username=<your-rpc-user-name>
password=<your-rpc-password>
bchdusername=<your-rpc-user-name>
bchdpassword=<your-rpc-password>
rpccert=./rpc.crt # See certificates.md
rpckey=./rpc.key # See certificates.mdrpcuser=<your-rpc-user-name>
rpcpass=<your-rpc-password>
rpccert=./rpc.crt # See certificates.md[Application Options]
rpcuser=<your-rpc-user-name>
rpcpass=<your-rpc-password>
rpclisten=:8334
rpccert=./rpc.crt
rpckey=./rpc.key
grpclisten=[::]:8335
prunedepth=300
txindex=1
addrindex=1
debuglevel=info#!/bin/bash
# Changes these CN's to match your hosts in your environment if needed.
SERVER_CN=localhost
# Step 1: Generate Certificate Authority + Trust Certificate (ca.crt)
openssl genrsa -passout pass:1111 -des3 -out ca.key 4096
openssl req -passin pass:1111 -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}"
# Step 2: Generate the Server Private Key (server.key)
openssl genrsa -passout pass:1111 -des3 -out server.key 4096
# Step 3: Get a certificate signing request from the CA (server.csr)
openssl req -passin pass:1111 -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}" -config certs.cnf
# Step 4: Sign the certificate with the CA we created (it's called self signing) - server.crt
openssl x509 -req -passin pass:1111 -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt -extensions req_ext -extfile certs.cnf
# Step 5: Convert the server certificate to .pem format (server.pem) - usable by gRPC
openssl pkcs8 -topk8 -nocrypt -passin pass:1111 -in server.key -out server.pem
# Addon: Generating unencrypted key for bchd server
# openssl rsa -in server.pem -out key.unencrypted.pem -passin pass:1111[ req ]
default_bits = 4096
distinguished_name = dn
req_extensions = req_ext
prompt = no
[ dn ]
CN = localhost
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1