A blockchain is a distributed database managed by a peer-to-peer network. The distributed database is also called a ledger which is a continuously growing chain of blocks. Each block contains a number of records and each block is linked to a previous block.

It is extremely difficult to change a record in any given block without the alteration of all subsequent blocks and the collusion of the network.

The first implementation of a blockchain was Bitcoin in 2009 invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto.

After the Bitcoin success many blockchain implementations followed such as Litecoin and Peercoin.

Other blockchain implementations introduces new kind of functionalities such as Ethereum and Dash.

How to make geth support SSL


Operating system used
macOS 10.12 Sierra

Software prerequisites

  1. If your website is secure for example: and your Dapp want to access a non-secure content:

    window.web3 = new Web3(new Web3.providers.HttpProvider("http:/localhost:8545"));

    Your browser will show a warning. If you use the Chrome browser, by default, it will not load scripts from unauthenticated sources. The user must explicitly alllow this.

    To avoid this geth need to support SSL.

  2. At this moment Sep 14, 2017 geth does not support SSL, but in the future it probably will.
    In the meantime, try this workaround solution using your own self signed certificate.

  3. Create the following folders:
    Type: mkdir ~/tools
    Type: mkdir ~/tools/proxy

  4. Create the node package.json file:
    Type: cd ~/tools/proxy
    Type: npm init

    You will see the following:

    This utility will walk you through creating a package.json file.
    It only covers the most common items, and tries to guess sensible defaults.

    See 'npm help json' for definitive documentation on these fields
    and exactly what they do.

    Use 'npm install <pkg>' afterwards to install a package and
    save it as a dependency in the package.json file.

    Press ^C at any time to quit.
    package name: (proxy)
    version: (1.0.0)
    description: Proxy server for ethereum node entry point: (index.js)
    test command:
    git repository:
    author: Robert Lie
    license: (ISC)
    About to write to /Users/robertlie/tools/proxy/package.json:

    "name": "proxy",
    "version": "1.0.0",
    "description": "Proxy server for ethereum node",
    "main": "index.js",
    "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
    "author": "Robert Lie",
    "license": "ISC"

    Is this ok? (yes)

  5. Install "http-proxy" package:
    Type: npm install http-proxy --save

  6. Install "fs" package:
    Type: npm install fs --save

  7. Create file ~/tools/proxy/ and add the following lines:

    ps aux | grep 'node index.js' | grep -v grep | awk '{print $2}' | xargs kill -9

  8. Change the file permission:
    Type: chmod 755

  9. Open the package.json file and edit the "scripts" value:

       "name": "proxy",
       "version": "1.0.0",
       "description": "Proxy server for ethereum node",
       "main": "index.js",
       "scripts": {
          "start": "node index.js &",
          "stop": "./"
       "author": "Robert Lie",
       "license": "ISC",
       "dependencies": {
          "fs": "0.0.1-security",
          "http-proxy": "^1.16.2"

  10. Create the index.js file:
    Type: touch ~/tools/proxy/index.js

  11. The index.js file contains the following lines. Modify the paths according to your situation:

    var httpProxy = require('http-proxy');
    var fs = require('fs');

      target: {
        host: 'localhost',
        port: 8545
     ssl: {
        key: fs.readFileSync(
        '/Users/robertlie/tools/proxy/ssl/proxy.mobilefish.key', 'utf8'),
        cert: fs.readFileSync(
        '/Users/robertlie/tools/proxy/ssl/proxy.mobilefish.crt', 'utf8')

  12. We need to create the proxy server certificate (proxy.mobilefish.crt) and proxy server private key (proxy.mobilefish.key).

  13. First create a self signed SSL certificate issued by a Certificate Authority (CA).
    The Certificate Authority is in this case yourself.

