How to configure SSL certificates
This tutorial explains how to configure the SSL certificates automatically for your Ardor node. Since version 2.3.2, it is available a functionality to automate the creation of the keystore.
If you need to avoid the self-signed warning that will appear in most browsers and use the standard HTTPs port (443), please refer to the guide Configuring HTTPs on a standalone Ardor installation
Auto-generation of SSL certificates
The steps to configure HTTPs in the standard port 27876 (mainnet), the usual https://localhost:27876, are as follows:
- Install the Ardor node. Client installation
- Add the entry
nxt.propertiesfile. How to locate the nxt.properties file
- Run the node
When the configuration file has the property
nxt.apiSSL=true and the key store specified in
nxt.keyStorePath is missing, the server automatically generates and saves it in the configured path (by default it is a file with name
keystorein the Ardor user directory). To re-generate the key store, delete that file.
Then you can access to the user interface through an encrypted connection.
Accessing to the node remotely within the same local network
If it is required to access the node using another device within your local network, then add the following entries to the nxt.properties file:
apiServerHost with the value above allows the API server to accept requests from all network interfaces, including IPv6 and
allowedBotHosts with the wildcard value "*" allows all hosts to access the API server.
nxt.generatedKeyStoreDomains the domain name(s) or IP address(es) at which the node will be accessible.
The certificates that are created automatically are self-signed; hence all browsers prompt a security warning. It is required to either ignore the warning or add the locally created CA to the browser's trusted certificate authorities. The CA certificate is located in the same path as the generated keystore, but with suffix "-ca.crt". By default it is in a file with name "keystore-ca.crt" in the Ardor user directory.