-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add how-to for lnd
self-signed TLS certificate management
#19
Comments
Ah, this is very unfortunate. I had my node serving remotely through nginx when testing, and didn't consider that the raw node has a self-signed certificate. Another quick workaround is to navigate to that URL, and manually bypass the error and accept the self-signed cert. Either way, this should be a part of the initial setup, and will be better served by having a full page for it ala #20. |
I think this should be reopened. AFAICT, not encouraging users to register LND's self-signed cert with Joule opens remote nodes up to MITM attacks. If Joule can't do a registration with the browser automatically (I'd be surprised if extensions were allowed to do this), we should probably direct the user towards browser-specific instructions for registering a custom certificate authority manually. Edit: happy to submit a PR for this if you agree. |
Google actually did make an API for this, but it's Chrome OS only: https://developer.chrome.com/extensions/certificateProvider I definitely agree that having the user properly add the certificate would be ideal. I think providing instructions can be a little daunting, because the method of adding a certificate is different for every operating system and browser combination. It would be most ideal for lnd to do one of the following:
But that's not likely to happen in the mean time. I'll try to get some more robust documentation up on lightningjoule.com that I can link to from the extension on how to do this for each operating system. |
I'm also beginning to come to terms with the possibility that Joule may require a native application to really work well. It would certainly clear up a whole lot of issues, this included. This is tracked in #106. |
It could not make Joule work with my RaspiBlitz for a long time but the instructions from @brandoncurtis solved it. It is a bit different on chrome now. I am thinking of making a tutorial to do this. Can it be any useful @wbobeirne ? |
made a version to connect to a RaspiBlitz: https://github.com/openoms/bitcoin-tutorials/blob/master/JouleToRaspiBlitz.md |
I'll also add how to import & trust the self-signed LND certificate on MacOS:
I hope it helps. |
…g-6.3.0 Upgrade @types/query-string: 6.1.1 → 6.3.0 (minor)
By default, Chromium Browser / Google Chrome won't recognize the self-signed TLS certificate prepared by
lnd
. This will prevent Joule from successfully connecting tolnd
.Chrome can be made to accept the self-signed cert by following these steps:
Now Chrome should accept the cert and Joule should be able to connect to
lnd
!The text was updated successfully, but these errors were encountered: