Use a Unique Self-Signed Certificate on the Router

Due to security concerns, it is strongly recommended to have a unique private key on each device for self-signed SSL. This article shows how to generate a unique self-signed certificate then replace the default one on Vigor Router.

Create Root CA

1. Make sure the router's time settings are correct. We strongly recommend using the time settings that match the client side.

a screenshot of DrayTek Router time and date settings

2. Go to Certificate Management >> Trusted CA Certificate, and click Create Root CA.

a screenshot of DrayOS Trusted CA list

3. Enter the identity of your organization in the subjects of Root CA, like the example below, and click Generate.

a screenshot of DrayOS Root CA creation

4. The RootCA will be shown with status "OK". (NOTE: A router can only have one Root CA. To create a new Root CA, you’ll have to delete the old one first.)

a screenshot of DrayOS Trusted CA Certificate list
Sign a Local Certificate with Root CA

5. Go to Certificate Management >> Local Certificate, and generate a certificate request.

a screenshot of DrayOS Local certificate list

6. Again, enter the identity of your organization for subjects, and click Generate.

a screenshot of DrayOS generating local certificates

7. There will be a new local certificate request on the list with status Requesting. Click Sign to sign the local certificate.

a screenshot of DrayOS Local Certificate list

8. Set the date of Validity, and click Sign.

a screenshot of signing Local Certificate on DrayOS

9. The local certificate status will change to “OK”.

a screenshot of DrayOS Local Certificate list
Replace the Default Certificate

10. Go to SSL >> General Setup, and select the new certificate created in step 6 for Server Certificate.

a screenshot of DrayOS SSL General Setup

11. From the browser, we should see the certificate has changed to the one we set. Now the router is using a unique self-signed certificate.

a screenshot of checking the server certificate from a browser

Published On: Dec 07, 2015 

Was this helpful?     


Related Articles