B4J Question VPS ssl on port 8000 for a b4j webserver

yfleury

Active Member
Licensed User
Longtime User
Because this subject was beginning here
https://www.b4x.com/android/forum/threads/vps-jar-error.147321/
But there is not the right subject and to be confusing, so now it's was right place.
Click to expand...

I have a VPS server and a b4j webserver running port 8000
On my local computer, I create a keystore and upload it on vps.
Now I can acces to my b4j webserver on vps by https on port 8000. But I receive a warning the browser will not trust the certificate

On VPS I use Let's Encrypt on port 443 and port 80 is redirect to https (443)
So I can download .pem file
I can have acces to

CSR​

like this
-----BEGIN CERTIFICATE REQUEST-----
MIICqDCCAZACAQAwHDEa
....
....
auJxKwzQyE+4xhHWyQotdN2QmnPtmcyZfdaSq8NwREK5baJeE3/rbyrb0WNQ9nad
lD2/ugslDfJtLYPI
-----END CERTIFICATE REQUEST-----
Click to expand...

Private key (*.key)​

Certificate (*.crt)​

CA certificate (*-ca.crt)​

Then now I am stuck here. Can I do something with keystore and theses informations (Let's Encrypt things)?
What is next?
 
Solution
N
The first time is always difficult. But its probably my mistake...
Sort by date Sort by votes

aaronk

Well-Known Member
Licensed User
Longtime User

[Server] Using Let's Encrypt on Ubuntu VPS

#1 How to: Install Let's Encrypt on Ubuntu Linux VPS to Create SSL Certificates Downloading and Installing Let's Encrypt 1. Update the server's packages apt-get update & sudo apt-get upgrade 2. Install the GIT package apt-get install git 3. Download a clone of Let's Encrypt from the GitHub...
www.b4x.com
 
Upvote 0

Magma

Expert
Licensed User
Longtime User
...Hmmm you mean created custom/hand-made certificate at your local pc - to use it... and you receive that is not trusted... That is the right thing to be not trusted...

If you create a let's encrypt... and use it in "keystore" will be trusted.. (i think - because lately i use only mqtt that use the same certificates as apache)

You can use the let's encrypt at b4j server... read some of these:

Tutorial - Java KeyStores (JKS) With Let's Encrypt

Add certificates to KeyStore and Verify The key to adding the certs is associating them with the keys Commands: keytool -importcert -alias simple-cert -keystore letsencrypt.jks -storepass test12345 -file .\jks-simple-cert-with-chain.cer keytool -importcert -alias san-cert -keystore...
community.letsencrypt.org
 
Upvote 0

yfleury

Active Member
Licensed User
Longtime User
I have this error
Skipping bootstrap because certbot-auto is deprecated on this system.
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.
Click to expand...
I update, upgrate vps and install certbot, still same error
 
Upvote 0

Magma

Expert
Licensed User
Longtime User
That error you take... seems like is outdated-eol os... perhaps old Debian... 8. Or.9... better have newer version of Debian... 11
 
Upvote 0

Magma

Expert
Licensed User
Longtime User
Upvote 0

Magma

Expert
Licensed User
Longtime User
Upvote 0

Magma

Expert
Licensed User
Longtime User
Upvote 0

yfleury

Active Member
Licensed User
Longtime User
Thanks @Magma , I will look on that.

I ask to ChatGPT this
Not try but I am not sur is good
 
Upvote 0
N

nbarakat

Member
This is how I do it on Ubuntu to renew my certificate:

rm jetty.keystore
# convert certificate chain + private key to the PKCS#12 file format
openssl pkcs12 -export -out keystore.pkcs12 -in YOURPATHTOfullchain.pem -inkey YOURPATHTOprivkey.pem -name jetty -passout YOURKEYSTOREPASSWORD (Which you will use in B4J)

# convert PKCS#12 file into Java keystore format
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore jetty.keystore -storepass THEPASSWORDINABOVESTATEMENT -srcstorepass THEPASSWORDINABOVESTATEMENT

# don't need the PKCS#12 file anymore
rm keystore.pkcs12

Note: YOURPATHTO This is usually /etc/letsencrypt/live/yourdomain

You need to repeat the process every time you renew your letsencrypt cert.
Then you would need to restart your B4J server app.

Hope this works for you.
 
Upvote 0

yfleury

Active Member
Licensed User
Longtime User
B4X: 
root@vps-7a1ecfb2:/opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca# ls
cert.pem  chain.pem  fullchain.pem  privkey.pem  README
root@vps-7a1ecfb2:/opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca# openssl pkcs12 -export -out keystore.pkcs12 -in /opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca/fullchain.pem -inkey /opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca/privkey.pem -name jetty -passout 236541
Invalid password argument "236541"
Error getting passwords
It' so difficult and painfull, I am about to do my huge app in php just to have a certificate run on app.
 
Upvote 0
N

nbarakat

Member
The first time is always difficult. But its probably my mistake...

/opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca# openssl pkcs12 -export -out keystore.pkcs12 -in /opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca/fullchain.pem -inkey /opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca/privkey.pem -name jetty -passout pass:236541

Forgot to add the pass: to the password.
Hope it works this time.
 
Upvote 0
Solution

yfleury

Active Member
Licensed User
Longtime User
Now I need to move jetty.keystore to the folder of my .jar file?
 
Upvote 0
N

nbarakat

Member
No need. You can configure the path in B4J.

B4X: 
Sub setSSL(sslPort As Int)
    Dim KeyStoreDir As String = "/opt/psa/var/modules/letsencrypt/etc/live/travauxpublics.ca" ' The directory of the SSL keystore.
    Dim KeyStoreFile As String = "jetty.keystore" ' The SSL keystore filename.
    Dim KeyStorePassword As String = "236541" ' The SSL keystore password.
    Dim ssl As SslConfiguration
    ssl.Initialize ' Initializes the SSL configuration.
    ssl.SetKeyStorePath(KeyStoreDir, KeyStoreFile) ' Sets the path to the SSL keystore.
    ssl.KeyStorePassword = KeyStorePassword ' Sets the password for the SSL keystore.
    srvr.SetSslConfiguration(ssl, sslPort) ' Sets the SSL configuration for the web server and the SSL port.
End Sub

You can latter put the parameters in a configuration file and read then at startup.

You can rm keystore.pkcs12
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
B4J Question SSL on B4J server
Replies
1
Views
758
Erel
  • Question
B4J Question WiFi & Mqtt
Replies
2
Views
1K
OliverA
  • Question
B4J Question [solved] B4J Server at Home with SSL (Jetty)
Replies
11
Views
3K
mrred128
A
  • Question
B4J Question Why does B4j v5 try and access network resources on port 58914 when you install it?
Replies
2
Views
1K
Erel
M
  • Question
B4J Question MQTT Broker and port 8080
Replies
1
Views
2K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…