|
|
@@ -0,0 +1,192 @@
|
|
|
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
+ <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
|
+ <head>
|
|
|
+ <title>Create and Apply SSL Certificate to DD-WRT Web Interface</title>
|
|
|
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
|
+ <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
|
|
|
+ <script type="text/javascript">
|
|
|
+ $(function(){
|
|
|
+ $('textarea').each(function(i,e){
|
|
|
+ theTextarea = $(this);
|
|
|
+ theTextarea.height((theTextarea[0].scrollHeight-5) +'px');
|
|
|
+ });
|
|
|
+
|
|
|
+ $('li').each(function(i,e){
|
|
|
+ var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
|
|
|
+ $(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
|
|
|
+ $(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
|
|
|
+ });
|
|
|
+
|
|
|
+ $('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
|
|
|
+ theElement = $(this);
|
|
|
+ var lines = theElement.html().split("\n");
|
|
|
+ theElement.empty();
|
|
|
+ for(l=0;l<lines.length;l++){
|
|
|
+ if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
|
|
|
+ theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ lines[l].replace(/"/g, '"') +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
|
|
|
+ } else {
|
|
|
+ theElement.append(lines[l]);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.copy-text',function(){
|
|
|
+ theButton = $(this);
|
|
|
+ $('input.copy-text').attr('src','images/clipboard.png');
|
|
|
+ $('span.copy-animation').removeClass('copy-animation');
|
|
|
+ try {
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation');
|
|
|
+ navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
|
|
|
+ theButton.attr('src','images/clipboard_active.png');
|
|
|
+ } catch(err) {
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.completeBox',function(){
|
|
|
+ theBox = $(this);
|
|
|
+ $('#'+ theBox.attr('rel')).addClass('strikethrough');
|
|
|
+ theBox.prop('disabled',true);
|
|
|
+ theBox.parent('li').prevAll().each(function(i,e){
|
|
|
+ theLI = $(this);
|
|
|
+ if(theLI.find('input[type=checkbox]').not(':checked')){
|
|
|
+ $('#'+ theLI.find('input[type=checkbox]').attr('rel')).addClass('strikethrough');
|
|
|
+ theLI.find('input[type=checkbox]').prop('checked',true).prop('disabled',true);
|
|
|
+ }
|
|
|
+ });
|
|
|
+ });
|
|
|
+
|
|
|
+ if(window.self !== window.top){
|
|
|
+ window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
|
|
|
+ }
|
|
|
+ });
|
|
|
+ </script>
|
|
|
+ <link href="css/steps.css" rel="stylesheet" type="text/css" />
|
|
|
+ </head>
|
|
|
+ <body>
|
|
|
+ <div id="gridContainer">
|
|
|
+ <div class="topMargin"></div>
|
|
|
+ <div id="listName" class="topMargin">
|
|
|
+ <h1>Create and Apply SSL Certificate to DD-WRT Web Interface</h1>
|
|
|
+ </div>
|
|
|
+ <div></div>
|
|
|
+ <div id="content">
|
|
|
+ <h2>Create Your SSL Certificate</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Launch XCA</li>
|
|
|
+ <li>Open the PKI database if it is not already (File > Open DataBase), enter password</li>
|
|
|
+ <li>Click on the Certificates tab, right click on your Intermediate CA certificate</li>
|
|
|
+ <li>Select New</li>
|
|
|
+ <li>On the Source tab, make sure Use this Certificate for signing is selected</li>
|
|
|
+ <li>Verify your Intermediate CA certificate is selected from the drop down</li>
|
|
|
+ <li>Click the Subject tab</li>
|
|
|
+ <li>Complete the Distinguished Name section
|
|
|
+ <p>internalName: dd-wrt.i12bretro.local<br />
|
|
|
+ countryName: US<br />
|
|
|
+ stateOrProvinceName: Virginia<br />
|
|
|
+ localityName: Northern<br />
|
|
|
+ organizationName: i12bretro<br />
|
|
|
+ organizationUnitName: i12bretro Certificate Authority<br />
|
|
|
+ commonName: dd-wrt.i12bretro.local</p>
|
|
|
+ </li>
|
|
|
+ <li>Click the Generate a New Key button</li>
|
|
|
+ <li>Enter a name and set the key size to at least 2048</li>
|
|
|
+ <li>Click Create</li>
|
|
|
+ <li>Click on the Extensions tab</li>
|
|
|
+ <li>Select End Entity from the type list</li>
|
|
|
+ <li>Click Edit next to Subject Alternative Name</li>
|
|
|
+ <li>Add any DNS or IP addresses that the certificate will identify</li>
|
|
|
+ <li>Update the validity dates to fit your needs</li>
|
|
|
+ <li>Click the Key Usage tab</li>
|
|
|
+ <li>Under Key Usage select Digital Signature, Key Enchiperment</li>
|
|
|
+ <li>Under Extended Key Usage select Web Server and Web Client Authentication</li>
|
|
|
+ <li>Click the Netscape tab</li>
|
|
|
+ <li>Select SSL Server</li>
|
|
|
+ <li>Click OK to create the certificate</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<h2>Exporting Required Files</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>In XCA, click on the Certificates tab</li>
