How to Enable SSL on PhantomBot


#1

This guide is meant for Linux, Windows steps will change.

Support

PhantomBot development can provide general support for SSL, but we cannot troubleshoot or tell you how to get the certificates from your Certificate Authority (CA) to work. You will need to work with your CA for any help in that regard. Our instructions are generic for any Java application; CAs have experience in this area and should provide documentation and support.

Introduction

To enable SSL in PhantomBot, you will first need to acquire an SSL certificate. There are several services available to acquire an SSL key from, and we will not suggest one service over another.

Once you do acquire your SSL key, you will need to have the chain and key files in an area that you can read from.

Creating Java Keystore

PhantomBot requires that the chain and key files be placed into an encrypted Java keystore. To add the files, you will need to run the following commands, note that you will be prompted to create a password by the openssl command, use that when you run the second command.

In the below, CHAIN_FILE is the chain file that is provided by your certificate provider. PRIVATE_KEY_FILE is the private key file that is provided by your certificate provider. HOST/DOMAIN_CERT_REGISTERED_TO is the host/domain that you registered the certificate for. PASSWORD is the password you picked during the first command.

openssl pkcs12 -export -in CHAIN_FILE -inkey PRIVATE_KEY_FILE -out pkcs.p12 -name HOST/DOMAIN_CERT_REGISTERED_TO

keytool -importkeystore -deststorepass PASSWORD -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias HOST/DOMAIN_CERT_REGISTERED_TO

In your PhantomBot botlogin.txt file, the following directives are required, PASSWORD is the password you chose during the first command:

usehttps=true
httpsPassword=PASSWORD
httpsFileName=/path/to/created/keystore.jks

If you place the keystore.jks file in your PhantomBot directory, you do not need the path.

This is an example run of the commands:

% openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name mydomain.com
Enter Export Password:
Verifying - Enter Export Password:

% keytool -importkeystore -deststorepass mysecret -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass mysecret -alias mydomain.com

% ls -l
total 24
-rw-r--r-- 1 iobot iobot 3461 May 15 20:26 fullchain.pem
-rw-rw-r-- 1 iobot iobot 3851 May 15 20:30 keystore.jks
-rw-rw-r-- 1 iobot iobot 4240 May 15 20:27 pkcs.p12
-rw-r--r-- 1 iobot iobot 1704 May 15 20:26 privkey.pem


Possible to use Phantombot proxied behind Nginx for secure connections?
Help with let's encrypt ssl
SSL for phantom panel
Phantombot over SSL giving: WebSocket Disconnected - Retrying Connection Every 5 Seconds
Openssl doesn't work