Skip to content

Instantly share code, notes, and snippets.

@kramfs
Last active May 18, 2022 10:53
Show Gist options
  • Save kramfs/a45942e93b9343b086d7744160413261 to your computer and use it in GitHub Desktop.
Save kramfs/a45942e93b9343b086d7744160413261 to your computer and use it in GitHub Desktop.
cat << EOF >> brightup.sh
#!/bin/sh
# Created on $(date)
EOF
~~~~~~~~~
# START #
~~~~~~~~~
# Install LUCI
opkg update
opkg install luci
## Fix SSL issue ##
# https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings
opkg update && opkg install openssl-util luci-app-uhttpd
cat << EOF > /etc/ssl/ssl_config.config
# Created on $(date)
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
string_mask = utf8only
[req_distinguished_name]
C = SG
ST = SG
L = Singapore
O = OpenWrt
OU = Home Router
CN = luci.openwrt
[v3_req]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = openwrt
DNS.2 = openwrt.lan
DNS.3 = openwrt.cloud.internal
IP.1 = 192.168.1.253
IP.2 = 192.168.2.1
EOF
# Generate SSL certificate
cd /etc/ssl
openssl req -x509 -nodes -days 1095 -newkey rsa:4096 -keyout mycert.key -out mycert.crt -config ssl_config.config
# Edit uhttpd config for the location of the crt/key file
vi /etc/config/uhttpd
option cert '/etc/ssl/mycert.crt'
option key '/etc/ssl/mycert.key'
# Restart uHTTPD
/etc/init.d/uhttpd restart
Add key/crt to backup. In LuCI, go to System → Backup/Flash Firmware, Click Configuration tab, then add /etc/ssl/mycert.crt & /etc/ssl/mycert.key
# IMPORTANT: For the self-signed certificcate to work, download the .crt and add to your local keychain access
scp -v root@192.168.1.253:/etc/ssl/mycert.crt .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment