I have an old embedded Linux based device, it's from a project I did about 10 years ago. The device has no built in UI, keyboard or anything like that only a small web server to control it.
Iv'e since forgotten the password on the unit, and the company that originally made it disappeared over 5 years ago now.
Anyway, I thought I'd try to get into it, and see if I could bring it back to life, maybe re-purpose it for some other task (It's GSM comms equipment if anyone's interested) but I need to reset the password on it.
Iv'e managed to get a "reset password" screen up, but it insists on trying to validate some stuff with an external server on the internet, that is no longer online, or even in existence.
It's makes a https request to the server, and putting a packet trace on the request using wire shark, shows it attempting to contact the server, and failing.
So... I thought, I wonder if I can put my own server online, see what it does.
I spun up an Apache2 instance, enabled SSL on it, created a self signed cert for it, then set up my DNS, so that it was redirected to my server, rather than the one it was looking for.
This all works great except for one thing.
If I observer the packet trace, the embedded device refuses to talk to my server because it doesn't trust the certificate CA.
If I could get my server to issue a self signed certificate, but pretend to be another CA (Say equifax, verisign, or something like that) I think I may be able to get the device to validate, and let me reset the admin password.
Does anyone know if it's possible to do this with a self signed certificate?