7490 : FRITZ!OS 7.57 not working about fritzbox_upload_certificate HOT 4 CLOSED

Thanks a lot for your detailed analysis, @hafx 😃

I followed your suggestion and created a PR to check the key type:

#14

from fritzbox_upload_certificate.

Hi,

honestly, I don't know... 😇

I doubt the issue is related to the username/password you provided. The script would bail out earlier then. You can test this by giving a wrong username/password on purpose.

Unfortunately, I can't really debug this on my own. So, I would suggest you perform the two steps

1. login
2. upload a certificate

in your environment with a browser's development tools to see the exact requests and responses on success. Chrome is easier to use here since you have to interrupt a redirect which is not possible with Firefox.

The format of the certificate bundle which can be uploaded to the Fritzbox can be found here:

Best regards

from fritzbox_upload_certificate.

Hi,

honestly, I don't know... 😇

I doubt the issue is related to the username/password you provided. The script would bail out earlier then. You can test this by giving a wrong username/password on purpose.

Unfortunately, I can't really debug this on my own. So, I would suggest you perform the two steps

1. login
2. upload a certificate

in your environment with a browser's development tools to see the exact requests and responses on success. Chrome is easier to use here since you have to interrupt a redirect which is not possible with Firefox.

The format of the certificate bundle which can be uploaded to the Fritzbox can be found here:

fritzbox_upload_certificate/fritzbox_upload_certificate.sh

Line 128 in a449592

certbundle=$(cat "${certpath}/fullchain.pem" "${certpath}/privkey.pem" | grep -v '^$')

Best regards

Hi,
Thank you for your answer.

1. For the login I tried with a wrong password. The result is :

root # ./fritzbox_upload_certificate.sh  
Login failed.

2. I added in the script this to write the output of the command in a file to upload it from the UI. Here the result :

cat "${certpath}/fullchain.pem" "${certpath}/privkey.pem" | grep -v '^$' > mycert.pem

The result is exactly the same as the script.

</head>
<body>
<div id="main_page_all">
<header class="" name="" id="blueBarBox">
<div class="logoBox" name="" id=""></div>
<div class="blue_bar_titel" name="" id="blueBarTitel">FRITZ!Box</div>
<div class="logoBox fake" name="" id=""></div>
</header>
<div id="page_content_no_menu_box">


<div class="blue_bar_back">
  <h2>FRITZ!Box</h2>
</div>

<div id="page_content" class="page_content">
  <form method="POST" name="mainform" action="/index.lua">
    <p>
      The password entry is not valid. Please enter the correct password.
      <br>
    </p>
  </form>

</div>
  <script type="module">
      import postUpload from "/js/post_upload.js";

      postUpload.redirect();
  </script>

<div class="clear_float"></div>

</div>
</div>
</div>

</body>
</html>

mycert.pem

-----BEGIN CERTIFICATE-----
blabla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blabla
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blabla
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
blabla privkey
-----END PRIVATE KEY-----

Something strange is the header in the certificate. Which header is expected ?

RSA Private Key:
Header: "-----BEGIN RSA PRIVATE KEY-----"

DSA Private Key:
Header: "-----BEGIN DSA PRIVATE KEY-----"

ECDSA Private Key:
Header: "-----BEGIN EC PRIVATE KEY-----"

PKCS#8 Encrypted Private Key:
Header: "-----BEGIN ENCRYPTED PRIVATE KEY-----"

PKCS#8 Unencrypted Private Key:
Header: "-----BEGIN PRIVATE KEY-----"

https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-5490/1525_Importing-your-own-certificate-to-the-FRITZ-Box/
RSA seems to be expected.
I'm currently using this header :

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

I used certbot to generate my certificate.

If I use this command to remove my no existing password with openssl :

openssl rsa -in privkey.pem -out privatekey-nopass.pem 
Not an RSA key

According to this post https://community.letsencrypt.org/t/getting-a-rsa-privkey-from-the-letsencrypt-generated-pem/188797/7

I think I'm using an EC key and not RSA because I'm using certbot >2.0
I'll try to generate an RSA key with certbot.

Thanks

from fritzbox_upload_certificate.

I regenerated my certificate with certbot using the flag --key-type rsa and it worked.

<div id="page_content" class="page_content">
  <form method="POST" name="mainform" action="/index.lua">
    <p>
      Import of the SSL certificate was successful.
      <br>
    </p>

Now I can confirm your script works with the 7490 FRITZ!OS 7.57.

Maybe a nice feature in the script can be the check of the RSA. (but yeah I know it's my fault, I didn't read completely the doc 😄 https://en.avm.de/service/knowledge-base/dok/FRITZ-Box-7490/1525_Importing-your-own-certificate-to-the-FRITZ-Box/)
Thanks for your work and your help.

from fritzbox_upload_certificate.