From 398e5d7efa475c93edea805736702235d95cdc13 Mon Sep 17 00:00:00 2001 From: Neil Booth Date: Sun, 19 Feb 2017 19:42:26 +0900 Subject: [PATCH] Prepare 0.99 --- ENVIRONMENT.rst | 2 +- HOWTO.rst | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/ENVIRONMENT.rst b/ENVIRONMENT.rst index 12f43d7..41edcbb 100644 --- a/ENVIRONMENT.rst +++ b/ENVIRONMENT.rst @@ -215,7 +215,7 @@ raise them. functioning Electrum clients by default will send pings roughly every 60 seconds. -PEER DISCOVERY +Peer Discovery -------------- In response to the `server.peers.subscribe` RPC call, ElectrumX will diff --git a/HOWTO.rst b/HOWTO.rst index 8f81b4b..8cbdbbc 100644 --- a/HOWTO.rst +++ b/HOWTO.rst @@ -321,6 +321,48 @@ The ETA shown is just a rough guide and in the short term can be quite volatile. It tends to be a little optimistic at first; once you get to height 280,000 is should be fairly accurate. +Creating an self-signed SSL certificate +======================================= + +These instructions are based on those of the `electrum-server` documentation. + +To run an SSL server you need to generate a self-signed certificate +using openssl. Alternatively you could not set **SSL_PORT** in the +environment and not serve over SSL, but this is not recommended. + +Use the sample code below to create a self-signed cert with a +recommended validity of 5 years. You may supply any information for +your sign request to identify your server. They are not currently +checked by the client except for the validity date. When asked for a +challenge password just leave it empty and press enter:: + + $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 + $ openssl rsa -passin pass:x -in server.pass.key -out server.key + writing RSA key + $ rm server.pass.key + $ openssl req -new -key server.key -out server.csr + ... + Country Name (2 letter code) [AU]:US + State or Province Name (full name) [Some-State]:California + Common Name (eg, YOUR name) []: electrum-server.tld + ... + A challenge password []: + ... + $ openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt + +The `server.crt` file goes in **SSL_CERTFILE** and `server.key` in +**SSL_KEYFILE** in the server process's environment. + +Starting with Electrum 1.9, the client will learn and locally cache +the SSL certificate for your server upon the first request to prevent +man-in-the middle attacks for all further connections. + +If your certificate is lost or expires on the server side, you will +need to run your server with a different server name and a new +certificate. Therefore it's a good idea to make an offline backup +copy of your certificate and key in case you need to restore them. + + .. _`ENVIRONMENT.rst`: https://github.com/kyuupichan/electrumx/blob/master/docs/ENVIRONMENT.rst .. _`samples/systemd/electrumx.service`: https://github.com/kyuupichan/electrumx/blob/master/samples/systemd/electrumx.service .. _`daemontools`: http://cr.yp.to/daemontools.html