From 8393f1b1b5619a81a0e117db2b7c8d3295acca02 Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@privatestorage.io> Date: Wed, 5 May 2021 20:21:00 +0000 Subject: [PATCH] Self-signed TLS key for the payment server --- morph/grid/local/README.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/morph/grid/local/README.rst b/morph/grid/local/README.rst index 4f5b59d2..e4d07e12 100644 --- a/morph/grid/local/README.rst +++ b/morph/grid/local/README.rst @@ -48,6 +48,7 @@ Here is a Ristretto key you can use, randomly generated just now:: Generate your own like this:: + [flo@la:~/PrivateStorageio]$ nix-shell [nix-shell:~/PrivateStorageio]$ nix-shell -p zkapissuer.components.exes.PaymentServer-generate-key [nix-shell:~/PrivateStorageio]$ PaymentServer-generate-key SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE= @@ -63,6 +64,13 @@ I think this will work for generating random Stripe secret keys (that our softwa Public keys are the same but "pk_test" instead of "sk_test" ("test" is for "test mode" key that can only process pretend txns; for real txns there are keys with "live" embedded). +The ZKAPIssuer.service needs a working TLS certificate and expects it in the certbot directory for the domain you configured, in my case:: + + openssl req -x509 -newkey rsa:4096 -nodes -keyout privkey.pem -out cert.pem -days 3650 + touch chain.pem + +Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``. + Use the local development environment ````````````````````````````````````` -- GitLab