# Node Configs ## Configs **Mac** | Executable | Config path | Executable path | | ---------- | --------------------------------------------------------------------- | --------------------------------- | | Bchd/ | /Users/user-name/Library/Application Support/Bchd/bchd.conf | /Users/user-name/go/bin/bchd | | Bchwallet/ | /Users/user-name/Library/Application Support/Bchwallet/bchwallet.conf | /Users/user-name/go/bin/bchwallet | | Bchctl/ | /Users/user-name/Library/Application Support/Bchctl/bchctl.conf | /Users/user-name/go/bin/bchctl | ## bchwallet config File: `bchwallet.conf` ``` username= password= bchdusername= bchdpassword= rpccert=./rpc.crt # See certificates.md rpckey=./rpc.key # See certificates.md ``` ## bchctl config File: `bchctl.conf` ``` rpcuser= rpcpass= rpccert=./rpc.crt # See certificates.md ``` ## bchd config File: `bchd.conf` ``` [Application Options] rpcuser= rpcpass= rpclisten=:8334 rpccert=./rpc.crt rpckey=./rpc.key grpclisten=[::]:8335 prunedepth=300 txindex=1 addrindex=1 debuglevel=info ``` ## Certificates. ### Auto Generation * Post running the `bchd` on your local machine, you should be able to find the certificate and key that are generated by `bchd`. You can use that for local development purposes. See Sample `bchd` config: `rpccert=~/.bchd/rpc.cert` `rpckey=~/.bchd/rpc.key` ### Custom generation Output files * `ca.key`: Certificate Authority private key file (this shouldn't be shared in real-life) * `ca.crt`: Certificate Authority trust certificate (this should be shared with users in real-life) * `server.key`: Server private key, password protected (this shouldn't be shared) * `server.csr`: Server certificate signing request (this should be shared with the CA owner) * `server.crt`: Server certificate signed by the CA (this would be sent back by the CA owner) - keep on server * `server.pem`: Conversion of `server.key` into a format gRPC likes (this shouldn't be shared) ```bash #!/bin/bash # Changes these CN's to match your hosts in your environment if needed. SERVER_CN=localhost # Step 1: Generate Certificate Authority + Trust Certificate (ca.crt) openssl genrsa -passout pass:1111 -des3 -out ca.key 4096 openssl req -passin pass:1111 -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}" # Step 2: Generate the Server Private Key (server.key) openssl genrsa -passout pass:1111 -des3 -out server.key 4096 # Step 3: Get a certificate signing request from the CA (server.csr) openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}" -config certs.cnf # Step 4: Sign the certificate with the CA we created (it's called self signing) - server.crt openssl x509 -req -passin pass:1111 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions req_ext -extfile certs.cnf # Step 5: Convert the server certificate to .pem format (server.pem) - usable by gRPC openssl pkcs8 -topk8 -nocrypt -passin pass:1111 -in server.key -out server.pem # Addon: Generating unencrypted key for bchd server # openssl rsa -in server.pem -out key.unencrypted.pem -passin pass:1111 ``` `certs.cnf` ```javascript [ req ] default_bits = 4096 distinguished_name = dn req_extensions = req_ext prompt = no [ dn ] CN = localhost [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cashkit.gitbook.io/cashkit/configs/bchdnode.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.