B4J Question jRDC2 with SSL example

Angel Garcia

Member
Licensed User
Hello all,
Wondering if there is an example of jRDC2 with SSL connection, just in order to put me on the right direction.
First I'll go threw this tutorial:
https://www.b4x.com/android/forum/t...installing-ssl-certificate.55194/#post-346876

And later go threw this tutorial:
https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/

And the extra code in jrdc2 i need to add is something like this?:
ssl2:
Dim xSr As SslConfiguration
    xSr.Initialize
    xSr.KeyManagerPassword="SomeKeyManagerPassword"
    xSr.KeyStorePassword="SomeKeyStorePassword"
    xSr.SetKeyStorePath(File.DirAssets,"somefile.crt")
    srvr.SetSslConfiguration(xSr,17179)' a different port of the common http?
srvr.AddFilter("/*", "HttpsFilter", False)

Is this ok?

And after all that i could use https with jrdc2?, am i correct?

Many thanks all for your help!
 

Angel Garcia

Member
Licensed User
Hello,
Sorry for the super late response, i was coding some other pending features of the App.
I have already bought a security certificate from cheapsslshop, i have the 4 certs:
AAACertificateServices.crt
SectigoRSADomainValidationSecureServerCA.crt
USERTrustRSAAAACA.crt
mydomain.crt
How i create the keystore file from this point?
I've been trying to do the imports with the java keytool of this tutorial with no success:
https://www.b4x.com/android/forum/t...installing-ssl-certificate.55194/#post-346876
I have an "illegal option" exception:
1601608225975.png

Please help!

EDIT:
I finally was able to create the jetty.keystore file and imported the four certs with the "-importcert" command of keytool in this order:
AAACertificateServices.crt
USERTrustRSAAAACA.crt
SectigoRSADomainValidationSecureServerCA.crt
mydomain.crt
But i dont know if im doing it correctly because in jRDC i have a no valid keystore error:
java.lang.IllegalStateException: no valid keystore
Maybe its important to mention that i created the certificate request with the IIS tool of windows server, i dont know if that affects this, also the the bit length is 4096
Also threw the link tutorial of keytool is only requested the KeyStorePassword, where do i get the KeyManagerPassword?
Please help!!
 
Last edited:
Upvote 0

OliverA

Expert
Licensed User
Longtime User
Upvote 0

Angel Garcia

Member
Licensed User
Hello,
Still nothing, same error. :(.
Theres is an easier way to accomplish this?, i beleive we need an updated full tutorial for this, i think its quite complicated and needed for the security it provides for the jrdc server.
Many thanks all for your help
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
xSr.SetKeyStorePath(File.DirAssets,"somefile.crt")
Placing the keystore in the assets folder will generate the "no valid keystore" error. Try placing your generated keystore in File.DirApp and place it in the same location as your .jar file (and change the code to reflect the new location).
 
Upvote 0

Angel Garcia

Member
Licensed User
Hello Oliver,
Thanks that did the trick, now it works!
But now, i can't see the "test connection successful" with https, with the classic:
https://mydomain:17178/test, i get in return the "This website cannot provide a secure connection" ERR_SSL_PROTOCOL_ERROR error

I tried to make a query from B4A App with https and of course i get an error and from jRDC:
2020-10-08 23:25:05.225:WARN:eek:ejh.HttpParser:qtp1232367853-19: Illegal character 0x16 in state=START for buffer HeapByteBuffer@753f21ee[p=1,l=517,c=8192,r=516]={\x16<<<\x03\x01\x02\x00\x01\x00\x01\xFc\x03\x03\\Q\x1e\x88\xA8\xD7\x0c...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}

I used the port 17179 in the SSL configuration in jRDC , and in the config file the port used is 17178
Something i don't understand is how its managed 2 ports with the jRDC??
How do i resolve this?, i need to open additional port 17179 on windows firewall??

