NOTE: I am not responsible if you brick.

Hi there. This tutorial will allow you to use custom SSL certs in the Wii U's browser. This will not need signature patches to run, but it does require them to make the modification.

This has been tested with a 5.5.1U system with Haxchi enabled.

1. Activate CFW or signature patches using Mocha, Haxchi, or CHBC.
2. Go into FTPii Everywhere.
3. On an FTP client, navigate to /storage_mlc/sys/title/00050030/10012x0a/content/browser where x is 0 for Japan, 1 for America, and 2 for Europe.
4. Download the file rootCA.pem.
5. Open this file in a text editor.
6. Find some root certificates (in PEM format) to add to the file. If they aren't in PEM format, convert it using OpenSSL. Personally, I would recommend adding Fiddler's root cert, and the DST Root CA X3 root cert (which will make Let's Encrypt sites, such as GBATemp, work with the Wii U). PEM certificates can also be obtained (in Windows) by exporting them from the "Copy to File" dialog which comes up when you view a certificate's properties.
7. Append the desired certificates to rootCA.pem and save it.
8. Upload it back to the Wii U.
9. Test it by opening the browser, and visiting a site that uses your certificates. If it worked, you should not be prompted to manually allow SSL connections to hosts that use those certificates.

I hope you found this tutorial useful! Feel free to reply with any questions!

 

[AxlSt00pid]

Sweet! But what can we do with this?

 

[ShadowOne333]

Sweet! But what can we do with this?

Access certain websites which cannot be accessed through the normal Wii U's Browser due to new SSL certificates.
Some examples I can think of are Starmen.net's Forums and the other being Libretro.com and all of it's related links, including the buildbot.

@aplumafreak500 do you happen to know what exactly do I need to do to access those two sites specifically?
I've been wanting to do this for a long time, and now that's it possible I am greatly interested in reenable access to those two sites through my Wii U Browser.

Btw, I don't think posting links to the PEM files for the cetificates is against the rules, so here:
https://github.com/kivy/kivy-sdk-packager/blob/master/win/DST Root CA X3.pem

That's the one for DST Root CA X3 certificate in PEM format, I am only lacking the Fiddler's one.

 

[aplumafreak500]

@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.

 

[ShadowOne333]

@ShadowOne333 Basically, append the desired PEM certificates to rootCA.pem as described above. Analysis of those two sites show that they use a certificate chain with AddTrust External CA as its root. Idk if it's in the certificate store, but by following the steps above, they can be "trusted" by the Wii U browser.

How do you check the sites for the certificate?
It's these two in particular:
https://forum.starmen.net/
https://libretro.com/

They both throw:

Error Code: 112-1035
Could not display page.

I talked to the main admins in both sites and error started occurring right when they updated their SSL certificates as mentioned here:
https://forum.starmen.net/forum/Fan...Wii-U-but-I-can-access-just-fine-on-my-laptop

Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.

 

[Deleted User]

Btw do you have a link to Fiddler's root cert?
I'm missing that one out of the two you mention in the OP.

If you want the client computer to trust the Fiddler certificate, you will have to copy or download the Fiddler Root certificate to the client computer and manually install it into the Trusted Root Certification Authorities store. You can download the Fiddler Root certificate by visiting using the URL:

http://hostname.of.FiddlerMachine:8888/FiddlerRoot.cer

 

[aplumafreak500]

We're dealing with the Wii U's stores, not those of a PC. However, obtaining Fiddler's certificate is the same. We download the cert by going to http://10.0.0.20:8888/FiddlerRoot.cer (replace 10.0.0.20:8888 with the host name and port of your Fiddler machine). It's in DER format though so we have to make it PEM format before importing it.

As for the error code, I assume it isn't related to the certificates, and it is instead an unsupported TLS protocol. I'll try it tonight and report back.

 

[aplumafreak500]

Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.

 

[ShadowOne333]

Sorry for double post. I found out that the server closes the connection due to an SSL handshake error, which occurs before the server even presents its certificate. It seems to be related to the cipher suite the browser presents, which seems to be incompatible with the remote server.

So, this means that this particular error is unrelated to the certificates.

TL;DR Ask the site's admins about changing its SSL cipher suite.

Thanks! That'll help to narrow it down for them

 

[Noctosphere]

I have a problem, In FTPiiU I get only "sd" folder, not "storage"

 

[aplumafreak500]

I have a problem, In FTPiiU I get only "sd" folder, not "storage"

You have to be running FTPiiU Everywhere under a CFW or signature patched environment. The regular FTPiiU does not have MLC access, hence the lack of storage_* folders.

 

[SpontaneousCookie]

You have to be running FTPiiU Everywhere under a CFW or signature patched environment. The regular FTPiiU does not have MLC access, hence the lack of storage_* folders.

I'm running CBHC but I still only get the sd folder.

 

[RedDucks]

Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)

 

[piratesephiroth]

Does this affect only the web browser or the system as a whole? Myself and a few other people are looking in to making a custom SMM server, and have made a ROM mod that points to the custom server instead of the official ones. However things break down during connection, and we assume this is due to a certificate trust issue (the server uses Let's Encrypt)

we only edit the browser data so...

 

[Johnny2071]

I need a real tutorial.

I don't have the first clue as to how to use FTPii Everywhere or a file client (FileZilla).

FTPii Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.

 

[AxlSt00pid]

I need a real tutorial.

I don't have the first clue as to how to use FTP_Everywhere or a file client (FileZilla).

FTP_Everywhere gives me an IP address, but I don't know what to do on FileZilla. It would really help if there was a "how to" video on this.

R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password

 

[Johnny2071]

R...really?
To connect with filezilla you just need to put the IP address your Wii U is showing you (on your TV/Gamepad) on the IP address portion of Filezilla and click connect, since FTPiiU doesn't ask for an user and password

IP address portion? That's "host" right?

 

[AxlSt00pid]

IP address portion? That's "host" right?

Yup, then simply click on connect

 

[Johnny2071]

Yup, then simply click on connect

Well I'm having trouble connecting.

 

[AxlSt00pid]

Well I'm having trouble connecting.

Are both your Wii U and your PC connected on the same network?
Have you connected using the quick connect option?
Does your Wii U IP address have a number after a semicolon? If so you also have to put that number and the semicolon (Like 192.168.1.59:20)