To enable SSL in PhantomBot, you will first need to acquire an SSL certificate. There are several services available to acquire an SSL key from, and we will not suggest one service over another.
Once you do acquire your SSL key, you will need to have the chain and key files in an area that you can read from.
Creating Java Keystore
PhantomBot requires that the chain and key files be placed into an encrypted Java keystore. To add the files, you will need to run the following commands, note that you will be prompted to create a password by the
openssl command, use that when you run the second command.
In the below, CHAIN_FILE is the chain file that is provided by your certificate provider. PRIVATE_KEY_FILE is the private key file that is provided by your certificate provider. HOST/DOMAIN_CERT_REGISTERED_TO is the host/domain that you registered the certificate for. PASSWORD is the password you picked during the first command.
openssl pkcs12 -export -in CHAIN_FILE -inkey PRIVATE_KEY_FILE -out pkcs.p12 -name HOST/DOMAIN_CERT_REGISTERED_TO
keytool -importkeystore -deststorepass PASSWORD -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass PASSWORD -alias HOST/DOMAIN_CERT_REGISTERED_TO
In your PhantomBot botlogin.txt file, the following directives are required, PASSWORD is the password you chose during the first command:
If you place the
keystore.jks file in your PhantomBot directory, you do not need the path.
This is an example run of the commands:
% openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name mydomain.com
Enter Export Password:
Verifying - Enter Export Password:
% keytool -importkeystore -deststorepass mysecret -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass mysecret -alias mydomain.com
% ls -l
-rw-r--r-- 1 iobot iobot 3461 May 15 20:26 fullchain.pem
-rw-rw-r-- 1 iobot iobot 3851 May 15 20:30 keystore.jks
-rw-rw-r-- 1 iobot iobot 4240 May 15 20:27 pkcs.p12
-rw-r--r-- 1 iobot iobot 1704 May 15 20:26 privkey.pem
PhantomBot development can provide general support for SSL, but may not be able to troubleshoot specific issues with the certificates provided by your certificate provider.