B4J Tutorial B4J Server: Requesting and Installing SSL Certificate

tchart

Active Member
Licensed User
I thought I would share how I requested and installed a SSL certificate for my B4J server.

In my case I used namecheap.com to purchase a $9 SSL certificate. I already had a domain name and a server (on AWS). I had tried this with the free cert from StartSSL but that didnt work.

You need to do the following on the server itself.

1) Create a directory where you want to create your keystore. I put mine under C:\Data\Certs
2) Start a command prompt (ie CMD) and CD into your directory (ie C:\Data\Certs)
3) Create the keystore like this (your path to keytool will vary)
B4X:
c:\java\jdk1.8.0_45\bin\keytool -keysize 2048 -genkey -alias jetty -keyalg RSA -keystore jetty.keystore
4) Follow the prompts as it will ask you to enter some details. Make sure you enter your domain name when it asks you for your first/last name (This is important)
2015-06-18 11_17_37-TCHART01 - Remote Desktop Connection Manager v2.2.png

5) Once your keystore (jetty.keystore) has been created you must generate a certificate request (CSR)
B4X:
c:\java\jdk1.8.0_45\bin\keytool -certreq -keyalg RSA -alias jetty -file csr.csr -keystore jetty.keystore
6) Follow the prompts and it will create a text file in your directory called csr.csr
7) Use the CSR as part of your certificate request (ie when you follow the process of your SSL provider).
8) Once they have generated the certificate you should receive your certificate plus some other certificates. The other certificates build up the chain of trust in the key store.
9) Import the certificates in the correct order (ie CA first, then intermediates and then your domain cert)
10) In the case of namecheap I had to import 4 certs in this order;
B4X:
c:\java\jdk1.8.0_45\bin\keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore jetty.keystore

c:\java\jdk1.8.0_45\bin\keytool -import -trustcacerts -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore jetty.keystore

c:\java\jdk1.8.0_45\bin\keytool -import -trustcacerts -alias COMODORSADomainValidationSecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore jetty.keystore

c:\java\jdk1.8.0_45\bin\keytool -import -trustcacerts -alias jetty -file yourdomain.crt -keystore jetty.keystore
11) Once that's done its a matter of setting the keystore path in your SSL initialisation (see Erels tutorial)
B4X:
ssl.SetKeyStorePath(File.DirApp, "jetty.keystore") 'path to keystore file
Your web server should now be SSL certified!

2015-06-18 11_27_27-.png
 
Last edited:

Angel Garcia

Member
Licensed User
Hello,
I know it is an old thread, but I have a question, i have already bought a security certificate from cheapsslshop, i have the 4 certs.
How i create the keystore file from this point?
AAACertificateServices.crt
SectigoRSADomainValidationSecureServerCA.crt
USERTrustRSAAAACA.crt
mydomain.crt
How i create the keystore file from this point?
I've been trying to do the imports with the java keytool of this tutorial with no success
I have an "illegal option" exception:
1601608295045.png


EDIT:
I finally was able to create the jetty.keystore file and imported the four certs with the "-importcert" command of keytool in this order:
AAACertificateServices.crt
USERTrustRSAAAACA.crt
SectigoRSADomainValidationSecureServerCA.crt
mydomain.crt
But i dont know if im doing it correctly because in jRDC i have a no valid keystore error:
java.lang.IllegalStateException: no valid keystore
Maybe its important to mention that i created the certificate request with the IIS tool of windows server, i dont know if that affects this, also the the bit length is 4096
Also threw the link tutorial of keytool is only requested the KeyStorePassword, where do i get the KeyManagerPassword?
Please help!!
 
Last edited:
Top