Use SSL in OpenWRT OPKG
After installing OpenWRT Chaos Calmer, I noticed that OPKG calls are performed via HTTP without SSL. Changing to HTTPS was not as simple as adding just one letter ’s’. Read on for the steps.
Update OPKG list
Before we begin, run
opkg update. This will retrieve list of updated packages from the official repository.
Replacing wget with latest release build having SSL support
wget is a program for retrieving content from web servers.
OpenWRT comes with that builtin but without SSL support due to size constraints.
Most routers have tiny storage capacity with a lot of them barely having enough to store SSL libraries and/or root certificates.
wget with SSL support, run
opkg install wget.
Adding root certificates
In order for SSL certificates to be validated, root certificates should be added.
If you need to save space however, you should add required certificates manually.
I will only be describing how to add root certificates, run
opkg install ca-certificates.
Configuring OPKG to retrieve via HTTPS
If you have LuCI (GUI) installed, enabling SSL is very easy. Navigate to
System > Software > Distribution feeds. Replace all
http:// URLs to
If you do not have LuCI, you will have to edit
/etc/opkg/distfeeds.conf using your preferred editor.
Perform an update,
opkg update. Packages should be retrievable.