Custom SSL certificates - RMerl/asuswrt-merlin.ng GitHub Wiki

Prerequisites

  • SmallStep CLI

Certificate Generation

granular-dn-leaf.tpl

{
	"subject": {
		"country": {{ toJson .Insecure.User.country }},
		"organization": {{ toJson .Insecure.User.organization }},
		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
		"commonName": {{toJson .Subject.CommonName }}
	},
	"sans": {{ toJson .SANs }},
	"extKeyUsage": ["serverAuth"],
	"basicConstraints": {
		"isCA": false
	}
}

dn-defaults.json

{
  "country": "US",
  "organization": <ORGANIZATION>,
  "organizationalUnit": <ORG_UNIT>
}
step certificate create router router.pem router.key \
  --ca root-ca.pem --ca-key root-ca-key.pem --ca-password-file root-ca-pass.txt \
  --template granular-dn-leaf.tpl --set-file dn-defaults.json \
  --not-after 2160h --bundle \
  --insecure --no-password \
  --san <ROUTER_IP> --san <ROUTER_DNS_NAME>

Certificate Installation

  1. Head to WAN -> DDNS
  2. Select Import Your Own Certificate and upload.

Notes

You do need the extension specifying it's not a CA otherwise you get an error: httpd: Can't get basic constrain.

Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️