search

chris-belcher / electrum-personal-server

Maximally lightweight electrum server for a single user
MIT License
600 stars 109 forks source link

Update the default certificate as it expired #289

Open starius opened 1 year ago

starius commented 1 year ago

Followed commands from https://github.com/chris-belcher/electrum-personal-server/issues/286#issuecomment-1465354568

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=C = US, ST = California, L = Sunnydale, O = Buffy The Vampire Slayer, CN = electrum-server.tld
$ openssl x509 -enddate -in server.crt
notAfter=Mar 12 07:34:45 2028 GMT
$ mv server.key cert.key
$ mv server.crt cert.crt

Fix https://github.com/chris-belcher/electrum-personal-server/issues/287

MartinacPlus commented 1 year ago

I recently encountered this problem when installing EPS on Windows. Could not figure out why EPS <-> Electrum Wallet connection is not working when everything was set correctly. Then I thought I resolved the problem, the connection worked with the new cert. Then I regenerated new cert and it broke again.

After a lot of swearing, I found out that Electrum Wallet keeps a suspiciously named file 127.0.0.1 in %AppData%\Roaming\Electrum\certs. The expectation was that it is the old cached cert that has already been overwritten in EPS. And because of cert-pinning, the fingerprint no longer matches. And indeed, after I deleted the file 127.0.0.1 and restarted the Wallet, the connection works again.