Ricky in Melbourne - Enjoy Learning

How to upload SSL certificate to Asus router

When it comes to home network security, people always saying I don’t need to worry about that since it’s my home network, not a corporate network. However, your home network is still connecting to the internet which means exposed to the attackers.

One of a good example is some people remote back in home’s network, like your router, NAS or even FTP etc. If you only using HTTP, anyone who just had a simple traffic capture can see all of your whole paint text traffic, included your password.

In today’s world, not only enterprise need a better security, home network as well. and encrypt your traffic is not that hard, just by enabling HTTPS.

So last time I had my NAS remote HTTPS enabled, today I will use the same free public SSL certificate to upload to my Asus router.

No matter what firmware you are using, the upload SSL process should be the same since the core is a linux system

OK, let’s get started.


1. Prepare your public SSL certificate

The certificate format has to be a PEM certificate, which may has the extension by .pem, .crt, .cer, .key

If you would like to know more about differernt certificate format and wants to convert between them, you can found here

Here’s what my certificate looks like



2. Enable SSH on Asus router

Navigate to Administration->System, just enable SSH and apply

Note: I do not recommend enable SSH for WAN, although SSH is a secure protocol, but less ports (doors) to your home is always better



3. Enable HTTPS login for router

Navigate to Administration->System



4. Login to SSH

To login to SSH, a free tool called “PuTTY” is your friend

Just open PuTTY and type in your router’s IP and port



5. Follow the steps below or here to upload your certificate

—————–Verify that https_crt_save is off—————————-

ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_save

——————Enable https_crt_save and verify that it was set correctly——————

ricky@Ricky-AC87U:/tmp/home/root# nvram set https_crt_save=1
ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_save

ricky@Ricky-AC87U:/tmp/home/root# cat >/etc/key.pem

—————-Open your key file in Notepad and paste here, do NOT use “Word Wrap”—————–


——————–Hit Ctrl+D to save and exit cat command———————————-

ricky@Ricky-AC87U:/tmp/home/root# cat >/etc/cert.pem

———————-Open your cert file in Notepad and paste here, do NOT use “Word Wrap”—————————-

———————–Hit Ctrl+D to save and exit cat command———————–

——————————Verify https_crt_file is empty—————————

————————–You should see empty here—————————-

ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_file


ricky@Ricky-AC87U:/tmp/home/root# nvram get https_crt_file

================You will see your new certificate file like below——————–


———————Restart httpd———————–

ricky@Ricky-AC87U:/tmp/home/root# service restart_httpd


ricky@Ricky-AC87U:/tmp/home/root# reboot


6. Verification

After the reboot, let’s test the result


That’s my own SSL certificate, no warning anymore

By rickygao on March 1, 2015 | Network, Tech | 9 comments




1. 冰箱的冷藏室应该调整成什么温度最合适?

2. 冷冻室应该调整成什么温度最合适?

3. 什么样的食物不适合放在冰箱里呢?



1. 冰箱的冷藏室应该调整成什么温度最合适?

2. 冷冻室应该调整成什么温度最合适?


  • 美国 Department of Health and Human Services

Are You Storing Food Safely?

  • 澳洲 Food Safety Information Council

Fridge and freezer food safety

  • 澳洲权威家用电器评测网站 Choice

What’s the ideal temperature for your fridge?

结论: 冷藏室温度应该保持在4°C以下,而冷冻室应该保持在-18°C以下


3. 什么样的食物不适合放在冰箱里呢?



  • 番茄


  • 洋葱


  • 土豆


  • 牛油果


  • 大蒜


  • 香蕉


  • 黄瓜


  • 蜂蜜


  • 柑橘类水果


By rickygao on February 28, 2015 | Daily Life | A comment?

Tuning The Asus Wireless Router To Best Performance

I’ve been really enjoying Asus wireless router at home for years, which I believe is the best home wireless router in the world.

The reason why I’m saying best is because of the following consideration as a home wireless router

  • Coverage
  • Performance
  • Features
  • Compatibility
  • Third party firmware support, like Tomato and DD-WRT

The last Asus wireless router I was using was RT-N16 which is one of the classic router from Asus, it served my home for 2 years without any issues. However, by moving into a bigger house and all of my devices now supporting dual-band network, it seems that I have to buy a new router.

The consideration of the new router will still be the above, especially for the best signal coverage as I don’t want to extend my network by using any WIFI extender and slow down my network.

Lucky, the new Asus RT-AC87U can meet all of my requirements, the only AC2400 4×4 MIMO wireless router in the world with 465m2 coverage premised. More review can be found here,  the longest effective range so far.


In case some people need to understand a few performance parameters:

AC2400: the WIFI network speed can reach to 2.4Gb with 600Mbps (Max speed of 2.4GHz network) plus 1734Mbps (5GHz network)

4×4 MIMO: best router capacity, read here

With the best hardware (home router), our next step is to tweak the router to best match our environment since every family may have their own needs.

So the first thing we need to think about is the firmware loaded on the router.

Since Asus router supported various types of firmware, and they all have pros and cons, you can consider by my below matrix


RT-AC87U Supported HW Acceleration VLAN Guest Network VPN QoS Per IP Traffic Monitoring Save History to USB Static DHCP Nickname Firmware Quality
Asus Original Yes Yes No Yes Yes Yes No No No Stable
Asuswrt-Merlin Yes Yes No Yes Yes Yes Yes Yes Yes Stable
Tomato No Yes Yes Yes Yes Yes Yes Yes Less Stable
DD-WRT No Yes Yes Yes Yes Yes Yes Yes Less Stable

I also struggling a long time to decide since all of the features are critical for me, especially for a home network with a lab. Although both Tomato and DD-WRT still haven’t support the latest RT-AC87U yet, but I can still flash to it, just lacking the new feature support I believe.

