Closed GoogleCodeExporter closed 9 years ago
GoTo Firewall - General
Enable HTTPS Web Access from WAN? YES
Port of HTTPS Web Access from WAN: Set port which not blocked by your ISP
Original comment by andy.pad...@gmail.com
on 3 Oct 2013 at 12:04
Okay - this works.
Google chrome however doesn't like the certificate that I built internally on
the router. It is regarded as "weak" because it was generated using an md5
digest (option -des3 in the https-cert.sh). I changed the option to -aes256 but
that didn't work on the router. So, I built the certificate with OpenSSL on a
Debian machine and imported the keys. Now, everything is fine.
You might implement aes256 or another "safer" digest to the next firmware.
Original comment by ulysses....@gmail.com
on 10 Oct 2013 at 2:48
You can also use root certificate CA (and chains).
https-cert.sh generated self-signed certificate without CA.
-des3 is a TripleDES 192bit encryption, this is not md5 ;)
Original comment by andy.pad...@gmail.com
on 17 Oct 2013 at 2:45
The script has implemented the -des3 option, but the certificate that I built
with it on the router shows up a md5 digest. May be my /opt/bin/openssl on the
router is outdated (historically, I'm still using optware because I avoided the
effort to move to entware); the timestamp of my openssl is from April 30, 2012.
Did you check the certificate generated on your router (e.g. by importing it
from Windows), is it really des3?
Original comment by ulysses....@gmail.com
on 17 Oct 2013 at 9:50
The certificate is generated with TripleDES encryption. But it is signed with
md5 alg.
So, if you'd like to improve your cert specially for Google, shouldn't change
-des3 value (this won't make sense). You should add -sha1 option to signing
command:
# openssl x509 -sha1 -req -days ....
Original comment by d...@soulblader.com
on 24 Nov 2013 at 11:43
Original issue reported on code.google.com by
ulysses....@gmail.com
on 1 Oct 2013 at 7:24