    • Type: mkdir ~/tools/proxy/ssl
      Type: cd ~/tools/proxy/ssl

    • First create a 2048 bit CA private key.
      Type: sudo openssl genrsa -out privkey.pem 2048

      You will see the following:

      Generating RSA private key, 2048 bit long modulus
      e is 65537 (0x10001)

    • The following file is created:
      ~/tools/proxy/ssl/privkey.pem (this is the CA private key)

    • Create a self signed CA certificate.
      Type: sudo openssl req -new -x509 -days 3650 -nodes -key privkey.pem -sha256 -out ca.pem

      Enter the following information (change the values according to your situation):

      You are about to be asked to enter information that will be incorporated
      into your certificate request.
      What you are about to enter is what is called a Distinguished Name or a DN.
      There are quite a few fields but you can leave some blank
      For some fields there will be a default value,
      If you enter '.', the field will be left blank.
      Country Name (2 letter code) [AU]:NL
      State or Province Name (full name) [Some-State]:Noord-Holland
      Locality Name (eg, city) []:Zaandam
      Organization Name (eg, company) [Internet Widgits Pty Ltd] CA
      Organizational Unit Name (eg, section) []:
      Common Name (e.g. server FQDN or YOUR name) []:
      Email Address []:

    • The following file is created:
      ~/tools/proxy/ssl/ca.pem (this is the CA certificate)

    • Create a server configuration file ~/tools/proxy/ssl/proxy.mobilefish.csr.cnf containing the following lines:

      default_bits = 2048
      prompt = no
      default_md = sha256
      distinguished_name = dn

      O=End Point
      OU=Research and development
      [email protected]
      CN =

    • Create the server Certificate Signing Request and server private key.
      Type: sudo openssl req -new -sha256 -nodes -out proxy.mobilefish.csr -newkey rsa:2048 -keyout proxy.mobilefish.key -config proxy.mobilefish.csr.cnf

      You will see the following:

      Generating a 2048 bit RSA private key
      writing new private key to 'proxy.mobilefish.key'

    • The following files are created:
      ~/tools/proxy/ssl/proxy.mobilefish.csr (this is the server certificate signing request)
      ~/tools/proxy/ssl/proxy.mobilefish.key (this is the server private key)

    • Create a server extension file ~/tools/proxy/ssl/proxy.mobilefish_v3.ext containing the following lines:

      keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
      subjectAltName = @alt_names

      DNS.1 =

      This is step is needed if you want to avoid the following error in Chrome browser:

      This server could not prove that it is; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection.

    • Create the server certificate.
      Type: sudo openssl x509 -req -in proxy.mobilefish.csr -CA ca.pem -CAkey privkey.pem -CAcreateserial -out proxy.mobilefish.crt -days 3650 -sha256 -extfile proxy.mobilefish_v3.ext

      You will see the following:

      Signature ok
      subject=/C=NL/ST=Zaandam/L=Noord-Holland/O=End Point/OU=Research and development/ [email protected]/
      Getting CA Private Key

    • The following file is created:
      ~/tools/proxy/ssl/proxy.mobilefish.crt (this is the server certificate)

  14. The following steps applies to Mac users. How it is done on other OS I do not know (sorry..).

    The proxy.mobilefish.crt certificate is self signed and is not created by an official CA Authority.
    To always trust our own self signed certificate:

    • Right click file proxy.mobilefish.crt and select "Open With" and select "Keychain Access".

    • Open the "Keychain Access" app if it does not open.

    • Double click the certificate

    • Expand Trust.

    • Select "When using this certificate" Always Trust.
      Note: The image is an example of another subdomain!

      Always trust the certificate

  15. Now add the following line in your hosts file (/etc/hosts):

  16. By default the geth HTTP JSON-RPC address is localhost and its port is 8545. If you have changed this:

    geth --rpc --rpcaddr <ip> --rpcport <portnumber>

    ...modify the target host and port in file ~/tools/proxy/index.js accordingly.

  17. In your Dapp for example Demonstration Ethereum Dapp, modify your Web3.providers.HttpProvider.

    window.web3 = new Web3(new Web3.providers.HttpProvider( ""));

    The proxy server address is: (Set in: /etc/host)
    The proxy server port is: 9070 (Set in: ~/tools/proxy/ssl/index.js)

  18. Start your geth node.

  19. Start the proxy server.
    Type: cd ~/tools/proxy/
    Type: npm start

  20. Stop the proxy server.
    Type: cd ~/tools/proxy/
    Type: npm stop

  21. Open the Chrome browser and access your Dapp for example Demonstration Ethereum Dapp.
    The browser should not display any warning messages.