Help with SSL for Burst Wallet Online



  • ok, so I'm working on a project for the burst community and am having a bit of an issue. So I got the burst wallet started and it's running, but I want to run it over ssl of course. I currently have ssl on the sub-domain where the wallet is hosted, however, i see the wallet is using a different solution since it's all built in with the keystore. so my question is this, how does one configure it so that i can use my existing .crt with the wallet? every time i've tried i fail at it, figured there was a easier solution before i rig it myself


  • Mod

    @xaocs @haitch


  • admin

    @xaocs These are my notes from when I did it - they may not be totally complete as it took me a couple of days and much hair tearing to get it to work.

    1. From your server, open a CMD prompt.

    We need to expand the path to include the Java\bin directory, assuming you're on java 7 do:

    1. set path=%path%;"c:\program files\java\jre7\bin"

    If java 8 change it to jre8

    1. cd to your <wallet directory>\conf directory then do the following commands:

    2. keytool -genkey -alias <your domain> -keyalg RSA -keystore keystore.jks -keysize 2048
      (it'll prompt with a number of questions, and for a password - don't forget it - and it MUST be the same as used to encode the CRT)

    3. keytool -import -trustcacerts -alias root -file <your ca.pem> -keystore keystore.jks

    4. keytool -import -trustcacerts -alias inter -file <your intermediate server.ca.pem> -keystore keystore.jks

    5. keytool -import -trustcacerts -alias <your domain> -file <your file.crt> -keystore keystore.jks

    6. edit conf\nxt-default.properties

    change the following properties:

    nxt.apiSSL=true
    nxt.keyStorePath=conf\\keystore.jks
    nxt.keyStorePassword=<password> <- the password you used to encode the crt.



  • @haitch centos 7, java 8


  • admin

    @xaocs You'll have to convert the instructions to their Linux equivalent - I've only done it under Windows. The only thing really that should be different is setting up the path statement.



  • @haitch
    also, last thing,
    I had my csr signed, and was given 2 files
    intermediate .crt
    mydomain .crt
    so.. for #5-6
    ? replace pem with crt correct?



  • @haitch I also keep getting this error on step 5
    keytool error: java.lang.Exception: Input not an X.509 certificate


  • admin

    @xaocs yes, the command assumes a base 64 encoded certificate - either .crt or .pem should be fine



  • @haitch My error up top. I tried to use the crt, no luck. same error, even converted to p7b it didn't work.


  • admin

    @xaocs what is the error you're receiving, and at which step ?



  • I did step #4, which gave me a jks
    then went and got an intermediate crt and my domain crt
    intermediate .crt
    mydomain .crt
    so.. for #5-6
    importing them seems to give me the keytool error I mentioned above. So, I don't use java often, especially not ssl with it, so keytool is a new creature to me. how can I take just the CA bundle and my domain .crt and import those to the keystore?
    both .crt files


  • admin

    @xaocs d the message about the error you were getting.

    From https://search.thawte.com/support/ssl-digital-certificates/index?page=content&actpl=CROSSLINK&id=SO4333

    one of the possibilities is that the CSR needs to come from the Keystore - are you able to regenerate a new cert for the domain? If so, to create the CSR:

    keytool -certreq -alias <your domain> -keystore keystore.jks -file mydomain.csr

    Now open the mydomain.csr file in notepad, copy the ENTIRE contents. Goto your cert provider, paste in the contents of the .csr, next, select the< your domain> domain.
    Copy the generated certificate into notepad and save as <wallet_dir>\conf\ssl.crt
    Also download and save the intermediate and root CA certs into the conf dir.



  • Have you guys tried to enable UI also via SSL here?

    I've turned the SSL on in the nxt-default.properties, but after loading the webpage, it looks like it's still trying to load some css-es via HTTP.

    Because modern web browsers are blocking this kind of behaviour (calling it insecure, that some of the webpage is via HTTPS, and some via HTTP), whole wallet looks crappy, and is not working at all:

    0_1498563571428_Zrzut ekranu 2017-06-27 o 13.39.12.png image url)


  • admin

    @axadiw96 In <wallet dir>\html\ui\index.html change the http references to https



  • thanks, I've changed http to https-es, in tyhis index.html, and also in one of the js files that were used by the wallet.

    You can check changes here: https://github.com/Axadiw/burstcoin/commits/master


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.