I just want to make secure calls/queries/etc from an B4A App to jRDC server

I think i'm close but, still cant make the secure connection

Please help!!🙏
 
Upvote 0

Angel Garcia

Member
Licensed User
Hi Erel,
Thanks for your advice, just did as you said with https://mydomain:17179/test
And now i get a cipher error
"This website cannot provide a secure connection
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Protocol not supported
The client and server do not support the same version of SSL or encryption protocol."
Whats missing?
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
What platform (B4J, B4A, B4i) is your client? What version of OS is running on your client?
 
Upvote 0

Angel Garcia

Member
Licensed User
Hello Oliver,
Well, the B4A App is on a Samsung J4, Android 10, but i'm executing the test url from a single web page on my laptop.
From the web page i get the error posted above using the test url, and from the App i call the endpoint https://mydomain:17179/rdc and i get "java.net.SSLHandshakeException:Handshake failed", and i dont see any query attemp or error on the jRDC log.
I don't know what is missing.
The jRDC is running on a VPS with Windows Server 2012
Maybe its important to mention that i already used the same certificate and bind it to the port 443 for performing post/get request to an aspx.net page, but the cert supplier told me that the same certificate could be used to bind it to more ports.
Whats wrong?
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
Maybe its important to mention that i already used the same certificate and bind it to the port 443 for performing post/get request to an aspx.net page
So you have a certificate imported into the IIS of the server? If so, you can export that certificate and import it into a keystore file. That should take care of the private key issue.
 
Upvote 0

Angel Garcia

Member
Licensed User
Here are all my steps, it's pretty simple, once you get it working :)
https://www.b4x.com/android/forum/t...how-to-use-in-java-server.123222/#post-769944
Hope it helps.

Hi Miguel,
i would like to try your solution, the downside of letsencrypt is that reading the FAQ they only last 3 months, and you have to keep renewing the certificates.
But if it works nice i would consider it as an option. Also i can't find the tool to create the certificates on the web page, you need to download a tool right?
Many thanks
 
Upvote 0

Angel Garcia

Member
Licensed User
For export steps, see: https://enterpriseit.co/windows-server/exporting-ssl-certificate-pfx-from-windows-server-iis/ You'll need the password you use for the export for the import to a jks file.
Now it works!!,
I followed this steps, exported the certificate as pfx and later used java keytool to import it as a JKS file with this command:
keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS

i got a JKS file and use it in the code of the jRDC server:
xSr.KeyStorePassword="MyPassword"
xSr.SetKeyStorePath(File.DirApp,"mykeystore.jks")
srvr.SetSslConfiguration(xSr,17179)' a different port of the common 17178 jrdc uses?
srvr.Start

In the web page with the url test connection now i see the connection successful, with the padlock icon :D
1602265461229.png

But, there is a problem, in the B4A App with the endpoint: , now i got a different error:
javax.net.ssl.SSLHandShakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
What is that?
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
Did you check the "Include all certificates in the certification path if possible" option during the export? I should be available when you pick the format of the export.
 
Upvote 0

Angel Garcia

Member
Licensed User
Did you check the "Include all certificates in the certification path if possible" option during the export? I should be available when you pick the format of the export.
Lol, no, because the tutorial said it should go unchecked, but, let me try an export with that option checked and will let you know
 
Upvote 0

MiguelL

Member
Licensed User
Hi Miguel,
i would like to try your solution, the downside of letsencrypt is that reading the FAQ they only last 3 months, and you have to keep renewing the certificates.
But if it works nice i would consider it as an option. Also i can't find the tool to create the certificates on the web page, you need to download a tool right?
Many thanks
If your are in windows (as I am for now), yes I'm not sure if there's an auto-renewal option, but you could do something with a batch file and maybe have that one running every 2 months or so with some task scheduler task. (always first do a --dry-run with certbot, as you only can do it a few times per week. If it's too early, you'd have to wait another week).
I downloaded the (beta) installer from here: https://certbot.eff.org/lets-encrypt/windows-other.html, you can download the executable below point "4" after making your choice (top of page) under "my website is running". (I can't remember well, but I think I chose "None" and "Windows").
I'll try to see if there's a way to auto-renew on windows and post it here once I find out. ( I think I saw a post of someone on this forum).
 
Upvote 0
Top