B4J Question jRDC2 with SSL example

[Angel Garcia]

Hello all,
Wondering if there is an example of jRDC2 with SSL connection, just in order to put me on the right direction.
First I'll go threw this tutorial:
https://www.b4x.com/android/forum/t...installing-ssl-certificate.55194/#post-346876

And later go threw this tutorial:
https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/

And the extra code in jrdc2 i need to add is something like this?:

Dim xSr As SslConfiguration
    xSr.Initialize
    xSr.KeyManagerPassword="SomeKeyManagerPassword"
    xSr.KeyStorePassword="SomeKeyStorePassword"
    xSr.SetKeyStorePath(File.DirAssets,"somefile.crt")
    srvr.SetSslConfiguration(xSr,17179)' a different port of the common http?
srvr.AddFilter("/*", "HttpsFilter", False)

Is this ok?

And after all that i could use https with jrdc2?, am i correct?

Many thanks all for your help!

 

[MiguelL]

Now it works!!,
I followed this steps, exported the certificate as pfx and later used java keytool to import it as a JKS file with this command:
keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS

i got a JKS file and use it in the code of the jRDC server:
xSr.KeyStorePassword="MyPassword"
xSr.SetKeyStorePath(File.DirApp,"mykeystore.jks")
srvr.SetSslConfiguration(xSr,17179)' a different port of the common 17178 jrdc uses?
srvr.Start

In the web page with the url test connection now i see the connection successful, with the padlock icon
View attachment 101221
But, there is a problem, in the B4A App with the endpoint:

https://mydomain:17179/rdc

, now i got a different error:
javax.net.ssl.SSLHandShakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
What is that?

Not sure if you micht run into this same problem, but I got everything working on my mobile (J5) using Firefox, but everything failed on Chrome.
Cleaning the history (cache) did not make any difference. After re-installing Chrome on my mobile suddenly everything worked also from Chrome.

 

[Angel Garcia]

Finally!!
Thanks Oliver!

Did you check the "Include all certificates in the certification path if possible" option during the export? I should be available when you pick the format of the export.

Finally got it working, yes you were right. Now it works on devices and from web page.
This way was easier for me, (for windows server users)
1. First you purchase a certificate from cheapssl.com or some other, for a long time (at least 1 year),
2. You install it on your IIS server
3. And then you perform the export as a pfx file with the link that oliver provided, https://enterpriseit.co/windows-server/exporting-ssl-certificate-pfx-from-windows-server-iis/
4. Then import back as a JKS file with the java keytool, with this command: keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS , and finally
5. Use the imported JKS file to the xSr.SetKeyStorePath(File.DirApp,"mykeystore.jks")
Many thanks to all for your kind support!!

 

[MiguelL]

Hi Miguel,
i would like to try your solution, the downside of letsencrypt is that reading the FAQ they only last 3 months, and you have to keep renewing the certificates.
But if it works nice i would consider it as an option. Also i can't find the tool to create the certificates on the web page, you need to download a tool right?
Many thanks

I found this as a possible solution for auto renewal on windows, but still have to test it. Glad your solution is working! I might go for the same solution too once I get some more experience with all of this.
regards.