Add Support for HTTPs and SSL on Omega2
-
We are building an IOT gateway using Omega2 that will require encrypted content over HTTPs, which means we that will need SSL encryption.
We can use self signed SSL certificate for now, so no need to purchase one from a CA vendor
Can anyone please point out on Omega2, how can we:- generate self signed SSL certificate
- apply the certificate to the web server (uhttpd)
- enable https in uhttpd?
Much appreciated.
-
For each and every point you listed there is a mass of documentation available.
You should be able to install
openssl
on the Omega2+ (from LEDE repos or directly Omega repos), which gives you the means to generate what every certificate you like. You haven't mentioned what kind of certificate you need, with what cryptographic parameters (RSA/ECC, curves, modulo length, hash algorithm, ciphersuites and key exchanges to be supported,...). Actually you don't even have to install and useopenssl
on the Omega2+, you can generate the keys and certificates off-site.For web server (and
uhttpd-mod-tls
) documentation seeIntroduction to OpenSSL certificate creation: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs
-
Hi Peter - I think we're headed down similar paths. How is your progress re: https?
-
@peterh-peterh @peanut Here is the procedure on how to enable HTTPs for uhttpd and generate self-signed certificate.
- From your command line issue the following commands:
opkg update opkg install px5g-standalone libustream-openssl
- Restart the uhttpd service:
/etc/init.d/uhttpd restart
- When you restart
uhttpd
service, it generatesRSA
private key and selfsigned certificate, here is the output that I've got after restarting uhttpd:
# /etc/init.d/uhttpd restart 4+0 records in 4+0 records out Generating RSA private key, 2048 bit long modulus Generating selfsigned certificate with subject 'C=ZZ,ST=Somewhere,L=Unknown,O=LEDEd1d8b179,CN=LEDE,' and validity 20180417162546-20200416162546
- Now you can navigate to your browser and type:
https://192.168.3.1
orhttps://omega-XXXX.local
( where XXXX are the last digits of your MAC address). Here is my screenshot:
Enjoy and Happy Hacking