Create and Apply SSL Certificate to DD-WRT Web Interface

Channel:

i12bretro

Subscribers:

14,500

Published on December 5, 2020 10:00:02 AM ● Video Link: https://www.youtube.com/watch?v=9j8vtz9u8Q0

Category:

Tutorial

Duration: 4:35

1,970 views

20

#DD-WRT #SSL #Certificates #PublicKeyInfrastructure

Full steps can be found at https://i12bretro.github.io/tutorials/0170.html

Note: You may need to enable JFFS2 support under Administration ≫ Management ≫ JFFS2 Support to have a usable /jffs location
 
Prerequisites
   - A XCA PKI database  https://youtu.be/ezzj3x207lQ
 
Create Your SSL Certificate
   01. Launch XCA
   02. Open the PKI database if it is not already (File ≫ Open DataBase), enter password
   03. Click on the Certificates tab, right click on your Intermediate CA certificate
   04. Select New
   05. On the Source tab, make sure Use this Certificate for signing is selected
   06. Verify your Intermediate CA certificate is selected from the drop down
   07. Click the Subject tab
   08. Complete the Distinguished Name section
         internalName: dd-wrt.i12bretro.local
         countryName: US
         stateOrProvinceName: Virginia
         localityName: Northern
         organizationName: i12bretro
         organizationUnitName: i12bretro Certificate Authority
         commonName: dd-wrt.i12bretro.local
   09. Click the Generate a New Key button
   10. Enter a name and set the key size to at least 2048
   11. Click Create
   12. Click on the Extensions tab
   13. Select End Entity from the type list
   14. Click Edit next to Subject Alternative Name
   15. Add any DNS or IP addresses that the certificate will identify
   16. Update the validity dates to fit your needs
   17. Click the Key Usage tab
   18. Under Key Usage select Digital Signature, Key Encipherment
   19. Under Extended Key Usage select Web Server and Web Client Authentication
   20. Click the Netscape tab
   21. Select SSL Server
   22. Click OK to create the certificate
 
Exporting Required Files
   01. In XCA, click on the Certificates tab
   02. Right click the SSL certificate ≫ Export ≫ File
   03. Set the file name to cert.pem verify the export format is PEM (*.crt)
   04. Click OK
   05. Click the Private Keys tab
   06. Right click the private key generated for the SSL certificate ≫ Export ≫ File
   07. Set the file name to key.pem and verify the export format is PEM private (*.pem)
   08. Click OK
 
Applying SSL Certificates in DD-WRT
   01. Open a web browser and navigate to http://DDWRT_IP
   02. Authenticate with the DD-WRT login
   03. Click on the Services tab
   04. Locate the Secure Shell section
   05. Select the Enable radio option next to SSHd
   06. Click Apply Settings
   07. Click on the Administration tab
   08. Locate the JFFS2 Support heading
   09. Check the Enable button next to Internal Flash Storage
   10. Locate the Web Access heading
   11. Uncheck HTTP
   12. Check HTTPS
   13. Click Apply Settings
   14. Scroll down and click the Reboot Router
   15. Wait for DD-WRT to come back up
   16. Download PuTTY  https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
   17. Connect to DD-WRT via PuTTY
   18. Execute the following commands to create the working directories
         cd /jffs
         mkdir etc
         mkdir startup
   19. Download the bash script to apply the SSL certificates  https://gist.githubusercontent.com/i12bretro/240ecec51f63ec8550403be0edd10c98/raw/b4d8862374c0b541b55ab58935ddd14bdab82369/binds_on_mount.sh
   20. Download WinSCP  https://winscp.net/eng/downloads.php
   21. Extract WinSCP and run the executable
   22. Connect to the DD-WRT server via WinSCP
   23. Navigate to /jffs/etc
   24. Copy the created cert.pem and key.pem to /jffs/etc
   25. Navigate to /jffs/startup
   26. Copy the downloaded binds_on_mount.sh
   27. Back in PuTTY, execute the following commands
         cd /jffs/startup
         # make binds_on_mount.sh executable
         chmod +x binds_on_mount.sh
   28. Test binding the newly created certificates manually
         ./binds_on_mount.sh
If any errors occur do not proceed to the next section until they are resolved
   29. Open a web browser and navigate to https://DDWRT_IP
   30. If the certificates were bound successfully the generated certificates should now be served by DD-WRT
 
Automatically Applying SSL Certificates on DD-WRT Startup
   01. Open a web browser and navigate to http://DDWRT_IP
   02. Authenticate with the DD-WRT login
   03. Click on the Administration tab
   04. Click on the Commands sub-navigation tab
   05. Paste the following into the Commands textarea
         cd /jffs/startup && ./binds_on_mount.sh ≫ ./log
   06. Click the Save Startup button
   07. Click on the Management sub-navigation tab
   08. Scroll to the bottom and click the Reboot Router button
   09. Wait for the router to reboot
   10. Refresh the DD-WRT web interface and the created SSL certificates should be used
 


....Full steps can be found on GitHub [link at the top]


### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro