B4J Question Need help to change PEMs to keystore-file

schimanski

Well-Known Member
Licensed User
Longtime User
I have made my own certificate authoritie and i had also installed the root-certificate on my clients. In the next step, i had created the server-certificate. The result are these three pem-files:

B4X: 
zertifikat-key.pem
zertifikat-pub.pem
ca-root.pem

Did somebody knows, how i can made the keystore-file for my server out of these pem-files?

When it runs like a charm, I will made a tutorial to make the own certificate authoritie.

Thanks for help...
 
Sort by date Sort by votes

schimanski

Well-Known Member
Licensed User
Longtime User
Thanks, Erel for your efforts, but i have spend several hours to change the three pem-files into a valid keystore-file. I tried it with portecle, keystoreexplorer, openssl, but always the same error:

B4X: 
java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:225)
    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:55)
    at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:864)
    at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:270)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
    at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:125)
    at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:107)
    at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
    at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:125)
    at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:107)
    at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:260)
    at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
    at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:218)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
    at org.eclipse.jetty.server.Server.doStart(Server.java:337)
    at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
    at anywheresoftware.b4j.object.ServerWrapper.Start(ServerWrapper.java:151)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at anywheresoftware.b4a.shell.Shell.runVoidMethod(Shell.java:606)
    at anywheresoftware.b4a.shell.Shell.raiseEventImpl(Shell.java:227)
    at anywheresoftware.b4a.shell.Shell.raiseEvent(Shell.java:156)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at anywheresoftware.b4a.BA.raiseEvent2(BA.java:93)
    at anywheresoftware.b4a.ShellBA.raiseEvent2(ShellBA.java:82)
    at anywheresoftware.b4a.BA.raiseEvent(BA.java:84)
    at de.sekutor.eisserver.main.main(main.java:29)
2015-10-10 10:10:54.127:WARN:oejuc.AbstractLifeCycle:main: FAILED SslConnectionFactory@5f3a4b84{SSL-http/1.1}: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
....

For all german users, I got the following link to make my own CA. Perhaps, there is someone who needs it and is able to change it into a valid keystore...

https://thomas-leister.de/internet/eine-eigene-openssl-ca-erstellen-und-zertifikate-ausstellen/
 
Upvote 0

schimanski

Well-Known Member
Licensed User
Longtime User
ok. now I have a valid keystore, after changing some parameter in the keystore explorer:

But now, I get the following exception on my android client:

B4X: 
javax.net.ssl.SSLPeerUnverifiedException: Hostname 89.1xx.xxx.xx not verified:    certificate: sha1/8SD0SuZlZXQMB1/xL2gPSvl92gI=
    DN: 1.2.840.113549.1.9.1=#161c6569732d6d657373656e67657240666c696e6b2d656d61696c2e6465,CN=89.1xx.xxx.xx,OU=EIxxxxxxxx,O=schimanski,L=Gangelt,ST=Nordrhein-Westfalen,C=DE
    subjectAltNames: []

The root-certificte is installed om my androd client under user/certificates
 
Upvote 0

schimanski

Well-Known Member
Licensed User
Longtime User
Next tests: I checked everything with my iphone6+ and it works. The iphone communicates with my server over https without using hc.initializeAcceptAll. So I think, that the keystore file ist correct. But what's the reason for the exception on my android-phone?
 
Upvote 0
You must log in or register to reply here.

Similar Threads

H
  • Solved
B4J Question Problems with B4J's use of certificates
Replies
5
Views
899
hzq200409
H
  • Article
B4J Library [server] LetsEncrypt SSL certificates
Replies
12
Views
5K
hatzisn
  • Question
B4J Question [SOLVED] - Javaobject Problem - JWT with RSA256
Replies
1
Views
5K
hatzisn
  • Article
B4J Tutorial [Server] Using Let's Encrypt on Ubuntu VPS
2
Replies
24
Views
14K
Sandman
  • Locked
  • Article
B4J Tutorial [Server] SSL Connections
2
Replies
32
Views
35K
Erel
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…