Add Support for HTTPs and SSL on Omega2
We are building an IOT gateway using Omega2 that will require encrypted content over HTTPs, which means we that will need SSL encryption.
We can use self signed SSL certificate for now, so no need to purchase one from a CA vendor
Can anyone please point out on Omega2, how can we:
- generate self signed SSL certificate
- apply the certificate to the web server (uhttpd)
- enable https in uhttpd?
For each and every point you listed there is a mass of documentation available.
You should be able to install
opensslon the Omega2+ (from LEDE repos or directly Omega repos), which gives you the means to generate what every certificate you like. You haven't mentioned what kind of certificate you need, with what cryptographic parameters (RSA/ECC, curves, modulo length, hash algorithm, ciphersuites and key exchanges to be supported,...). Actually you don't even have to install and use
opensslon the Omega2+, you can generate the keys and certificates off-site.
For web server (and
uhttpd-mod-tls) documentation see
Introduction to OpenSSL certificate creation: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
Hi Peter - I think we're headed down similar paths. How is your progress re: https?
- From your command line issue the following commands:
opkg update opkg install px5g-standalone libustream-openssl
- Restart the uhttpd service:
- When you restart
uhttpdservice, it generates
RSAprivate key and selfsigned certificate, here is the output that I've got after restarting uhttpd:
# /etc/init.d/uhttpd restart 4+0 records in 4+0 records out Generating RSA private key, 2048 bit long modulus Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=LEDEd1d8b179,CN=LEDE,' and validity 20180417162546-20200416162546
- Now you can navigate to your browser and type:
https://omega-XXXX.local( where XXXX are the last digits of your MAC address). Here is my screenshot:
Enjoy and Happy Hacking :)