B4J Tutorial How to Install an SSL Certificate in B4J Server (Jetty)

ssl.png


This is a easy way to install SSL Certificate on a VPS with Jetty.

(1) Goto ZeroSSL to create free sll for your domain: https://zerossl.com/

(2) Download your Certificate (includes 3 files: ca_bundle.crt, certificate.crt, private.key)

(3) Download Openssl if you have not yet on your computer. (https://slproweb.com/products/Win32OpenSSL.html)

(4) Joint Certificate, open a new command prompt (C:\Program Files\OpenSSL-Win64\bin).

Run:

B4X: 
openssl pkcs12 -export -in d:\certificate.crt -inkey d:\private.key -out d:\abc.p12

(5) Move to the JDK software where installed on your computer (ex: C:\Program Files\Java\jdk1.8.0_333\bin)

Run:

B4X: 
keytool -importkeystore -srckeystore d:\abc.p12 -srcstoretype PKCS12 -destkeystore d:\abc.jks -deststoretype JKS

(6) Copy abc.jks on to Object folder

ssl.png
 
Last edited:
Click to expand...
aminoacid

aminoacid

Active Member
Licensed User
Longtime User
If you are using the "Lets Encrypt" free certificates, the above procedure to create the keystore is the same except in the openssl command replace the two file names as follows:


B4X: 
openssl pkcs12 -export -in d:\fullchain.pem -inkey d:\privkey.pem -out d:\abc.p12


You may also have to include in the openssl command above:

-passout pass:12345678

and in the keytool command:

-srcstorepass 12345678 -deststorepass 12345678

to correspond to the passwords specified in the ConfigureSSl sub.


[edit 11/22/2023]
If you are using Ionos wildcard starter certificates (or I would think any other Ionos Cert):

1. Download the private Key and two Certificate files (renamed for this example): private.key, ssl_certificate.cer, ssl_certificate_intermediate.cer

2. Create the certificate chain file by concatenating the two cer files - make sure that the ssl_certificate file is first.

cat certificate.cer certificate_intmediate.cer > certificate_bundle.cer

3. Generate the pkcs12 file:

B4X: 
openssl pkcs12 -export -inkey private.key -in certificate_bundle.cer -out jetty.pkcs12 -passout pass:12345678


4. Generate the keystore for jetty to use:

B4X: 
keytool -importkeystore -noprompt -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -srcstorepass 12345678 -destkeystore web.keystore -deststorepass 12345678

Ignore warning about "JKS keystore uses a proprietary format"

The keystore file is "web.keystore" with password "12345678"
 
Last edited:
  • Like
Reactions: byz
You must log in or register to reply here.

Similar Threads

Erel
  • Article
B4J Library [server] LetsEncrypt SSL certificates
Replies
12
Views
2K
hatzisn
hatzisn
Erel
  • Article
B4J Library jServer v4.0 - Based on Jetty 11
2 3
Replies
41
Views
16K
aeric
aeric
alwaysbusy
  • Article
B4J Library ABKeystoreSSL: SSL Certificate generator using Let's Encrypt
2
Replies
20
Views
6K
alwaysbusy
alwaysbusy
Erel
  • Article
B4J Code Snippet [B4X] Trust all SSL Socket
Replies
10
Views
6K
Magma
Magma
Erel
  • Locked
  • Article
B4J Tutorial [Server] SSL Connections
2
Replies
32
Views
28K
Erel
Erel
Top