However, the Hardware Acceleration can boost your router a lot, especially for NAT, the internet speed once you have a large number of devices, I don’t want to miss these important feature, so finally I decided to go with Asuswrt-Merlin, which is the one just right build on the original firmware with more customized features. Once Tomato and DD-WRT starting support HW Acceleration, I may switch to them.

To be more clear on the Hardware Acceleration on both Asus original and Asuswrt-Merlin firmware, please refer to below table

  • CTF(Cut Through Forwarding): Software optimization technique to accelerate NAT
  • FA (Flow Accelerator): Hardware NAT acceleration mechanism design for accelerating wired DHCP and Static IP connections

Level 1=CTF Only

Level 2=FA + CTF




Support HW Acceleration  Level



Adaptive Qos->QoS




Adaptive QoS->QoS

Level 1

None of Above

Level 2





Support HW Acceleration  Level



Adaptive Qos->QoS


Traffic Monitor

IP Traffic Monitoring

Tools->Other Settings




Adaptive QoS->QoS

Level 1

None of Above

Level 2

OK, now we are clearly enough on the Hardware Acceleration, let’s start tunning the settings

I will ignore a few basic settings since everybody should knows that Smile, will only focus on the advanced settings

1. Wireless->General


Option Description Recommendation

Protected Management Frames

Current 802.11 standard defines “frame” types for use in management and control of wireless links. IEEE 802.11w is the Protected Management Frames standard for the IEEE 802.11 family of standards. TGw is working on improving the IEEE 802.11 Medium Access Control layer. The objective of this is to increase the security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection. These extensions will have interactions with IEEE 802.11r and IEEE 802.11u

More security, Less compatibility

Wireless Mode (2.4GHz) Max the 2.4GHz performance since the 802.11 a/b/g connection will slow down the 2.4GHz speed, and it’s hardly to see any a/b/g client now

N only

Network Key Rotation Interval (2.4GHz+5GHz)

The key is automatically generated from the SSID and the password set for the network. Refreshing of this key does not mean that a new password will have to be entered every hour. However, it results into Internet connection being unavailable for some time at regular intervals

More security, connection may lost during key renew


2. Wireless->WPS


Less security protocol, just turn it off

3. Wireless->Professional


Option Description Recommendation

Roaming assistant

Enabled if more than one AP


IGMP Snooping (2.4GHz+5GHz)

Better streaming TV

Preamble Type

Preamble Type defines the length of time that the router spent for CRC (Cyclic Redundancy Check). CRC is a method of detecting errors during data transmission. Select Short for a busy wireless network with high network traffic. Select Long if your wireless network is composed of older or legacy wireless devices.

Newer wireless “b” devices using a short preamble typically experience quicker data transfers. Moving from a long to short preamble will not solve poor connection issues or slow Internet speeds. However, moving to wireless “g” and wireless “n” devices increases transfer speed and range. Short preambles work with every wireless type other than older types with limited transmission rates in the 1 to 2 Mbps range.

Better performance, Less compatibility

AMPDU RTS Deal with traffic congestion problems. For example, the throughput of your machine might be suffering when others are doing large downloads or file transfers or streaming media Enable (default)

Enable TX Bursting

Improve transmission speed of g device Enable
Enable WMM APSD WMM APSD is a QoS setting which, when enabled, allows some devices to go into a lower power and higher latency state while others stay as low latency as possible. WMM = QoS and APSD = Automatic Power Save Delivery. Enabled (default)
Reducing USB 3.0 interference Better 2.4GHz performance and range, less USB 3.0 speed Enable
Optimize AMPDU aggregation MPDU aggregation also collects Ethernet frames to be transmitted to a single destination, but it wraps each frame in an 802.11n MAC header. Normally this is less efficient than MSDU aggregation, but it may be more efficient in environments with high error rates, because of a mechanism called block acknowledgement. This mechanism allows each of the aggregated data frames to be individually acknowledged or retransmitted if affected by an error Disable (default)
Optimize ack suppression with no ack is that SSL based communications are more likely to error, very slight bandwidth decrease with it enabled Disable (default)
Turbo QAM Better performance, both router and client must support it Enable (default)
Airtime Fairness With airtime fairness, every client at a given quality-of-service level has equal access to the network’s airtime. This is essential for ensuring predictable performance and quality-of-service, as well as allowing 802.11n and legacy clients to coexist on the same network. Without airtime fairness, router using mixed mode networks risk having legacy clients slow down the entire network or letting the fastest clients crowd out other users Enable (default)
Explicit beamforming The clien’ts WLAN adapter and router both support beamforming technology. This technology allows these devices to communicate the channel estimation and steering direction to each other to improve download and uplink speed. Enable (default)

Universal Beamforming

For legacy wireless network adapter that do not support beamforming, the router estimates the channel and determines the steering direction to improve the download speed Enable (default)
Regulation mode IEEE 802.11h is the IEEE standard for Spectrum and Transmit Power Management Extensions. It solves problems like interference with satellites and radar using the same 5 GHz frequency band. It was originally designed to address European regulations but is now applicable in many other countries. The standard provides Dynamic Frequency Selection (DFS) and transmit Power Control (TPC) to the IEEE 802.11a MAC

It has no useful function as far as we are concerned. However, if left “floating” in an unknown state, it caused association problems

Off (default)

4. LAN->Switch Control


Option Description Recommendation

NAT Acceleration

HW Acceleration 


Enable Jumbo Frame

More compatibility, less performance Disable

5. WAN->Internet Connection


Option Description Recommendation

Enable VPN + DHCP Connection

If you enabled VPN service, this must be enabled 





If you would like to flash the router to Tomato, you can refer to here

By rickygao on February 25, 2015 | Home Lab, Network | A comment?