This tutorial will walk you through getting SSL setup on your linux server. SSL encrypts your traffic and prevents eavesdroppers from being able to view your requests/traffic.
For this tutorial I will be using a Debian-based system (Ubuntu 18.04) but these packages are available for all major linux distros.
Client refers to the computer you will connect from.
Server Refers to the computer you will connect to.
1) We will first generate a self-signed certificates on your server
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out OpenBazaar.crt -subj "/C=DE/ST=Germany/L=Walldorf/O=SAP SE/OU=Tools/CN=OpenBazaar.crt"
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Germany/L=Walldorf/O=SAP SE/OU=Tools/CN=$ExternalIPAddress"
openssl x509 -req -in server.csr -CA OpenBazaar.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 1024
2) Now you will need to edit your config file to use your generated certificates
sed -i -E "s/(\"SSL\": )false/\1true/" config
1) On the computer you are using to connect to OpenBazaar you will need to install your newly generated certificate
Your OpenBazaar client will not accept your self-signed certificate without first importing it in to your OS. Download your OpenBazaar.crt file from your server.
Once you download OpenBazaar.crt on to your CLIENT computer you should be able to double click it to install it.
Many people report having issues with their OpenBazaar server refusing to connect due to the SSL certificate being rejected by the CLIENT. Many times this issue is because your CLIENT computer needs to be restarted for the electron/chromium trust settings to update.
If you are having issues with your CLIENT computer not being able to connect I would recommend first trying to restart your computer.
Congratulations - you should now be able to connect to your server securely over SSL.