franzs / fritzbox_upload_certificate Goto Github PK

39.0 7.0 4.0 44 KB

Script to upload certificate to FRITZ!Box

License: GNU General Public License v3.0

Shell 100.00%

fritzbox

fritzbox_upload_certificate's Introduction

Script to upload certificate to FRITZ!Box

This scripts allows to upload a certificate and a private key to a FRITZ!Box via curl. It can be used after a new certificate was obtained via Let's Encrypt for example.

The idea was taken from https://gist.github.com/wikrie/f1d5747a714e0a34d0582981f7cb4cfb

Usage

You have to provide a baseurl for your FRITZ!Box, a username, a password, and a certpath to contain fullchain.pem and privkey.pem. This can be done using environment variables or command line options. Command line options have a higher precedence.

Parameter	Environment	Command line option
baseurl	`FRITZBOX_BASEURL`	`-b`
username	`FRITZBOX_USERNAME`	`-u`
password	`FRITZBOX_PASSWORD`	`-p`
certpath	`FRITZBOX_CERTPATH`	`-c`
debug	`FRITZBOX_DEBUG`	`-d`

For debugging set the environment variable FRITZBOX_DEBUG to any non-empty string or use the command line option -d. The HTTP requests and responses will be written to /tmp/fritzbox.debug then.

Limitations

Only RSA keys are supported by FRITZ!OS.

Examples

Using command line options:

./fritzbox_upload_certificate.sh -b http://fritz.box -u admin -p secret -c ./certificates/fritz.box

Using environment variables:

export FRITZBOX_BASEURL=http://fritz.box
export FRITZBOX_USERNAME=admin
export FRITZBOX_PASSWORD=secret
export FRITZBOX_CERTPATH=./certificates/fritz.box
./fritzbox_upload_certificate.sh

Tested with

Device	FRITZ!OS	works?
FRITZ!Box 6490 Cable	7.20	✓
FRITZ!Box 6660 Cable	7.57	✓
FRITZ!Box 7360	6.86	✓
FRITZ!Box 7490	7.12	✓
FRITZ!Box 7490	7.57	✓
FRITZ!Box 7530 AX	7.57	✓
FRITZ!Box 7580	7.30	✓
FRITZ!Box 7590	7.29	✓
FRITZ!Repeater 1200 AX	7.57	✕
FRITZ!WLAN Repeater DVB-C	7.01	✓

Let me know what your results are.

fritzbox_upload_certificate's People

Contributors

Stargazers

Watchers

Forkers

fvdlaar stweil techtimo httpdop

fritzbox_upload_certificate's Issues

does not work with 7.57

change the code between the hashes to make it work

generate our upload request

boundary="---------------------------$(date +%Y%m%d%H%M%S)"

cat <> ${request_file}
--${boundary}
Content-Disposition: form-data; name="sid"

${sid}
--${boundary}
Content-Disposition: form-data; name="BoxCertPassword"

cert password if needed
--${boundary}
Content-Disposition: form-data; name="BoxCertImportFile"; filename="BoxCert.pem"
Content-Type: application/octet-stream

${certbundle}
--${boundary}--
EOD

upload the certificate to the box

7490 : FRITZ!OS 7.57 not working

Hi,
Thanks for the script but it seems not working in my case.

Fritz : 7490
Version : 7.57

Requirements : ok

env

export FRITZBOX_BASEURL=http://fritz.box
export FRITZBOX_USERNAME=admin
export FRITZBOX_PASSWORD=mypasswd
export FRITZBOX_CERTPATH=./certificates/fritz.box

Folder : ./certificates/fritz.box

certificates/fritz.box/
├── fullchain.pem
└── privkey.pem

Error message

Could not import certificate.

Details logs with the POST :

<!DOCTYPE html>
<html>
<head>
<title>FRITZ!Box</title>
</head>
<body>
<div id="main_page_all">
<header class="" name="" id="blueBarBox">
<div class="logoBox" name="" id=""></div>
<div class="blue_bar_titel" name="" id="blueBarTitel">FRITZ!Box</div>
<div class="logoBox fake" name="" id=""></div>
</header>
<div id="page_content_no_menu_box">


<div class="blue_bar_back">
  <h2>FRITZ!Box</h2>
</div>

<div id="page_content" class="page_content">
  <form method="POST" name="mainform" action="/index.lua">
    <p>
      The password entry is not valid. Please enter the correct password.
      <br>
    </p>
  </form>

</div>
  <script type="module">
      import postUpload from "/js/post_upload.js";

      postUpload.redirect();
  </script>

<div class="clear_float"></div>

</div>
</div>
</div>

</body>
</html>

I didn't try this script with firmware version older than 7.57.
There is no psswd with my cert.

Maybe the format of my files certs are not good ?

Any idea ?

Thanks for the help

Too strict privkey check???

The private key is checked to have a "-BEGIN RSA PRIVATE KEY-" header.
However, the privkey.pem file generated by certbot has a "-BEGIN PRIVATE KEY-" header and is thus rejected by the script.
After commenting out the check the upload by the script to a FB7490 with latest FritzOS worked flawlessly and there was no SSL error when accessing the FB over the internet.
Perhaps this check should be adapted appropriately.

Certificate Upload Error

First of all, thanks for the script!

Unfortunately I always get an error while uploading. Is there some command to further debug the response from the fritzbox?

Fritz!Box 6591 Cable
Fritz!OS 7.13

franzs / fritzbox_upload_certificate Goto Github PK

fritzbox_upload_certificate's Introduction

Script to upload certificate to FRITZ!Box

Usage

Limitations

Examples

Tested with

fritzbox_upload_certificate's People

Contributors

Stargazers

Watchers

Forkers

fritzbox_upload_certificate's Issues

generate our upload request

upload the certificate to the box

Recommend Projects

Recommend Topics

Recommend Org