merlinwrt-custom-ssl-cert.sh

1. # https://gist.github.com/davidbalbert/6815258
2. #
3. # First, enable SSH in the Administration->System tab.
4. # Then log in to the device.
5.  
6. # Verify that https_crt_save is off
7. admin@RT-N66U:/tmp/home/root# nvram get https_crt_save
8. 0
9.  
10. # Enable https_crt_save and verify that it was set correctly
11. admin@RT-N66U:/tmp/home/root# nvram set https_crt_save=1
12. admin@RT-N66U:/tmp/home/root# nvram get https_crt_save
13. 1
14.  
15. # Write your custom key and certificate to the ephemeral file system.
16. # Note that these files will not be preserved on restart.
17. admin@RT-N66U:/tmp/home/root# cat >/etc/key.pem
18. # paste in key
19. admin@RT-N66U:/tmp/home/root# cat >/etc/cert.pem
20. # paste in cert
21.  
22. # Verify https_crt_file is empty
23. admin@RT-N66U:/tmp/home/root# nvram get https_crt_file
24. admin@RT-N66U:/tmp/home/root#
25.  
26. # Restart httpd. When httpd starts up with https_crt_save enabled, it does the
27. # following: If /etc/cert.pem and /etc/key.pem exist, it tars them together and
28. # saves them in https_crt_file.  If they do not exist (this would be the case
29. # on reboot) and https_crt_file exists, httpd will extract the contents of
30. # https_crt_file. You can see how this works in the start_ssl function here:
31. # https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/httpd/httpd.c
32. admin@RT-N66U:/tmp/home/root# service restart_httpd
33.  
34. # Ensure https_crt_file is now full
35. admin@RT-N66U:/tmp/home/root# nvram get https_crt_file
36. # ...snip...
37.  
38. # Reboot AP to make sure cert is put back on boot
39. admin@RT-N66U:/tmp/home/root# reboot