This tutorial will walk you through getting SSL setup on your linux server. SSL encrypts your traffic and prevents eavesdroppers from being able to view your requests/traffic.

To learn how to setup your own self-hosted OpenBazaar instance on a Linux VPS click here

For this tutorial I will be using a Debian-based system (Ubuntu 18.04) but these packages are available for all major linux distros.

Notes

Client refers to the computer you will connect from.

Server Refers to the computer you will connect to.

Server Steps

1) We will first generate a self-signed certificates on your server

1
2
3
4
5
6
7
8
9
10
11
12
13
cd $HOME/.openbazaar2.0

ExternalIPAddress=$(curl ipinfo.io/ip)

openssl genrsa -out rootCA.key 4096

openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out OpenBazaar.crt -subj "/C=DE/ST=Germany/L=Walldorf/O=SAP SE/OU=Tools/CN=OpenBazaar.crt"

openssl genrsa -out server.key 4096

openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Germany/L=Walldorf/O=SAP SE/OU=Tools/CN=$ExternalIPAddress"

openssl x509 -req -in server.csr -CA OpenBazaar.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 1024

2) Now you will need to edit your config file to use your generated certificates

1
2
3
4
5
sed -i -E "s/(\"SSL\": )false/\1true/" config

sed -i -E "s|(\"SSLCert\": \")|\1$HOME/.openbazaar2.0/server.crt|" config

sed -i -E "s|(\"SSLKey\": \")|\1$HOME/.openbazaar2.0/server.key|" config

Client Steps

1) On the computer you are using to connect to OpenBazaar you will need to install your newly generated certificate

Your OpenBazaar client will not accept your self-signed certificate without first importing it in to your OS. Download your OpenBazaar.crt file from your server.

Once you download OpenBazaar.crt on to your CLIENT computer you should be able to double click it to install it.

TroubleShooting

Many people report having issues with their OpenBazaar server refusing to connect due to the SSL certificate being rejected by the CLIENT. Many times this issue is because your CLIENT computer needs to be restarted for the electron/chromium trust settings to update.

If you are having issues with your CLIENT computer not being able to connect I would recommend first trying to restart your computer.

Conclusion

Congratulations - you should now be able to connect to your server securely over SSL.

To learn how to remotely connect to your instance click here