Add Support for HTTPs and SSL on Omega2



  • We are building an IOT gateway using Omega2 that will require encrypted content over HTTPs, which means we that will need SSL encryption.

    We can use self signed SSL certificate for now, so no need to purchase one from a CA vendor
    Can anyone please point out on Omega2, how can we:

    • generate self signed SSL certificate
    • apply the certificate to the web server (uhttpd)
    • enable https in uhttpd?

    Much appreciated.



  • For each and every point you listed there is a mass of documentation available.

    You should be able to install openssl on the Omega2+ (from LEDE repos or directly Omega repos), which gives you the means to generate what every certificate you like. You haven't mentioned what kind of certificate you need, with what cryptographic parameters (RSA/ECC, curves, modulo length, hash algorithm, ciphersuites and key exchanges to be supported,...). Actually you don't even have to install and use openssl on the Omega2+, you can generate the keys and certificates off-site.

    For web server (and uhttpd-mod-tls) documentation see

    Introduction to OpenSSL certificate creation: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs



  • Hi Peter - I think we're headed down similar paths. How is your progress re: https?


  • administrators

    @peterh-peterh @peanut Here is the procedure on how to enable HTTPs for uhttpd and generate self-signed certificate.

    1. From your command line issue the following commands:
    opkg update
    opkg install px5g-standalone libustream-openssl
    
    1. Restart the uhttpd service:
    /etc/init.d/uhttpd restart
    
    1. When you restart uhttpd service, it generates RSA private key and selfsigned certificate, here is the output that I've got after restarting uhttpd:
    # /etc/init.d/uhttpd restart
    4+0 records in
    4+0 records out
    Generating RSA private key, 2048 bit long modulus
    Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=LEDEd1d8b179,CN=LEDE,' and validity 20180417162546-20200416162546
    
    1. Now you can navigate to your browser and type: https://192.168.3.1 or https://omega-XXXX.local ( where XXXX are the last digits of your MAC address). Here is my screenshot:
      0_1524150347116_7ba7746a-d969-445a-940b-a072790ca6d2-image.png

    Enjoy and Happy Hacking :)


Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.