There's something I don't understand. Possibly I have some misunderstanding about how HTTPS works.
I heard that some wireless routers allow the user to access the administration page with HTTPS (which is a good idea because then you can configure securely over wireless.) When this is done, how is the identity of the router established? I mean, from what I understand, normal secure websites (Like https://www.paypal.com/) have a secret private key, so that when the client's computer sees the corresponding public key, he can be sure he's really communicating with PayPal. (Did I get that right up to here?)
But how can a router store a private key? I mean, wouldn't black-hat hardware hackers be able to physically open it up, obtain the private key, and then do a man-in-the-middle attack? (Might not be a practical attack in this scenario, I know.)
It use a so-name "self signed certificate", yes, it can be insecure. BUT if you "permanently accept" it when you are physical wired to you router, after that, you can always trust your router as long as it don't want to set another certificate.
Better network hardware allows you to upload a new private cert such that you can even buy a real one from a recognized cert authority. Even if you don't do that, you can generate a self-signed cert from a CA that you run and authorize in your domain.