FreshTomato Wiki

User Tools

Site Tools

Trace:
custom_ssl_cert_local_cert_authority

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
custom_ssl_cert_local_cert_authority [2025/11/25 23:31] – [Set up a Custom SSL Cert - Notes and Troubleshooting] -Add explanation for second part of openssl ecparam command hogwildcustom_ssl_cert_local_cert_authority [2025/11/26 00:15] (current) – [Set up a Custom SSL Cert - Notes and Troubleshooting] hogwild
Line 458: Line 458:
   - {{intermediateca.openssl.cnf.zip}}   - {{intermediateca.openssl.cnf.zip}}
  
- \\   \\ The OpenSSL ccparam subcommand doesn't directly support adding a password to a key. However, it can be piped back through OpenSSL to give it an extra layer of protection. For example, typing: \\   \\  ''openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out yourkey.pem''\\+ \\   \\ The OpenSSL ccparam subcommand doesn't directly support adding a password to a key. However, it can be piped back through OpenSSL to give it an extra layer of protection. For example, typing the following will generate an elliptical curve key using the prive256v1 algorithm, and then pipe it directly to the second command. The second command, "openssl ec -aes256 -out yourkey.pem" takes the output from the first one, (an elliptical curve key), encrypts it, prompts you for a password to protect it and then outputs the final result to file"yourkey.pem".\\   \\ ''openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out yourkey.pem''
  
-generates an elliptical curve key using the prive256v1 algorithm, and then pipes it directly to the second command. The second command, "openssl ec -aes256 -out yourkey.pem" takes the output of the first one, (an elliptical curve key), encrypts it, then asks you to provide a password to protect it.\\   \\   \\ Since r2025.3, FreshTomato doesn't require the CN to match the Hostname. The following steps will allow you test your setup to verify this. However, please note that testing this could cause FreshTomato to overwrite your custom cert. If it does happens, upload your certificate again and SSH will still function fine. \\   \\+ \\ 
 + 
 + \\ Since r2025.3, FreshTomato doesn't require the CN to match the Hostname. The following steps will allow you test your setup to verify this. However, please note that testing this could cause FreshTomato to overwrite your custom cert. If it does happens, upload your certificate again and SSH will still function fine. \\   \\
  
   * In the web interface, go to the [[admin_access|Admin Access]] menu and check the CN under "SSL Certificate". \\ \\    * In the web interface, go to the [[admin_access|Admin Access]] menu and check the CN under "SSL Certificate". \\ \\ 
custom_ssl_cert_local_cert_authority.1764113512.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki