Help with SSL for Burst Wallet Online
-
ok, so I'm working on a project for the burst community and am having a bit of an issue. So I got the burst wallet started and it's running, but I want to run it over ssl of course. I currently have ssl on the sub-domain where the wallet is hosted, however, i see the wallet is using a different solution since it's all built in with the keystore. so my question is this, how does one configure it so that i can use my existing .crt with the wallet? every time i've tried i fail at it, figured there was a easier solution before i rig it myself
-
@xaocs @haitch
-
@xaocs These are my notes from when I did it - they may not be totally complete as it took me a couple of days and much hair tearing to get it to work.
- From your server, open a CMD prompt.
We need to expand the path to include the Java\bin directory, assuming you're on java 7 do:
- set path=%path%;"c:\program files\java\jre7\bin"
If java 8 change it to jre8
-
cd to your <wallet directory>\conf directory then do the following commands:
-
keytool -genkey -alias <your domain> -keyalg RSA -keystore keystore.jks -keysize 2048
(it'll prompt with a number of questions, and for a password - don't forget it - and it MUST be the same as used to encode the CRT) -
keytool -import -trustcacerts -alias root -file <your ca.pem> -keystore keystore.jks
-
keytool -import -trustcacerts -alias inter -file <your intermediate server.ca.pem> -keystore keystore.jks
-
keytool -import -trustcacerts -alias <your domain> -file <your file.crt> -keystore keystore.jks
-
edit conf\nxt-default.properties
change the following properties:
nxt.apiSSL=true
nxt.keyStorePath=conf\\keystore.jks
nxt.keyStorePassword=<password> <- the password you used to encode the crt.
-
@haitch centos 7, java 8
-
@xaocs You'll have to convert the instructions to their Linux equivalent - I've only done it under Windows. The only thing really that should be different is setting up the path statement.
-
@haitch
also, last thing,
I had my csr signed, and was given 2 files
intermediate .crt
mydomain .crt
so.. for #5-6
? replace pem with crt correct?
-
@haitch I also keep getting this error on step 5
keytool error: java.lang.Exception: Input not an X.509 certificate
-
@xaocs yes, the command assumes a base 64 encoded certificate - either .crt or .pem should be fine
-
@haitch My error up top. I tried to use the crt, no luck. same error, even converted to p7b it didn't work.
-
@xaocs what is the error you're receiving, and at which step ?
-
I did step #4, which gave me a jks
then went and got an intermediate crt and my domain crt
intermediate .crt
mydomain .crt
so.. for #5-6
importing them seems to give me the keytool error I mentioned above. So, I don't use java often, especially not ssl with it, so keytool is a new creature to me. how can I take just the CA bundle and my domain .crt and import those to the keystore?
both .crt files
-
@xaocs d the message about the error you were getting.
one of the possibilities is that the CSR needs to come from the Keystore - are you able to regenerate a new cert for the domain? If so, to create the CSR:
keytool -certreq -alias <your domain> -keystore keystore.jks -file mydomain.csr
Now open the mydomain.csr file in notepad, copy the ENTIRE contents. Goto your cert provider, paste in the contents of the .csr, next, select the< your domain> domain.
Copy the generated certificate into notepad and save as <wallet_dir>\conf\ssl.crt
Also download and save the intermediate and root CA certs into the conf dir.