|
|
|
+ <li>Right click the SSL certificate > Export > File</li>
|
|
|
+ <li>Set the file name to cert.pem verify the export format is PEM (*.crt)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+ <li>Click the Private Keys tab</li>
|
|
|
+ <li>Right click the private key generated for the SSL certificate > Export > File</li>
|
|
|
+ <li>Set the file name to key.pem and verify the export format is PEM private (*.pem)</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<h2>Applying SSL Certificates in DD-WRT</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Open a web browser and navigate to http://DDWRT_IP</li>
|
|
|
+ <li>Authenticate with the DD-WRT login</li>
|
|
|
+ <li>Click on the Services tab</li>
|
|
|
+ <li>Locate the Secure Shell section</li>
|
|
|
+ <li>Select the Enable radio option next to SSHd</li>
|
|
|
+ <li>Click Apply Settings</li>
|
|
|
+ <li>Click on the Administration tab</li>
|
|
|
+ <li>Locate the Web Access heading</li>
|
|
|
+ <li>Uncheck HTTP</li>
|
|
|
+ <li>Check HTTPS</li>
|
|
|
+ <li>Click Apply Settings</li>
|
|
|
+ <li>Scroll down and click the Reboot Router</li>
|
|
|
+ <li>Wait for DD-WRT to come back up</li>
|
|
|
+ <li>Download PuTTY <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html" target="_blank">Download</a></li>
|
|
|
+ <li>Connect to DD-WRT via PuTTY</li>
|
|
|
+ <li>Execute the following commands to create the working directories
|
|
|
+ <div class="codeBlock">cd /jffs<br />
|
|
|
+ mkdir etc<br />
|
|
|
+ mkdir startup</div>
|
|
|
+ </li>
|
|
|
+ <li>Download the bash script to apply the SSL certificates <a href="https://gist.githubusercontent.com/i12bretro/240ecec51f63ec8550403be0edd10c98/raw/b4d8862374c0b541b55ab58935ddd14bdab82369/binds_on_mount.sh" target="_blank">Download</a></li>
|
|
|
+ <li>Download WinSCP <a href="https://winscp.net/eng/downloads.php" target="_blank">Download</a></li>
|
|
|
+ <li>Extract WinSCP and run the executable</li>
|
|
|
+ <li>Connect to the DD-WRT server via WinSCP</li>
|
|
|
+ <li>Navigate to /jffs/etc</li>
|
|
|
+ <li>Copy the created cert.pem and key.pem to /jffs/etc</li>
|
|
|
+ <li>Navigate to /jffs/startup</li>
|
|
|
+ <li>Copy the downloaded binds_on_mount.sh</li>
|
|
|
+ <li>Back in PuTTY, execute the following commands
|
|
|
+ <div class="codeBlock">cd /jffs/startup<br />
|
|
|
+ # make binds_on_mount.sh executable<br />
|
|
|
+ chmod +x binds_on_mount.sh</div>
|
|
|
+ </li>
|
|
|
+ <li>Test binding the newly created certificates manually
|
|
|
+ <div class="codeBlock">./binds_on_mount.sh</div>
|
|
|
+ <u><strong>If any errors occur do not proceed to the next section until they are resolved</strong></u></li>
|
|
|
+ <li>Open a web browser and navigate to https://DDWRT_IP</li>
|
|
|
+ <li>If the certificates were bound successfully the generated certificates should now be served by DD-WRT</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<h2>Automatically Applying SSL Certificates on DD-WRT Startup</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Open a web browser and navigate to http://DDWRT_IP</li>
|
|
|
+ <li>Authenticate with the DD-WRT login</li>
|
|
|
+ <li>Click on the Administration tab</li>
|
|
|
+ <li>Click on the Commands sub-navigation tab</li>
|
|
|
+ <li>Paste the following into the Commands textarea
|
|
|
+ <p>cd /jffs/startup && ./binds_on_mount.sh > ./log</p>
|
|
|
+ </li>
|
|
|
+ <li>Click the Save Startup button</li>
|
|
|
+ <li>Click on the Management sub-navigation tab</li>
|
|
|
+ <li>Scroll to the bottom and click the Reboot Router button</li>
|
|
|
+ <li>Wait for the router to reboot</li>
|
|
|
+ <li>Refresh the DD-WRT web interface and the created SSL certificates should be used</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<p>On one of my cheaper routers /jffs was read-only and had 0 bytes available. I followed the same steps as above but used a USB flash drive to store the files. I was able to replace /jffs with /tmp/mnt/USB to complete setting up SSL on the device. Leaving HTTP checked under Administration > Management > Web Access can provide a fallback until https is working reliably. If for some reason https stops working you can re-enable access via http by connecting to the router via SSH and running the following commands:<br />
|
|
|
+nvram set httpd_enable=1<br />
|
|
|
+nvram set http_enable=1</p>
|
|
|
+
|
|
|
+<p>Special thanks to the DD-WRT forums and alexandrusavin on GitHub for inspiration on getting this working<br />
|
|
|
+<a href="https://gist.github.com/alexandrusavin/69b26846d6593d6f217219b5bd8882c4">https://gist.github.com/alexandrusavin/69b26846d6593d6f217219b5bd8882c4</a></p>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </body>
|
|
|
+ </html>
|
|
|
+
|
i12bretro