Bitcoin Forum
December 06, 2016, 08:15:36 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: SSL RPC with bitcoind  (Read 2739 times)
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
July 18, 2012, 04:43:20 AM
 #1

I have been trying to establish an SSL connection to bitcoind

I followed exactly these instructions

https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon

I'm running
Code:
bitcoind -testnet
and then checking the ssl connection using

Code:
openssl s_client -connect 127.0.0.1:8332
which gives the response

Code:
CONNECTED(00000003)
140487709226656:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 226 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

This is all from my local machine, not over a network.

My bitcoin.conf is
Code:
rpcuser=bob
rpcpassword=bob

rpcallowip=192.168.*.*

rpcssl=1
#rpcsslciphers=DEFAULT:@STRENGTH

when I have the configuration line
Code:
rpcssl=1
in my bitcoin.conf I cannot use commands such as
Code:
$ bitcoind getinfo
, I get
Code:
error: no response from server

Can someone please help me diagnose why this isn't working? I'm using the latest version of bitcoin - "version" : 60300
1481012137
Hero Member
*
Offline Offline

Posts: 1481012137

View Profile Personal Message (Offline)

Ignore
1481012137
Reply with quote  #2

1481012137
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 18, 2012, 05:30:37 AM
 #2

try

Code:
./bitcoind -rpcconnect=127.0.0.1 -rpcport=8332 -rpcssl -rpcuser=YourUsername -rpcpassword=YourPassword getinfo

also add
Code:
server=1
to the bitcoin.conf

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
July 18, 2012, 06:02:13 AM
 #3

no gold with adding that setting nor with the extra command options.

I try using curl to ping the server and this is the result

Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' https://127.0.0.1:8332/

Code:
curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:8332

I tried adding the options below to my config with no effect, still getting a protocol error

Code:
rpcssl=1
rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH
rpcsslcertificatechainfile=server.cert
rpcsslprivatekeyfile=server.pem
rpcsslciphers=DEFAULT:@STRENGTH
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 18, 2012, 06:06:43 AM
 #4

Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' https://127.0.0.1:8332/
you need the content type as
Code:
application/json
and you need the server=1 in your .conf otherwise bitcoind will not accept JSON RPC commands at all!

also make sure your openssl is correct, search the forums cause if you using it on linux you have to make sure the one pre-installed is the correct version and has the correct algos for bitcoind

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
July 18, 2012, 06:29:54 AM
 #5

Found this little gem

http://bitcoin.stackexchange.com/questions/2707/bitcoin-rpc-ssl-error

I copied by server.cert and server.pem to ~/.bitcoin/testnet folder rather than in ~/.bitcoin

Now I have a working ssl rpc connection. Thanks for the help gweedo.

also using curl with a self-signed certificate requires the -k option so I used this command to check it, with success

Code:
curl --user bob --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: application/json;' https://127.0.0.1:8332/ -k
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 18, 2012, 06:36:59 AM
 #6

Your welcome glad to help

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!