Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:tomato.html [04.07.2018 03:37 CEST] – [Links] peter
+++ docs:tips_n_tricks:tomato.html [03.05.2021 19:08 CEST] (current) – [Using https with your own CA] peter
@@ Line 1: / Line 1: @@
 ====== Tomato ======
+===== Using https with your own CA =====
+<note important>It seems, you first have to create the key/certificate pair with the desired subject configured in //TomatoUSB//s web gui. Otherwise it will be regenerated at next boot, overwriting your custom certificate.</note>
+One advantage of open source firmware is the ability to use //https// for accessing the web based configuration tools (aka Web GUI). However, with Tomato USB there is no obvious option to upload a signed certificate. If you're running your own Home-CA, eg. by using [[https://github.com/chris2511/xca/|XCA]] you want to sign it, so none of the browsers in your household complains about the selfsigned certificate of you router. I assume you have //ssh// access to your router, so you can copy files from and to the router by //scp//. First of all, you need to have "store tor NVRAM" enabled for your https certificate in the //Tomato USB// configuration. Now go to your favourite computer running a decent shell and copy two files to your working directory:
+  mkdir etc
+  scp -p root@192.168.1.1;/etc/cert.pem etc/
+  scp -p root@192.168.1.1;/etc/key.pem etc/
+Now import then into your CA, make a "similar" certificate possibly with the key //key.pem// as provided by Tomate USB and sign it with your CA. Now put it pack to your working directory and replace //cert.pem//. Now copy them back to your router (this can most probably skipped, as you need to reboot your router anyway);
+  scp -p etc/cert.pm root@192.168.1.1:/etc/
+For storing this into the NVRAM, you have to create the right configuration by this:
+  tar -czf - etc/cert.pem etc/key.pem | base64 -w 0
+Use the resulting string as parameter for //https_cert_file// in //Tomato USBs// NVRAM setting, applying with (on your Router!):
+  nvram set https_crt_file="..."
+  nvram commit
+  reboot
+where the dots ... have to be replaced by the output gained above((An other way would be to create the tar file, copy it to the router and use ''nvram setfb64 https_crt_file //<file>//.tgz''.)).
+===== Starting httpd on commandline =====
+<code bash>
+cd /www
+httpd
+</code>
+Pretty easy, huh? :-D
 ===== Using TomatoUSB as NATting router =====
 //This was tried with TomatoUSB v1.28((Tomato Firmware 1.28.0000 MIPSR2-124 K26 USB AIO
@@ Line 49: / Line 80: @@
   /usr/sbin/robocfg showports
   /usr/sbin/robocfg port 4 media 100FD
-==== Caveats ====
+===== Caveats =====
 <note warning>Whenn assinging additional bridges, numbers must be consecutive((i.e. br0,br1,br2)), otherwise((e.g. br0, br3)) bridges after a gap will not be started!</note>
 ===== Links =====
   * http://www.linksysinfo.org/index.php?categories/firmware-projects-for-linksys-devices.20/
   * [[http://tomato.groov.pl|Shibby's Pages]] ([[http://tomato.groov.pl/?page_id=78|Changelog]])
+  * [[https://advancedtomato.com/|Advanced Tomato]] for an branch of Shibby's work with another GUI