1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL certificate generated by Tomato

Discussion in 'Tomato Firmware' started by jvro, Aug 5, 2008.

  1. jvro

    jvro Addicted to LI Member

    Aaaargh ...

    I keep getting the certificate error by my browser when loging in to my router using HTTPS saying that the used key isn't trusted.

    I'm using latest Tomato (1.21) and IE7 on Vista. I can't seem to figure out how to get the certificate as a file from Tomato to import into IE/Vista to stop the error?

    Any advice would be greatly appreciated :)

    ... Also could someone please tell me what the "Save in NVRAM"-option does?

    Thx,
    John
     
  2. fyellin

    fyellin LI Guru Member

    First of all, be sure to check the box
    Administration > Admin Access > SSL Certificate > Save in NVRAM​
    or else your tomato box is going to create a new SSL certificate every time you reboot. With this box set, the SSL certificate is saved in nvram and re-used.

    Finding out the actual certificates it uses is relatively straightforward. If you run
    ssh router nvram get https_crt_file​
    (or whatever command you use to log onto the router and execute a command), it'll print out a long piece of gibberish ASCII text.

    This gibberish is a base64 encoding of the binary file cert.tgz. Use whatever command you have to decode the base64 and put the result into cert.tgz. I used emacs. The file cert.tgz is a compressed tar file, and you can then run
    tar -xzf cert.tgz
    to extract the files cert.pem and key.pem

    At this point you're on your own. I don't know how to get this information into your browser.

    EDIT (ADDED):

    If you have a base64 decoder program (which I don't), you might be able to just type the following:
    ssh router nvram get https_crt_file | base64decoder | tar xzf -​
     
  3. jvro

    jvro Addicted to LI Member

    Thanks

    Thanks man.

    That really gave me some needed insight.

    Everything is working for me now. It also truned out that the reason to why i wasn't able to just directly import the certificate the first time i opened up the Tomato GUI was a classification-issue in IE7/Vista.

    Thanks again,
    John
     

Share This Page