Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Custom SSL certificates
Web interface (HTTPS support)
Starting with 380.67, Asuswrt-Merlin can now use your own SSL certificate for securing the management webui. This can be useful if you generate your certificate using your own CA which you have stored in your client devices, or if you obtain a valid certificate from a known CA.
To do so, you must first enable persistent certificate support, on the Administration -> System page. Under the Web Interface section make sure that the Authentication Method is set to either HTTPS or Both. Then, set Use persistent certificate to Yes, then press Apply.
Now, your router is going to use a self-signed certificate, and store it on the JFFS partition. The next step is to connect to your router over SSH or SCP, then store your own key and certificate files into the /jffs/ssl/ directory. There should already be a key.pem and cert.pem file there, which are the key and self-signed certificate generated by your router. Replace these two with yours. They must be in PEM format, which looks something like this:
-----BEGIN CERTIFICATE----- a series of random characters on multiple lines -----END CERTIFICATE-----
Then, restart the router's web server to make it use the new provided certificate. Run the following command over SSH:
After that, if you access your router over HTTPS (don't forget to specify the port, which by default will be 8443), it should be using your new certificate.
FTP server (TLS support)
You can also provide your own key/cert for the FTP server. They must also be stored under /jffs/ssl/ and named ftp.key and ftp.crt.