B4J Tutorial How to Install an SSL Certificate in B4J Server (Jetty)



This is a easy way to install SSL Certificate on a VPS with Jetty.

(1) Goto ZeroSSL to create free sll for your domain: https://zerossl.com/

(2) Download your Certificate (includes 3 files: ca_bundle.crt, certificate.crt, private.key)

(3) Download Openssl if you have not yet on your computer. (https://slproweb.com/products/Win32OpenSSL.html)

(4) Joint Certificate, open a new command prompt (C:\Program Files\OpenSSL-Win64\bin).

Run:

B4X:
openssl pkcs12 -export -in d:\certificate.crt -inkey d:\private.key -out d:\abc.p12

(5) Move to the JDK software where installed on your computer (ex: C:\Program Files\Java\jdk1.8.0_333\bin)

Run:

B4X:
keytool -importkeystore -srckeystore d:\abc.p12 -srcstoretype PKCS12 -destkeystore d:\abc.jks -deststoretype JKS

(6) Copy abc.jks on to Object folder

 
Last edited:

aminoacid

Active Member
Licensed User
Longtime User
If you are using the "Lets Encrypt" free certificates, the above procedure to create the keystore is the same except in the openssl command replace the two file names as follows:


B4X:
openssl pkcs12 -export -in d:\fullchain.pem -inkey d:\privkey.pem -out d:\abc.p12


You may also have to include in the openssl command above:

-passout pass:12345678

and in the keytool command:

-srcstorepass 12345678 -deststorepass 12345678

to correspond to the passwords specified in the ConfigureSSl sub.


[edit 11/22/2023]
If you are using Ionos wildcard starter certificates (or I would think any other Ionos Cert):

1. Download the private Key and two Certificate files (renamed for this example): private.key, ssl_certificate.cer, ssl_certificate_intermediate.cer

2. Create the certificate chain file by concatenating the two cer files - make sure that the ssl_certificate file is first.

cat certificate.cer certificate_intmediate.cer > certificate_bundle.cer

3. Generate the pkcs12 file:

B4X:
openssl pkcs12 -export -inkey private.key -in certificate_bundle.cer -out jetty.pkcs12 -passout pass:12345678


4. Generate the keystore for jetty to use:

B4X:
keytool -importkeystore -noprompt -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -srcstorepass 12345678 -destkeystore web.keystore -deststorepass 12345678

Ignore warning about "JKS keystore uses a proprietary format"

The keystore file is "web.keystore" with password "12345678"
 
Last edited:
Reactions: byz
Cookies are required to use this site. You must accept them to continue using the site. Learn more…