1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New User, some questions....

Discussion in 'Tomato Firmware' started by occamsrazor, Aug 21, 2007.

  1. occamsrazor

    occamsrazor Network Guru Member

    So I bought a WHR-G54s and flashed it with Tomato 1.07...The flashing didn't initially work, but when I put a switch in between the flashing computer and the router it then worked.

    Very nice firmware - I was undecided between Tomato and DD-WRT. I fancied the SIPatH aspect of the VOIP version of DD-WRT, but well, Tomato is nice and clean and the main reason was for QoS features and seems Tomato is rated highly for that...

    Everything seems fine so far, except one thing - I have Remote Admin set to use HTTPS, with my machine using dyndns, and when I try to access it remotely I get the following warning and it will not let me connect:

    "You have received an invalid certificate. Please contact the server administrator blah blah blah.... Your certificate contains the same serial number as another certificate as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number."

    Any ideas???

    It's not a dyndns problem as accessing my ftp server etc via the dyndns name works fine....

    Thanks,

    Ben
     
  2. GeeTek

    GeeTek Guest

    If you are using Internet Explorer, you will have the option to continue anyway.
     
  3. occamsrazor

    occamsrazor Network Guru Member

    Thanks Geetek, it does indeed work with Internet Explorer...
    Do you know if there is any way for me to fix it permanently so that I can use it with FireFox?
    Cheers,
    Ben
     
  4. GeeTek

    GeeTek Guest

    I'm afraid not. I have never downloaded or even seen FireFox. :frown:
     
  5. Maggard

    Maggard LI Guru Member

    Your Linksys certificate is conflicting with the Tomato one, you need to delete the current one to make room for the other.

    In Firefox use:

    Tools [menu] > Options... [menu] > Advanced [tab] > Encryption [tab] > View Certificates [button] > Web Sites [tab] > Linsys-Cisco LLC [entry] > Delete [button]

    Now reload the Tomato page and accept the new certificate.
     
  6. BassKozz

    BassKozz Network Guru Member

    I am having similar issues, because I use tomato on my home & work routers so they conflict :(

    The solution Maggard gave works but I have to do it EVERY TIME, i want to login to one router or the other :(

    Any idea's on a permanent fix?
    TIA,
    -BassKozz
     
  7. roadkill

    roadkill Super Moderator Staff Member Member

    try gencert.sh
    and change the router hostname before use to something other than Linksys
     
  8. BassKozz

    BassKozz Network Guru Member

    Roadkill, thanks for the help... would you mind explaining this process to me?
    <-- I am with newb :p
     
  9. bilu

    bilu LI Guru Member

    just accept temporarily the certificate

    If you delete the certificate as Maggard proposed and accept temporarily for the session only you wont have problems. That's my experience, although I disabled remote access now that I don't need it.

    Bruno
     
  10. BassKozz

    BassKozz Network Guru Member

    Hi Bruno,
    I don't think you understand, you are correct that Maggard's solution does work, but I use Tomato on 2 separate routers (work/home) so I am constantly connecting to the WebGUI of both of these routers, so the cached certificate is conflicting with the new certificate...

    For example:
    If I connect to my HOME router after using Maggard's solution, it stores the HOME routers certificate, then when I connect to my WORK router I have to first remove the home router's certificate to connect... and on, and on, this gets to be a pain in the ass very quickly :(

    So I need a solution that will stop me from having to continue to delete cert's everytime I want to connect to the tomato WebGUI, or I'll have to learn how to get very good using SSH to control everything :-p (which is probably not feasible for me)
     
  11. bilu

    bilu LI Guru Member

    Strange... Accepting temporarily still stores the certificate?
     
  12. roadkill

    roadkill Super Moderator Staff Member Member

    I think gencert.sh will generate a certificate according to router name/hostname/domain name as set in identification.
    contents of gencert.sh
    Code:
    #!/bin/sh
    SECS=1159678800
    # create the key and certificate request
    openssl req -new -out /tmp/cert.csr -config /etc/openssl.cnf -keyout /tmp/privkey.pem -newkey rsa:512 -passout pass:password
    # remove the passphrase from the key
    openssl rsa -in /tmp/privkey.pem -out /etc/key.pem -passin pass:password
    # convert the certificate request into a signed certificate
    openssl x509 -in /tmp/cert.csr -out /etc/cert.pem -req -signkey /etc/key.pem -setstartsecs $SECS -days 3653
    # Show human-readable format
    # openssl x509 -in /etc/cert.pem -text -noout
    # Remove unused files
    rm -f /tmp/cert.csr /tmp/privkey.pem
    
     

Share This Page