B4J Question [ABMaterial][ABKeystoreSSL]Setup Details [SOLVED]

[Philip Chatzigeorgiadis]

I have an ABM Web application running from my PC.
I have already set it up to run SSL with a self-signed certificate, generated via keytool (but of course browsers complain about such certificates).
So, I would like to use the ABKeystoreSSL to create valid certificates (https://www.b4x.com/android/forum/t...-generator-using-lets-encrypt.128115/#content).

I have some questions on some instructions for the use of ABKeystoreSSL, before I start experimenting.

QUESTION 1
Do I need to create some sort of user account with Let's Encrypt and use the account passwords in the keyStorePassword and keyManagerPassword varialbes of the GenerateJKS function?

QUESTION 2
ABKeystoreSSL instructions state:
You must have a domain and a web server like Apache running on port 80!

I have a domain, but the only server I am running on port 80 is the server created from my ABM app. Is this OK?

QUESTION 3
ABKeystoreSSL instructions state:
wwwFolder: needs to be the 'entry point' in your webserver (NOT your B4X app). In my case it was var/www/html and not var/www/)
MUST be accessible on port 80. Is for example your Apache Server.

Which folder will be considered the entry point of my ABM web app? Is it the www folder?


QUESTION 4
Do I need to use my ABM DonatorKey for ABMKeystoreSSL to work?

Thanks for any help!

 

[alwaysbusy]

Q1: No and those passwords are passwords you choose
Q2: this is probably not going to work as jServer is going to catch it which will not work. You need a normal Apache web server.
Q3: related to Q2, no it can not be the ABM www folder, but must be the native Apache folder
Q4: No

 

[Philip Chatzigeorgiadis]

Q1: No and those passwords are passwords you choose
Q2: this is probably not going to work as jServer is going to catch it which will not work. You need a normal Apache web server.
Q3: related to Q2, no it can not be the ABM www folder, but must be the native Apache folder
Q4: No

Thanks for the swift response, AlwaysBusy!

Regarding Q2 and Q3:
So I need to run an Apache web server on port 80. This means that my ABM web app should work on another port - which I guess is fine, since it will probably work on the SSL port. Is my understanding correct?

 

[alwaysbusy]

Yes. I have to admit I'm nowadays not very familiar anymore with how the whole thing works as we outsourced our whole network management and they take of the whole thing. We do not use this library anymore either. I know everything is now wrapped after haproxy so they probably do some kind of tricks with port forwarding so everything works smoothly for us.

 

[Philip Chatzigeorgiadis]

OK.
I will make some tests and report back my findings.

 

[Erel]

You have the option to make Apache act as a reverse proxy. This will allow you to use port 80 (externally) and you will not need a ssl certificate as the B4J server will only be accessed internally.

 

[alwaysbusy]

You have the option to make Apache act as a reverse proxy. This will allow you to use port 80 (externally) and you will not need a ssl certificate as the B4J server will only be accessed internally.

I think indeed this is how our network guys do it

 

[Philip Chatzigeorgiadis]

OK.
I will make some tests and report back my findings.

I confirm that having Apache at port 80 and ABM web app running SSL on a diferent port works fine.

There was one small issue. The ABKeystoreSSL lib listed in the library thread, i.e.

ABKeystoreSSL: SSL Certificate generator using Let's Encrypt

This library allows you to generate SSL Certificates without the need of using the openssl and keytool tools. It can also reload a certificate in a jServer app (also ABMServer or BANanoServer) at runtime (the reload is based on the code @OliverA provided). Download...

www.b4x.com

throws this error:

java.lang.NoClassDefFoundError: org/eclipse/jetty/util/log/StdErrLog

which is fixed using the ABKeystoreSSL lib which is listed in this trhead:

[ABMaterial] MakeJKS issue in B4J 9.80

Hey all! I've been trialing this ABMaterial template in B4J 9.50 but I'm getting an error when I upgrade to B4J 9.80. I'm getting an error saying StartMessageLoop was not called which is being fired by the line Result = JKS.GenerateJKS(domains, File.DirApp, JKSName, JKSStorePassword...

www.b4x.com

.

However, this version does not seem to support the JKS.ReloadJKS method.

@alwaysbusy, if possilbe, please consider updating the ABKeystoreSSL file in the ABKeystoreSSL library thread.

Thanks for your help!

 

[alwaysbusy]

if possilbe, please consider updating the ABKeystoreSSL file in the ABKeystoreSSL library thread.

should be updated now. Thank you for letting me know

 

[Philip Chatzigeorgiadis]

should be updated now. Thank you for letting me know

The new version you uploaded does not seem to support the JKS.ReloadJKS method (I also mentioned this in post #8 above).

 

[alwaysbusy]

Can you try this one? I have no access to an Apache server for the moment.

 

[Philip Chatzigeorgiadis]

Can you try this one? I have no access to an Apache server for the moment.

I am at my home PC right now, so I cannot run a full check, but the JKS.ReloadJKS method is now available.
I will report back next week, regarding functionality.

 

[Philip Chatzigeorgiadis]

Can you try this one? I have no access to an Apache server for the moment.

Tested on my production server. No problems so far.

So, this new version seems to take care of both the JKS.ReloadJKS method missing problem and method and "the java.lang.NoClassDefFoundError: org/eclipse/jetty/util/log/StdErrLog" problem.

It might be a good idea to update the library version in B4J as, right now, my B4J IDE shows ABMKeystoreSSL version 1.15, with Onlive version 1.08.

 

[Philip Chatzigeorgiadis]

@alwaysbusy, if possible, please update the dowload link in the ABMKeystoreSSL library thread with the 1.15 version.
Thanks.