Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:tomato.html [07.11.2018 02:05 CET] – [Using https with your own CA] peter
+++ docs:tips_n_tricks:tomato.html [03.05.2021 19:08 CEST] (current) – [Using https with your own CA] peter
@@ Line 1: / Line 1: @@
 ====== Tomato ======
 ===== Using https with your own CA =====
+<note important>It seems, you first have to create the key/certificate pair with the desired subject configured in //TomatoUSB//s web gui. Otherwise it will be regenerated at next boot, overwriting your custom certificate.</note>
 One advantage of open source firmware is the ability to use //https// for accessing the web based configuration tools (aka Web GUI). However, with Tomato USB there is no obvious option to upload a signed certificate. If you're running your own Home-CA, eg. by using [[https://github.com/chris2511/xca/|XCA]] you want to sign it, so none of the browsers in your household complains about the selfsigned certificate of you router. I assume you have //ssh// access to your router, so you can copy files from and to the router by //scp//. First of all, you need to have "store tor NVRAM" enabled for your https certificate in the //Tomato USB// configuration. Now go to your favourite computer running a decent shell and copy two files to your working directory:
@@ Line 21: / Line 22: @@
   reboot
-where the dots ... have to be replaced by the output gained above.
+where the dots ... have to be replaced by the output gained above((An other way would be to create the tar file, copy it to the router and use ''nvram setfb64 https_crt_file //<file>//.tgz''.)).
+===== Starting httpd on commandline =====
+<code bash>
+cd /www
+httpd
+</code>
+Pretty easy, huh? :-D
 ===== Using TomatoUSB as NATting router =====
 //This was tried with TomatoUSB v1.28((Tomato Firmware 1.28.0000 MIPSR2-124 K26 USB AIO