Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Trusting Your Root CA

In order to establish a secure (HTTPS) connection with your router on the local network, it is necessary to download and trust your router’s Root Certificate Authority (Root CA).

Note

You must repeat this guide for each device you want to connect to the router’s web interface over HTTPS.

Step 1 - Download

Navigate to System > Settings > General and click “Download Root CA”. This saves the certificate as startwrt-ca.crt. When you inspect or install it, the certificate is named “StartWRT Local Root CA” followed by a short random identifier (e.g. “StartWRT Local Root CA 3f8a1b2c”) — each router generates a unique one so a reflashed device’s new CA won’t collide with one you already trust.

Step 2 - Trust

Select your platform:

  1. Locate your Root CA and double click it. Keychain Access will launch. You will be prompted for your Mac credentials. Select “Modify Keychain”.

  2. Press Command + Spacebar to launch a program, type in Keychain Access and select the resulting Keychain Access program to open it.

  3. Your router’s CA certificate will be displayed among the imported certificates in Keychain Access. Right-click on the imported CA cert and select Get Info.

  4. The details of your CA certificate will be displayed in a new dialog window. Click the “Trust” heading, then select “Always Trust” on Secure Sockets Layer (SSL) and X.509 Basic Policy.

    Click the red (x) button at the top left of the dialog window.

  5. You will then be prompted again for your Mac credentials. Click Update Settings.

  6. You will see your router’s CA certificate as trusted now, signified by a blue (+) sign and the CA cert information will now say “This certificate is marked as trusted for all users” in Keychain Access.

  7. If using Firefox, Thunderbird, or Librewolf, complete this final step.

3. Mozilla Apps (Firefox, Thunderbird, Librewolf)

Mozilla apps use their own certificate store and need extra configuration to trust your Root CA. Complete the steps above for your OS first, then follow the steps below.

For more background, see Mozilla’s blog post on why they maintain their own root certificate store.

  1. Open the app and enter about:config in the URL bar. Accept any warnings that appear.

  2. Search for security.enterprise_roots.enabled and set the value to “true”.

  3. Restart the app.