Setting up HTTPS SSL Certificates on OpenWrt
Server
Published: 2023-02-23

This guide explains how to set up HTTPS SSL certificates on OpenWrt. Can it actually be configured from the WebUI??

For certificates with a short validity period, such as those from Let’s Encrypt, it might be a good idea to automate the process using a shell script and run it periodically with cron.

Prerequisites

  • Obtain an SSL certificate
  • Enable HTTPS from the WebUI
    System -> Administration -> HTTP(S) Access 
    Check the box for Redirect to HTTPS
    

Convert SSL certificate and private key to DER format

openssl x509 -in server.crt -outform DER > uhttpd.crt
openssl x509 -in chain.crt -outform DER >> uhttpd.crt
openssl rsa -in server.key -outform DER > uhttpd.key

If the private key is not RSA but an elliptic curve cryptography key, use openssl ec -in server.key -outform DER > uhttpd.key.

Copy SSL certificate and private key to OpenWrt

scp uhttpd.crt uhttpd.key <OpenWrt host>:/etc/

Restart uhttpd, the web server on OpenWrt

ssh <OpenWrt host> /etc/init.d/uhttpd restart

Now, when you connect to https:///, the SSL certificate you configured should be active.