Self Signed Certificate
If you wish to configure the Node in the field, you have four choices:- If you have a Windows laptop, or a non-Windows laptop running virtualization software, you can connect to the Node using Winbox.
- You can connect over the web using an unsecure (non-https) connection, if you have configured your Node to allow such connections. If you are connecting wirelessly (for example, using a wireless router connected to your Node), your password will be transmitted unsecurely. This approach is not recommended.
- You can connect over the web using a secure (https) connection, if you have configured your node to allow such connections, and if you have purchased and installed a signed (trusted) certificate. Note that signed certificates expire after one to two years, so you must purchase and install a new certificate periodically. Even if you are connecting wirelessly (for example, using a wireless router connected to your Node), this approach ensures that your pasword will be transmitted securely.
- You can connect over the web using a secure (https) connection, if you have configured your node to allow such connections, and if you have installed a self-signed (untrusted) certificate. Even if you are connecting wirelessly (for example, using a wireless router connected to your Node), this approach ensures that your pasword will be transmitted securely. Anyone connecting to your node will receive a warning from their web browser that the connection is untrusted, but since this is your own node and you have installed the certificate, there is no reason for you to not trust the connection. This is a great approach if you wish to configure your Node over WiFi using a tablet.
The following commands install a self-signed certificate on your Node, to allow you to connect securely over a wireless connection. These certificates are good for 100 years, which should be long enough for most users. Note that the two /certificate sign
commands may take several seconds to complete, so to avoid confusion, it is a good idea to copy and paste only one command at a time. Finally, note that you should substitute your own call sign in place of AA7HW
in the following commands, and if you have more than one Node, you should use a unique number following your call sign for the common-name on each Node.
/certificate add name=root-cert common-name=AA7HW-01 days-valid=36525 key-usage=key-cert-sign,crl-sign
/certificate sign root-cert
/certificate add name=https-cert common-name=AA7HW-01 days-valid=36525
/certificate sign ca=root-cert https-cert
/ip service set www-ssl certificate=https-cert disabled=no
/ip service disable telnet,ftp,www,api,api-ssl
Copyright © 2018 Oregon HamWAN. All rights reserved.