You should start bchd with a least the following options:
bchd -u yourUsername -P yourPassword --rpclisten=0.0.0.0 --externalip=your_ip_here
Alternatively you can put these options in the config file found at ~/.bchd/bchd.conf so you don't need to enter them at start.
rpcuser=your_username
rpcpass=your_loooooonnng_password
rpclisten=0.0.0.0
externalip=your_ip_here
On the very first start bchd generates a rpc.key and rpc.cert file and puts them in the data directory. ~/.bchd/rpc.cert, etc.
The cert file MUST have your external IP in it or it wont connect. This is why you pass the --externalip= option in at start. It will
put the IP you pass in into the rpc.cert file when it creates it.
If you already started bchd once without the --externalip= flag it likely created the cert file without your IP in it. This is OK, however,
as you can just delete the rpc.key and rpc.cert files and restart bchd with the --externalip= option and it will create
a new key and cert.
From the Neutrino Android Wallet side I recommend letting the wallet sync to the tip in SPV mode before entering your bchd credentials. You technically can sync to the tip after entering your credentials but it is much slower than just syncing in SPV mode then entering your credentials and connecting to bchd.
This should not be considered a security reduction because the wallet will detect if the previous chain tip (from syncing SPV) doesn't match the current chain tip (reported by your full node) and will rollback and rescan from any fork point if one is detected.
To enter the credentials in the wallet you will need:
- The IP address of your full node
- Your
rpcuserusername - Your
rpcpasswordpassword - The text of the
rpc.certfile
The connection to your full node will be encrypted and authenticated.