How to configure SSL certificates

From ArdorDocs
Jump to: navigation, search
This page contains changes which are not marked for translation.


This tutorial explains how to configure the SSL certificates automatically for your Ardor node. Since version 2.3.2, it is available a functionality to automate the creation of the keystore.

If you need to avoid the self-signed warning that will appear in most browsers and use the standard HTTPs port (443), please refer to the guide Configuring HTTPs on a standalone Ardor installation

Auto-generation of SSL certificates

The steps to configure HTTPs in the standard port 27876 (mainnet), the usual https://localhost:27876, are as follows:

  1. Install the Ardor node. Client installation
  2. Add the entry nxt.apiSSL=true to the file. How to locate the file
  3. Run the node

When the configuration file has the property nxt.apiSSL=true and the key store specified in nxt.keyStorePath is missing, the server automatically generates and saves it in the configured path (by default it is a file with name keystorein the Ardor user directory). To re-generate the key store, delete that file.

Then you can access to the user interface through an encrypted connection.


Accessing to the node remotely within the same local network

If it is required to access the node using another device within your local network, then add the following entries to the file:


Where apiServerHost with the value above allows the API server to accept requests from all network interfaces, including IPv6 and allowedBotHosts with the wildcard value "*" allows all hosts to access the API server.

Add to nxt.generatedKeyStoreDomains the domain name(s) or IP address(es) at which the node will be accessible.

Browsers warnings

The certificates that are created automatically are self-signed; hence all browsers prompt a security warning. It is required to either ignore the warning or add the locally created CA to the browser's trusted certificate authorities. The CA certificate is located in the same path as the generated keystore, but with suffix "-ca.crt". By default it is in a file with name "keystore-ca.crt" in the Ardor user directory.