Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:tomato.html [07.11.2018 02:05 CET] – [Using https with your own CA] peter
+++ docs:tips_n_tricks:tomato.html [15.02.2019 15:55 CET] – [Using https with your own CA] peter
@@ Line 1: / Line 1: @@
 ====== Tomato ======
 ===== Using https with your own CA =====
+<note important>It seems, you first have to create the key/certificate pair with the desired subject configured in //TomatoUSB//s web gui. Otherwise it will be regenerated at next boot, overwriting your custom certificate.</note>
 One advantage of open source firmware is the ability to use //https// for accessing the web based configuration tools (aka Web GUI). However, with Tomato USB there is no obvious option to upload a signed certificate. If you're running your own Home-CA, eg. by using [[https://github.com/chris2511/xca/|XCA]] you want to sign it, so none of the browsers in your household complains about the selfsigned certificate of you router. I assume you have //ssh// access to your router, so you can copy files from and to the router by //scp//. First of all, you need to have "store tor NVRAM" enabled for your https certificate in the //Tomato USB// configuration. Now go to your favourite computer running a decent shell and copy two files to your working directory:
@@ Line 21: / Line 22: @@
   reboot
-where the dots ... have to be replaced by the output gained above.
+where the dots ... have to be replaced by the output gained above((A simpler solution would be probably to use ''nvram setfb64 //<file>//.tgz'' - but I haven't tried this.)).
 ===== Using TomatoUSB as NATting router =====