elective-stereophonic
elective-stereophonic
NXT node SSL woes
singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Author Topic: NXT node SSL woes  (Read 3603 times)

Twarden

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 32
    • View Profile
    • PreciousWallet.io
NXT node SSL woes
« on: August 08, 2015, 06:19:46 pm »

I'm using Wesley's guide as a resource for setting up automated deposits/withdrawals for my Ripple Gateway. NRS refuses to accept HTTPS connections but will accept HTTP connections.  I cannot access the API @ http://185.82.201.85:7876/test and I was able to access http://185.82.201.85:7876/doc for a short while when attempting to set up my hallmark, so there is possibly the same issue that could be related to both of these problems.  Below is my config file and output from initializing the server:

Config
NRS Output

Twarden

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 32
    • View Profile
    • PreciousWallet.io
Re: NXT node SSL woes
« Reply #1 on: August 13, 2015, 02:45:14 pm »

I can connect to my server using HTTP but I still need to get SSL working properly and set a hallmark.

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1795
    • View Profile
Re: NXT node SSL woes
« Reply #2 on: August 13, 2015, 02:55:47 pm »

I can connect to my server using HTTP but I still need to get SSL working properly and set a hallmark.

I also experience this problem. I'm using a test SSL certificate on my node. Initially this worked correctly with all browsers so I was able to connect using https with the familiar browser warning. Then few month ago Chrome stopped connecting to my site with "ERR_EMPTY_RESPONSE", I switched to Firefox but in the last few weeks it also refuses to connect with a "The connection to ... was interrupted while the page was loading." the only browser that currently connects using https is IE11.

Not sure what is wrong. I'll try to capture log files from the server side to see what's the difference between successful and unsuccessful connections.
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651

coretechs

  • Sr. Member
  • ****
  • Karma: +161/-1
  • Offline Offline
  • Posts: 436
    • View Profile
Re: NXT node SSL woes
« Reply #3 on: August 13, 2015, 06:24:17 pm »

I had the same ERR_EMPTY_RESPONSE problem when using the instructions lyaffe posted in one of the other threads.  I was able to get it working by following these instructions instead:  http://nxtwiki.org/wiki/How-To:UseSslCerts (which incorrectly references "mycert-key" in the second openssl command)

My "cheat sheet" for self-signed certs using OpenSSL:
Code: [Select]
openssl req -new -x509 -out mycert.crt -days 365
openssl pkcs12 -export -inkey privkey.pem -in mycert.crt -out mycert.pkcs12
keytool -importkeystore -srckeystore mycert.pkcs12 -srcstoretype PKCS12 -destkeystore keystore



Alternatively, if you don't want to use OpenSSL you can just use the keytool:
Code: [Select]
keytool -genkeypair -keyalg RSA -keysize 2048 -validity 365 -keystore keystore
keytool -selfcert -validity 365 -keystore keystore

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html



nxt.properties:
Code: [Select]
nxt.keyStorePath=keystore
nxt.keyStorePassword=xxxxxxxx
nxt.apiSSL=true

edit: update wiki link
edit 2: added simplified steps using keytool
« Last Edit: January 31, 2016, 03:41:05 pm by coretechs »
Logged
https://ardorportal.org - Ardor blockchain explorer | https://nxtportal.org - Nxt blockchain explorer | http://bitcoindoc.com - The Rise and Rise of Bitcoin
ARDOR-T43P-R2K9-8W79-9W2AL | NXT-WY9K-ZMTT-QQTT-3NBL7

Tosch110

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: NXT node SSL woes
« Reply #4 on: August 13, 2015, 06:41:35 pm »

I have a problem with Nxt SSL Myself.

All I got are certificates (.crt files) from my hoster. And I have my .key file

But no .pem file. Could anybody help me out which commands I need to use?

I have already tried several stuff but always ran into problems using my official SSL certificate for Nxt

Twarden

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 32
    • View Profile
    • PreciousWallet.io
Re: NXT node SSL woes
« Reply #5 on: August 14, 2015, 01:52:31 am »

Thanks coretechs, I will try this suggestion tomorrow morning.  Integrating NXT is one of my top priorities but it must of course be done securely from the start.

Twarden

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 32
    • View Profile
    • PreciousWallet.io
Re: NXT node SSL woes
« Reply #6 on: August 14, 2015, 02:53:27 pm »

coretechs,

I was able to access the server via HTTPS and also fetch the test and doc endpoints after following your instructions, thanks!

Riker

  • Core Dev
  • Hero Member
  • *****
  • Karma: +439/-42
  • Offline Offline
  • Posts: 1795
    • View Profile
Re: NXT node SSL woes
« Reply #7 on: September 06, 2015, 01:08:52 pm »

I can connect to my server using HTTP but I still need to get SSL working properly and set a hallmark.

I also experience this problem. I'm using a test SSL certificate on my node. Initially this worked correctly with all browsers so I was able to connect using https with the familiar browser warning. Then few month ago Chrome stopped connecting to my site with "ERR_EMPTY_RESPONSE", I switched to Firefox but in the last few weeks it also refuses to connect with a "The connection to ... was interrupted while the page was loading." the only browser that currently connects using https is IE11.

Not sure what is wrong. I'll try to capture log files from the server side to see what's the difference between successful and unsuccessful connections.

I now recreated my keystore using a 2048 bits key (default is 1024):
Code: [Select]
keytool -genkeypair -dname "..." -alias ... -keypass ... -keystore ... -storepass ... -keysize 2048 -keyalg RSA
Now both Chrome and Firefox connect correctly after confirming the test certificate warning.
« Last Edit: September 06, 2015, 01:21:55 pm by lyaffe »
Logged
NXT Core Dev
Account: NXT-HBFW-X8TE-WXPW-DZFAG
Public Key: D8311651 Key fingerprint: 0560 443B 035C EE08 0EC0  D2DD 275E 94A7 D831 1651
 

elective-stereophonic
elective-stereophonic
assembly
assembly