; the certificate comes from the Certification Authority (CA). The most straightforward way for getting these files is first generating a key and a certification request using:

openssl req

as described in the corresponding openssl man page (req) and getting the request signed by some CA (see their corresponding webpages for instructions, they are quite different). Finally, you need to convert the private key and the certificate from the ascii-armored PEM format in which they are usually available to the more economical binary DER format used by uhttpd: Code:

openssl rsa -in yourkeyfile.pem -outform DER -out uhttpd.key
openssl x509 -in yourcertfile.pem -outform DER -out uhttpd.crt

Bla, bla use package: px5g.

Back to top

doc/howto/certificates.overview.txt · Last modified: 2012/05/02 15:20 by carldenic