I'm trying to make the Wii U's Browser usable again... but I have some questions about root certificate editing

[Jediweirdo]

I'm trying to get rid of the infamous 112-2035 error by editing the root certificates located on rootca.pem to include the certification "lets encrypt". The problem is, though, that I need to also include a cross-signed certificate of their parent company IdenTrust in order to get everything to work (as said in this comment)... And I have literally zero clue on how to even correctly edit the PEM file without my internet browser volunteering to contribute to the nearest brick house like this person's browser. Here are a few starting questions I have:

• Is it actually OK to just copy/paste a certificate without also saying things like it's fingerprint and expiration date (like all the other certificates that Nintendo put on there before anyone else meddled with it)?
• How the heck do you cross-sign a signature? Is it kind of like adding a regular one?
• Will only using let's encrypt's certification actually get rid of the 112-2035 error code? Or did I even get that wrong too?

~~~~~~~Links n' Stuff~~~~~~~

Spoiler: The Guide that started this time-consuming rabbit hole:

https://gbatemp.net/threads/tutorial-add-custom-root-certs-to-the-wii-us-browser.468201/

Spoiler: Where I first learned of let's encrypt:

Spoiler: How I came to the conclusion of the fact that I need to cross-sign:

https://gbatemp.net/threads/wii-u-browser-https-key-cert-update.540968/post-8679771

Spoiler: That one person who bricked their browser:

https://gbatemp.net/threads/i-need-...stom-root-certs-to-the-wii-us-browser.582076/

This is my first time using spoiler tags, so sorry if it's screwed up

EDIT: Wow I horrendously screwed up on those spoiler tags lol. Hopefully, they're now fixed?
EDIT^2: Fixed something because fake OCD

 

[Jediweirdo]

Welp, it's been about a week to no response... I might try to repost this in the future coupled along with other questions

 

[soratheultima]

mhh this is something i do for work. I'll see if I can get to it in time. I can't promise anything though, since the Browser isn't frequently updated and the TLS/SSL Methods it accepts might be outdated.

 

[V10lator]

The problem is, though, that I need to also include a cross-signed certificate of their parent company IdenTrust in order to get everything to work (as said in this comment).

I'm able to connect to let's encrypt secured sites using this cert only: https://github.com/V10lator/NUSspli/blob/master/data/ca-certificates/ISRG_Root_X1.pem

See also the comment youself linked:

EDIT: just export the ISRG root cert from Firefox

 

[soratheultima]

I tried using an SSL Proxy but that just resulted in a 1036 error

Any Older Methods such as the following did not work (not recommended): https://gbatemp.net/threads/mitm-wii-u-ssl-connections.477792/ ->Using the ROOT CA of https://larsenv.github.io/NintendoCerts/index.html Resulted in a Brick (safe due to CBHC) -> Downloaded V20 of Certs from NUS CDN to fix that using an unsafe Wupinstaller.

Using Charles as an SSL Proxy -> instead of error 112-1035 you get 112-1036
If you still want to try to do that, I would suggest doing that in REDNAND or any emunand option.

Or do as V10lator says and simply add the data from the github link to the end of the .pem file (open it with a good text editor)

 

[theaxd]

i managed to get some websites working again by adding new certificates to the rootca. if you want a copy of my updated rootca.pem i can link it. even when updating the certificates though most websites still give a error 112-1035 so this doesn't just automatically make the browser work on every website but a few will be working again

 

[Jediweirdo]

Yeah, some websites still return an error. But now with my rootca certs updated, it's still a lot better than having like 90% of websites giving the error! Thanks for replying to this old thread, but I already got it working on my Wii U thanks to the 2 people who replied to this earlier. I should have said my thanks for them helping me, but if I'm being honest I forgot about this post until now!

 

[JStar334]

Can you explain what you exactly did?

 

[Jediweirdo]

@JStar334 Yeah, sure. I had no idea that someone would reply to this, so sorry for not replying for... 3 months (yikes):

1. I followed steps 1-5 on the site that got me into the whole thing (found here)
2. Backed up the OG .pem file in case I irreversibly screwed it up (you should do the same too)
3. I took the certificates found on the link V10lator ever-so-kindly linked from their own project and copy/pasted them to the bottom of the .pem file
4. Did the same with another certificate I found here, thanks to it being linked by ShadowOne333 (probably super redundant, but whatever)
5. Scratched my head on trying to figure out how to get the fiddler's cert, contemplated if it was a good idea to transfer all the certs from my PC to my Wii U, then said "screw it, I made a backup anyways" and proceeded to do it anyways (export them via this, then just add it like normal if it's .pem like mine)
6. Completely forgot about fiddler's cert (there's a comment here that tells you how to do it)
7. Saved my changes to the file, then overwrote the Wii U's original file
8. Closed out of FTP and tried launching a myriad of sites with varying levels of success (much better than little-to-no level of success!)

In retrospect, it would be cool if more people could share any roots they've found too since the internet's gonna close soon. Let's enjoy it while it lasts!

Anyways, if you need help or need me to explain something better, just tell me, and I'll do my best to help out (hopefully it won't take me 3 months next time lol). I would just give you my Wii U's .pem, but I feel like it's a giant security liability to release my main PC's root certificates into the wild so this will do. Good luck!

Edit: Added a link I forgot and some extra text
Edit2: Realized I should probably let the person who I'm helping know that I responded to them lol