B4J Question Jetty Server - HTTPS - Certbot - LetsEncrypt - Jetty or Apache

Discussion in 'B4J Questions' started by lip, May 14, 2019.

  1. lip

    lip Active Member Licensed User

    I am running a server on a raspberry pi. It serves a Webpage for control but the main function is to co-ordinate other Rapsberry Pi's online using Websockets.

    I need the server to be secure but failing miserably...

    I got a domain name, pointed it to my external IP, port forwarded port 80 and 443 to my internal local fixed IP address and can connect externally.

    I self-signed a certificate directly into the keystore on the pi server and configured SSL in the B4J code to use that keystore. I could then connect directly to the server using https but with a warning that the certificate could not be verified. The SHA1 fingerprint in the keystore had an alias of 'jetty' (not sure if that is relevant).

    I have now got a 'real' certificate from LetsEncrypt as a file PiCertificate.cer I used "keytool -import" to add this to the keystore. Using keytool -list I can see a new entry with alias 'mykey'. However, an external connection still used the previous self-signed entry.

    I deleted the old keystore entry and renamed the alias for my LetsEncrypt entry as 'jetty'

    An external connection connection to https:// now gives a message: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

    I am starting to wonder of the LetsEncrypt certificate is valid for jetty? Or if I have to do more than just import it into the keystore?
     
  2. Erel

    Erel Administrator Staff Member Licensed User

  3. lip

    lip Active Member Licensed User

    Thanks Erel. I had read and tried to follow this thread before but failed. This time, because you had pointed me there, I persevered and it worked insofar as I can browse to the server securely. However, I am now struggling with wss:// connections to the server from raspberry pi clients running B4J. Strangely, my Tablets running B4A WILL connect to the server using the wss:// prefix.

    This works on B4J Pi to Unsecured Server:
    Code:
    wshRemote.Connect(ws://sub.domain.com/wsc?SN=12345)
    This does NOT work on B4J Pi to Secured Server
    Code:
    wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
    This DOES work from B4A Tablet to Secure Server
    Code:
    wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
    The error message when connecting from Pi to Secure Server is:-

    org.eclipse.jetty.websocket.api.UpgradeException: 0 null
    at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
    at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:193)
    at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:185)
    at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:459)
    at org.eclipse.jetty.client.HttpReceiver.abort(HttpReceiver.java:540)
    at org.eclipse.jetty.client.HttpChannel.abortResponse(HttpChannel.java:129)
    at org.eclipse.jetty.client.HttpSender.terminateRequest(HttpSender.java:376)
    at org.eclipse.jetty.client.HttpSender.abort(HttpSender.java:561)
    at org.eclipse.jetty.client.HttpSender.anyToFailure(HttpSender.java:345)
    at org.eclipse.jetty.client.HttpSender$CommitCallback.failed(HttpSender.java:712)
    at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.failed(HttpSenderOverHTTP.java:303)
    at org.eclipse.jetty.io.WriteFlusher$PendingState.fail(WriteFlusher.java:262)
    at org.eclipse.jetty.io.WriteFlusher.onFail(WriteFlusher.java:491)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$FailWrite.run(SslConnection.java:1229)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
     
  4. lip

    lip Active Member Licensed User

    Thanks Erel. I had read and tried to follow this thread before but failed. This time, because you had pointed me there, I persevered and it worked insofar as I can browse to the server securely. However, I am now struggling with wss:// connections to the server from raspberry pi clients running B4J. Strangely, my Tablets running B4A WILL connect to the server using the wss:// prefix.

    This works on B4J Pi to Unsecured Server:
    Code:
    wshRemote.Connect(ws://sub.domain.com/wsc?SN=12345)
    This does NOT work on B4J Pi to Secured Server
    Code:
    wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
    This DOES work from B4A Tablet to Secure Server
    Code:
    wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
    The error message when connecting from Pi to Secure Server is:-

    org.eclipse.jetty.websocket.api.UpgradeException: 0 null
    at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
    at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:193)
    at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:185)
    at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:459)
    at org.eclipse.jetty.client.HttpReceiver.abort(HttpReceiver.java:540)
    at org.eclipse.jetty.client.HttpChannel.abortResponse(HttpChannel.java:129)
    at org.eclipse.jetty.client.HttpSender.terminateRequest(HttpSender.java:376)
    at org.eclipse.jetty.client.HttpSender.abort(HttpSender.java:561)
    at org.eclipse.jetty.client.HttpSender.anyToFailure(HttpSender.java:345)
    at org.eclipse.jetty.client.HttpSender$CommitCallback.failed(HttpSender.java:712)
    at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.failed(HttpSenderOverHTTP.java:303)
    at org.eclipse.jetty.io.WriteFlusher$PendingState.fail(WriteFlusher.java:262)
    at org.eclipse.jetty.io.WriteFlusher.onFail(WriteFlusher.java:491)
    at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$FailWrite.run(SslConnection.java:1229)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
     
  5. Erel

    Erel Administrator Staff Member Licensed User

    Try this code:
    Code:
    ws.Initialize("ws")
       ws.Connect(
    "wss://b4x.com:51041/smiley/ws")
       
    Wait For ws_Connected
       
    Log("connected")
     
  6. Erel

    Erel Administrator Staff Member Licensed User

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice