B4J Tutorial B4J Server: Requesting and Installing SSL Certificate

Discussion in 'B4J Tutorials' started by tchart, Jun 18, 2015.

  1. tchart

    tchart Active Member Licensed User

    I thought I would share how I requested and installed a SSL certificate for my B4J server.

    In my case I used namecheap.com to purchase a $9 SSL certificate. I already had a domain name and a server (on AWS). I had tried this with the free cert from StartSSL but that didnt work.

    You need to do the following on the server itself.

    1) Create a directory where you want to create your keystore. I put mine under C:\Data\Certs
    2) Start a command prompt (ie CMD) and CD into your directory (ie C:\Data\Certs)
    3) Create the keystore like this (your path to keytool will vary)
    Code:
    c:\java\jdk1.8.0_45\bin\keytool -keysize 2048 -genkey -alias jetty -keyalg RSA -keystore jetty.keystore
    4) Follow the prompts as it will ask you to enter some details. Make sure you enter your domain name when it asks you for your first/last name (This is important)
    2015-06-18 11_17_37-TCHART01 - Remote Desktop Connection Manager v2.2.png
    5) Once your keystore (jetty.keystore) has been created you must generate a certificate request (CSR)
    Code:
    c:\java\jdk1.8.0_45\bin\keytool -certreq -keyalg RSA -alias jetty -file csr.csr -keystore jetty.keystore
    6) Follow the prompts and it will create a text file in your directory called csr.csr
    7) Use the CSR as part of your certificate request (ie when you follow the process of your SSL provider).
    8) Once they have generated the certificate you should receive your certificate plus some other certificates. The other certificates build up the chain of trust in the key store.
    9) Import the certificates in the correct order (ie CA first, then intermediates and then your domain cert)
    10) In the case of namecheap I had to import 4 certs in this order;
    Code:
    c:\java\jdk1.8.0_45\bin\keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore jetty.keystore

    c:\java\jdk1
    .8.0_45\bin\keytool -import -trustcacerts -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore jetty.keystore

    c:\java\jdk1
    .8.0_45\bin\keytool -import -trustcacerts -alias COMODORSADomainValidationSecureServerCA -file COMODORSADomainValidationSecureServerCA.crt -keystore jetty.keystore

    c:\java\jdk1
    .8.0_45\bin\keytool -import -trustcacerts -alias jetty -file yourdomain.crt -keystore jetty.keystore
    11) Once that's done its a matter of setting the keystore path in your SSL initialisation (see Erels tutorial)
    Code:
    ssl.SetKeyStorePath(File.DirApp, "jetty.keystore"'path to keystore file
    Your web server should now be SSL certified!

    2015-06-18 11_27_27-.png
     
    Last edited: Jun 18, 2015
    inakigarm, Cableguy, Luk and 5 others like this.
Loading...