B4J Question SSL Problems

keirS

Well-Known Member
Licensed User
Longtime User
Trying to setup JServer with a SSL connection and get an error when trying to connect:
"This site can’t provide a secure connection subdomain.mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH"


I am using Java 11 and B4j 7.51.

I created a key store using keytool:

Imported the intermediate certificate first.

B4X:
keytool -import -trustcacerts -keystore C:\b4j\my.keystore -alias intermediate -file C:\b4j\intermediate.cer

Then the SSL certificate

B4X:
keytool -import -trustcacerts -keystore C:\b4j\new.keystore -alias mycert.cer -file C:\b4j\mycert.cer[/code


It's Windows server and the mycert.cer file was generated by exporting the Web hosting certificate using the MMC certificates snap in.




The certificate is a GlobalSign AlphaSSL wildcard certificate. I didn't export it with the private key but I don't think I need to? The intermediate certificate was downloaded from: https://www.alphassl.com/support/install-root-certificate.html.


For test purposes I am just using Erels JServer example:

B4X:
Sub AppStart (Args() As String)
    srvr.Initialize("srvr")
    srvr.Port = 2220
   
    srvr.StaticFilesFolder = File.Combine(File.DirApp, "www")
    srvr.LogsFileFolder = File.Combine(File.DirApp, "logs")
    srvr.AddHandler("/hello", "HelloPage", False)
    srvr.AddHandler("/FormExampleHelper", "FormExampleHelper", False)
    srvr.AddHandler("/FileUpload", "FileUpload", False)
   
    ssl.Initialize
    ssl.SetKeyStorePath("C:\b4j", "new.keystore") 'path to keystore file
    ssl.KeyStorePassword = "illuminati"
    ssl.KeyManagerPassword = "illuminati"
    srvr.SetSslConfiguration(ssl, 2225)
    'add filter to redirect all traffic from http to https (optional)
   
'    pool.Initialize("com.mysql.jdbc.Driver", "jdbc:mysql://localhost/test?characterEncoding=utf8", _
'        "root", "")
'    Log("Testing the database connection")
'    pool.GetConnection.Close
    srvr.Start
    Log("Server started")
    StartMessageLoop
End Sub
 

keirS

Well-Known Member
Licensed User
Longtime User
No idea what the original key was as it's a clients server and they can't find the original certificate files. I have managed to export the certificate to a pfx file and convert that using OpenSSL to a CRT file. The Key Attribute is: X509v3 Key Usage: 10
 
Upvote 0

keirS

Well-Known Member
Licensed User
Longtime User
I have manged to get this working! I exported the certificate to PFX format which includes the private key. Then i used Keytool to convert the PFX file to a JKS file.

B4X:
keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS

Turns out OpenSSL is not required and you just need keytool.
 
Upvote 0

keirS

Well-Known Member
Licensed User
Longtime User
Hello Keir,
I'm facing a similar situation, and i want to try your solution, how did you exported your certificate to a PFX format?

The link below explains how to export to PFX.

 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…