RPC Connection only over SSL, SSL - RPC, Check, #9365
Comments
|
Regarding your questions.
I didn't understand this part. What do you mean by save with ssl?
My apologies. I didn't quite understand this question.
You mean something like wireshark/tcpdump? One other way would be to set log level to 4, and look at the data transmitted during RPC requests and response.
Same as the previous question. |
Here I meant whether there is a way to check and ensure that the SSL-RPC connection is fully functional?
Which certificates does SSL use for an RPC connection and where are they usually stored in the system? Are they the certificates that I find under "/home/user/.bitmonero"? Because there are two here, "rpc_ssl.crt" and "rpc_ssl.key", are these the standard certificates used for an SSL-RPC connection? If I don't specify any others?
Yes here i meant wireshark/tcpdump or the log level 4.
Is this proof that SSL is being used? it seems that "--rpc-ssl enabled" allows a non ssl connection if SSL is switched off on the client (Cakewallet). A connection is nevertheless established here without SSL. (Cakewallet Option: SSL use off) The background of my question is to make absolutely sure that my connection from Cakewallet (RPC-Client) to my Monero node (RPC-Server), which is protected with user and password, is also protected via SSL. I want to exclude my own mistakes here and also protect my username and password.
Here I meant a possible command to display the RPC clients and their connections to the Monero node, e.g. with "print_rpc" or similar. But I have now looked through all the documents and found nothing about this. I thought there was a possibility to display the RPC requests of the last hour or similar. Next time I'll write more clearly :) |
|
I just did a test starting The |
Hey,
I want to run my CakeWallet only over SSL to my own Node.
All works fine is seems, but:
To check that everything is working fine I have a few points:
Is the Options --rpc-ssl with command,
** enabled** -> Does this command rejects connections without ssl? Can I be sure that the connection is save with ssl?
Is there a way to use "Only" SSL for RPC connection?
b: Where are the different between "enabled" and "auto" by dyfault? "Disabled" are clear.
Take the Option --rpc-ssl with the command enabled the certificate from the folder .bitmonero?
Is there a way to check the ssl connection?
If I create my own new public and private certificate with monero-gen-ssl-cert, is this a bug?, that the privat certificate is usually a .txt file? (the text file is fine, and includes the right certificates)
This happend if i don't set a file typ for the creating with monero-gen-ssl-cert, what kind of certificates are need, because in the .bitmonero folder the files are .crt and .key and not .pem? Does it metter? (It's work to create filename.pem) (I seems fine to work with all three .crt, .key and .pem)
The CakeWallet is't a real helper, because there is a point to set "Use SSL" but it does't matter if i set it or not there is no different, here i guess the CakeWallet is on Auto SSL.
Is there a way in the running monerod, to check the ssl?
Suggestin for the future, i guess that was definitley discuss a lot in the past, to force "Use Only SSL for RPC".
Thanks for all.
Used Monero Version 0.18.3.3
Linux Kernel: 6.9.3-1
References:
The text was updated successfully, but these errors were encountered: