Help with SSL for Burst Wallet Online



  • ok, so I'm working on a project for the burst community and am having a bit of an issue. So I got the burst wallet started and it's running, but I want to run it over ssl of course. I currently have ssl on the sub-domain where the wallet is hosted, however, i see the wallet is using a different solution since it's all built in with the keystore. so my question is this, how does one configure it so that i can use my existing .crt with the wallet? every time i've tried i fail at it, figured there was a easier solution before i rig it myself


  • Mod


  • admin

    @xaocs These are my notes from when I did it - they may not be totally complete as it took me a couple of days and much hair tearing to get it to work.

    1. From your server, open a CMD prompt.

    We need to expand the path to include the Java\bin directory, assuming you're on java 7 do:

    1. set path=%path%;"c:\program files\java\jre7\bin"

    If java 8 change it to jre8

    1. cd to your <wallet directory>\conf directory then do the following commands:

    2. keytool -genkey -alias <your domain> -keyalg RSA -keystore keystore.jks -keysize 2048
      (it'll prompt with a number of questions, and for a password - don't forget it - and it MUST be the same as used to encode the CRT)

    3. keytool -import -trustcacerts -alias root -file <your ca.pem> -keystore keystore.jks

    4. keytool -import -trustcacerts -alias inter -file <your intermediate server.ca.pem> -keystore keystore.jks

    5. keytool -import -trustcacerts -alias <your domain> -file <your file.crt> -keystore keystore.jks

    6. edit conf\nxt-default.properties

    change the following properties:

    nxt.apiSSL=true
    nxt.keyStorePath=conf\\keystore.jks
    nxt.keyStorePassword=<password> <- the password you used to encode the crt.



  • @haitch centos 7, java 8


  • admin

    @xaocs You'll have to convert the instructions to their Linux equivalent - I've only done it under Windows. The only thing really that should be different is setting up the path statement.



  • @haitch
    also, last thing,
    I had my csr signed, and was given 2 files
    intermediate .crt
    mydomain .crt
    so.. for #5-6
    ? replace pem with crt correct?



  • @haitch I also keep getting this error on step 5
    keytool error: java.lang.Exception: Input not an X.509 certificate


  • admin

    @xaocs yes, the command assumes a base 64 encoded certificate - either .crt or .pem should be fine



  • @haitch My error up top. I tried to use the crt, no luck. same error, even converted to p7b it didn't work.


  • admin

    @xaocs what is the error you're receiving, and at which step ?



  • I did step #4, which gave me a jks
    then went and got an intermediate crt and my domain crt
    intermediate .crt
    mydomain .crt
    so.. for #5-6
    importing them seems to give me the keytool error I mentioned above. So, I don't use java often, especially not ssl with it, so keytool is a new creature to me. how can I take just the CA bundle and my domain .crt and import those to the keystore?
    both .crt files


  • admin

    @xaocs d the message about the error you were getting.

    From https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actpl=CROSSLINK&id=SO4333

    one of the possibilities is that the CSR needs to come from the Keystore - are you able to regenerate a new cert for the domain? If so, to create the CSR:

    keytool -certreq -alias <your domain> -keystore keystore.jks -file mydomain.csr

    Now open the mydomain.csr file in notepad, copy the ENTIRE contents. Goto your cert provider, paste in the contents of the .csr, next, select the< your domain> domain.
    Copy the generated certificate into notepad and save as <wallet_dir>\conf\ssl.crt
    Also download and save the intermediate and root CA certs into the conf dir.


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.