How to install SSL certificates generated from a certifying authority on ASUS routers.

ASUS_install_ssl_certificate

# First, enable SSH in the Administration->System tab.
# Then log in to the device.

# Verify that https_crt_save is off
admin@RT-N66U:/tmp/home/root# nvram get https_crt_save
0

# Enable https_crt_save and verify that it was set correctly
admin@RT-N66U:/tmp/home/root# nvram set https_crt_save=1
admin@RT-N66U:/tmp/home/root# nvram get https_crt_save
1

# Write your custom key and certificate to the ephemeral file system.
# Note that these files will not be preserved on restart.
admin@RT-N66U:/tmp/home/root# cat >/etc/key.pem
# paste in key
admin@RT-N66U:/tmp/home/root# cat >/etc/cert.pem
# paste in cert

# Verify https_crt_file is empty
admin@RT-N66U:/tmp/home/root# nvram get https_crt_file
admin@RT-N66U:/tmp/home/root#

# Restart httpd. When httpd starts up with https_crt_save enabled, it does the
# following: If /etc/cert.pem and /etc/key.pem exist, it tars them together and
# saves them in https_crt_file.  If they do not exist (this would be the case
# on reboot) and https_crt_file exists, httpd will extract the contents of
# https_crt_file. You can see how this works in the start_ssl function here:
# https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/httpd/httpd.c
admin@RT-N66U:/tmp/home/root# ps | grep httpd
  366 admin     4116 S    httpd -s -p 8443
  379 admin     1424 S    grep httpd
admin@RT-N66U:/tmp/home/root# kill -9 366
admin@RT-N66U:/tmp/home/root# httpd -s -p 8443 &
admin@RT-N66U:/tmp/home/root# [ssl_init] success!!

admin@RT-N66U:/tmp/home/root#

# Ensure https_crt_file is now full
admin@RT-N66U:/tmp/home/root# nvram get https_crt_file
# ...snip...

# Reboot AP to make sure cert is put back on boot
admin@RT-N66U:/tmp/home/root# reboot