kramfs/openwrt_luci_ssl_setup

## openwrt_luci_ssl_setup
cat << EOF >> brightup.sh
#!/bin/sh
# Created on $(date)
EOF

~~~~~~~~~
# START #
~~~~~~~~~

# Install LUCI
opkg update
opkg install luci


## Fix SSL issue ##
# https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings


opkg update && opkg install openssl-util luci-app-uhttpd


cat << EOF > /etc/ssl/ssl_config.config
# Created on $(date)
[req]
distinguished_name  = req_distinguished_name
x509_extensions     = v3_req
prompt              = no
string_mask         = utf8only

[req_distinguished_name]
C                   = SG
ST                  = SG
L                   = Singapore
O                   = OpenWrt
OU                  = Home Router
CN                  = luci.openwrt

[v3_req]
keyUsage            = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage    = serverAuth
subjectAltName      = @alt_names

[alt_names]
DNS.1               = openwrt
DNS.2               = openwrt.lan
DNS.3               = openwrt.cloud.internal
IP.1                = 192.168.1.253
IP.2                = 192.168.2.1

EOF


# Generate SSL certificate
cd /etc/ssl
openssl req -x509 -nodes -days 1095 -newkey rsa:4096 -keyout mycert.key -out mycert.crt -config ssl_config.config

# Edit uhttpd config for the location of the crt/key file
vi /etc/config/uhttpd

        option cert '/etc/ssl/mycert.crt'
        option key '/etc/ssl/mycert.key'

# Restart uHTTPD
/etc/init.d/uhttpd restart

Add key/crt to backup. In LuCI, go to System → Backup/Flash Firmware, Click Configuration tab, then add /etc/ssl/mycert.crt & /etc/ssl/mycert.key

# IMPORTANT: For the self-signed certificcate to work, download the .crt and add to your local keychain access
scp -v root@192.168.1.253:/etc/ssl/mycert.crt .
	cat << EOF >> brightup.sh
	#!/bin/sh
	# Created on $(date)
	EOF

	~~~~~~~~~
	# START #
	~~~~~~~~~

	# Install LUCI
	opkg update
	opkg install luci


	## Fix SSL issue ##
	# https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings


	opkg update && opkg install openssl-util luci-app-uhttpd


	cat << EOF > /etc/ssl/ssl_config.config
	# Created on $(date)
	[req]
	distinguished_name = req_distinguished_name
	x509_extensions = v3_req
	prompt = no
	string_mask = utf8only

	[req_distinguished_name]
	C = SG
	ST = SG
	L = Singapore
	O = OpenWrt
	OU = Home Router
	CN = luci.openwrt

	[v3_req]
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	extendedKeyUsage = serverAuth
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = openwrt
	DNS.2 = openwrt.lan
	DNS.3 = openwrt.cloud.internal
	IP.1 = 192.168.1.253
	IP.2 = 192.168.2.1

	EOF


	# Generate SSL certificate
	cd /etc/ssl
	openssl req -x509 -nodes -days 1095 -newkey rsa:4096 -keyout mycert.key -out mycert.crt -config ssl_config.config

	# Edit uhttpd config for the location of the crt/key file
	vi /etc/config/uhttpd

	option cert '/etc/ssl/mycert.crt'
	option key '/etc/ssl/mycert.key'

	# Restart uHTTPD
	/etc/init.d/uhttpd restart

	Add key/crt to backup. In LuCI, go to System → Backup/Flash Firmware, Click Configuration tab, then add /etc/ssl/mycert.crt & /etc/ssl/mycert.key

	# IMPORTANT: For the self-signed certificcate to work, download the .crt and add to your local keychain access
	scp -v root@192.168.1.253:/etc/ssl/mycert.crt .