Wii U browser HTTPS key/cert update?

Discussion in 'Wii U - Homebrew' started by N7Kopper, Jun 15, 2019.

  1. N7Kopper

    N7Kopper Proud lover of a three-inch girlfriend

    Aug 24, 2014
    United Kingdom
    A bit of an oddball question here, but I vaguely remember a thread (that I can't find for the life of me with over an hour of searching) that described a method of manually updating the Wii U web browser's HTTPS keys. With more websites enforcing HTTPS with newer keys, the poor Wii U is already starting to run into the problem of not being able to validate the keys. (to say nothing of the humble PSP, that thing's web browser is a legacy dinosaur by now - it used to be able to run YouTube!)

    Does anyone have any idea if this is actually a thing you can do, or just someone theorycrafting? (I mean, it's obviously possible, but if it bricks the system it might as well not be.)
  2. Random__Dude

    Random__Dude Member

    Feb 2, 2019
    United States
  3. Ryccardo

    Ryccardo and his tropane alkaloids

    Feb 13, 2015
    New certificates (probably just a romfs edit if lucky), or a new TLS version (actual machine code work)?

    The ghetto workaround is, of course, a SSL stripping proxy running on your PC/router/raspberry/whatever and connecting the console (or just the browser if it has a dedicated setting) to it
    Last edited by Ryccardo, Jun 15, 2019
  4. Brawl345

    Brawl345 GBAtemp Advanced Fan

    Jan 14, 2012
    To add new root certificates, you just need to edit the rootca.pem via ftpiiu everywhere: https://gbatemp.net/threads/tutorial-add-custom-root-certs-to-the-wii-us-browser.468201/
    To add the Let's Encrypt Root Certificate, you need to use the cross-signed certificate by IdenTrust: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
    Don't know how to add the "real" LE Root Certificate because it doesn't work if I add the certificates from here: https://letsencrypt.org/certificates/ :unsure: AFAIK LE won't renew their cross-signed stuff after 2021 anymore. Need to experiment with this... EDIT: just export the ISRG root cert from Firefox
    Anyways, just append the cert including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" stuff. You don't need "# Issuer:" comments
    Last edited by Brawl345, Jun 17, 2019
    kornychaos likes this.
Quick Reply
Draft saved Draft deleted