I’m transitioning all of my local network services toward using an internal CA, but AdvancedTomato is a little trickier in that regard because it doesn’t have support for loading a custom cert or key in the web UI.
Instead, you must connect over SSH and modify the certificate files manually, then write them to nvram. Simply upload cert.pem and key.pem to the root home directory, then save this shell script:
cp ./cert.pem /etc/cert.pem
cp ./key.pem /etc/key.pem
sed -i "/END CERTIFICATE/q"...
In light of the numerous recent attacks against SSL, I thought I’d offer up a quick and simple crypto lesson about why MAC-then-encrypt schemes are bad. This post will require only a minimum of knowledge about cryptography, so hopefully it’ll be useful to a wide range of people.
This is not designed to be a full and detailed description of how SSL works, or how various attacks against it works, but rather a short primer on the subject for those who know a bit about crypto but don’t really understand how...