Self-Signed SSL always gives Error Page - Shibby fw

Discussion in 'Tomato Firmware' started by SaultDon, Aug 29, 2012.

  1. SaultDon

    SaultDon Serious Server Member

    I've followed the "how to use self-signed certificates for https" TomatoUSB tutorial.

    Here is a screenshot of my configuration:

    When I access the webpage from my LAN using it's IP as:

    The page that it takes me too is a warning page first then I have to click "Proceed Anyway" before I can login to the router.

    Could someone please help me make it so that my certificate is trusted and I don't get that crazy red warning page?

    ASUS RT-N66U
    TomatoUSB "Shibby" v1.28, AIO build 100
  2. kthaddock

    kthaddock Network Guru Member

    Make that trusted in your webbe browser. You don't need :443 in your https addres as https always use port443.
  3. SaultDon

    SaultDon Serious Server Member

    Thanks, this sounds interesting and might be what I need to do!

    But now, how to do that...

    I'm using Google Chrome and found the "Manage certificates..." button under the HTTPS/SSL section. But there are the following tabs:


    I'm not sure what tab to go to, and what file to "import". On my router there is cert.pem and key.pem inside the /etc folder. I can scp from the router any files I need to import but am at a loss on what my client computer needs.

    Thanks so far.

    I'm thinking that I have to go to the "Servers" tab and import the "cert.pem" file that is on the router...
  4. shibby20

    shibby20 Network Guru Member

  5. SaultDon

    SaultDon Serious Server Member

    First I scp'd the cert.pem file from the router to my client PC:
    scp root@ ~/Documents/
    Then Press Import... to load the cert.pem file that was copied.

    Go to the Authorities tab and highlight your domain name in the list (ie, and press Edit... and place checkmarks as needed:


    Press OK then clear your web cache and restart Google Chrome.

    But I still get a red error: The server certificate contains a weak cryptographic key.
  6. SaultDon

    SaultDon Serious Server Member

    This sounds easy! I might do this at the end of the day if I can't get this home-built solution to work.

  7. lancethepants

    lancethepants Network Guru Member

    StartSSL is really awesome, and it's free, and supported in virtually every browser.

    The one possible downside of using StartSSL (or just about any SSL certificate provider) is that you must use chained certificates. Some browsers don't seem to care (chrome) but firefox is particularly finicky, and may even still not say that the cert is trusted.

    There was another thread here where someone built tomato with chained certificate support. Not sure if it every made it back to the repo, but it's something I'd like to see.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice