From the Wiki. LOOK CLOSELY AT THE TEXT IN RED BELOW, THE ORDER THAT YOU IMPORT IS VITAL. FOLLOW THESE INSTRUCTIONS CAREFULL AND IT WILL WORK.
HTTPS connection enabling
[edit] Creating certificate
Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign. An unsigned certificate can be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Two important things:
1. Enter the same pass phrase always when asked for "Enter pass phrase for server.key" (Should be 4 times);
2. Enter your server's domain name, when asked for "Common Name (eg, YOUR name) []". This is important, because otherwise some browsers may refuse your certificate. For example, if the User Manager server's address is
http://userman.mt.lv/userman, then "userman.mt.lv" must be specified as Common Name for the certificate.
After doing this three files will be created:
1. server.crt - Certificate, must be uploaded to router;
2. server.key - Private key, must be uploaded to router;
3. server.csr - Signature request, can/should be deleted;
[flash=]
Upload server.crt and server.key to the router and import them, using the same pass phrase again when asked. server.crt must be imported before server.key.[/flash]
[edit] Importing certificate
Certificate file can be then uploaded to the router and imported with command
/certificate import file-name=...
The command should return
certificates-imported: 1
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situation the output should be
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 1
Just repeat the same command
/certificate import file-name=...
once again and the output should be this time
certificates-imported: 0
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
Now certificate is imported correctly and ready for use;