B4J Question [Solved] [ABMaterial] - using https (secure)

Harris · Apr 13, 2019

myApp.StartServerHTTP2(srvr, "srvr", port, 443,"keystore","b12xxxxx","b12xxxxx" ) ' port = 51046
Is this correct?

I purchased SSL cert from SSLs.com (namecheap)...

I had my VPS provider setup the certs on my VPS.
I created a keystore (named keystore) according to this command - and answering questions...

keytool -keystore keystore -alias jetty -genkey -keyalg RSA

Updated server with new jar and rebooted. The jar did start on the server, however
now I can't run the app in my browser.

Jmu5667 · Feb 25, 2021

This product Aprelium - Abyss Web Server provides auto renewal of certs. I am by no means an expert in this field of SSL certs, but is it not possible that we can build an app/service to do this. Both myself and @Harris have said we would be willing to pay for such a solution. I also think that it would benifit the community/ABM and B4X. @sfsameer would would consider this as a new app ?

We as a company are planning a whole suite for ABM tools for our customer base, which is quite large, but the hassle fo cert renewals if quite off putting.

Regards

John.

alwaysbusy · Feb 25, 2021

Jmu5667 said:
but the hassle fo cert renewals if quite off putting

That is why we took a hosting service who does take care of everything for us and just pay them

. As we serve thens of thousands of users and we want to guarantee maximum up time and optimal load balancing, trying to do this ourselves was not an option so we left it to the real experts in this field.

Alwaysbusy

Jmu5667 · Feb 25, 2021

alwaysbusy said:
That is why we took a hosting service who does take care of everything for us and just pay them . As we serve thens of thousands of users and we want to guarantee maximum up time and optimal load balancing, trying to do this ourselves was not an option so we left it to the real experts in this field.

Alwaysbusy

Under windows what the the best method(paid/free) for having ABM apps running without having to stop the app to do a keystore update and restart the app when the cert needs renewing ?

alwaysbusy · Feb 25, 2021

Jmu5667 said:
without having to stop the app to do a keystore update and restart the app

no idea for windows, we use Linux.

One thing you could try is stopping the jServer (not the jar), reload the new certificate and then restart the jServer. something like this:

B4X:

' stop the Server
Dim joServer As JavaObject = srvr
joServer.GetFieldJO("server").RunMethod("stop", Null)

' load the new SSL
Dim ssl As SslConfiguration
ssl.Initialize
ssl.SetKeyStorePath(File.DirApp, SSLKeyStoreFileName) 'path to keystore file
ssl.KeyStorePassword = SSLKeyStorePassword
ssl.KeyManagerPassword = SSLKeyManagerPassword
srvr.SetSslConfiguration(ssl, SSLsvrPort)

' re-start the server
joServer.GetFieldJO("server").RunMethod("start", Null)

Maybe my ABCron lib can be some help to do this at a certain time: https://www.b4x.com/android/forum/threads/web-app-with-mssql-database.71243/post-455994

Alwaysbusy

Jmu5667 · Feb 25, 2021

alwaysbusy said:
no idea for windows, we use Linux.

One thing you could try is stopping the jServer (not the jar), reload the new certificate and then restart the jServer. something like this:

B4X:

' stop the Server Dim joServer As JavaObject = srvr joServer.GetFieldJO("server").RunMethod("stop", Null) ' load the new SSL Dim ssl As SslConfiguration ssl.Initialize ssl.SetKeyStorePath(File.DirApp, SSLKeyStoreFileName) 'path to keystore file ssl.KeyStorePassword = SSLKeyStorePassword ssl.KeyManagerPassword = SSLKeyManagerPassword srvr.SetSslConfiguration(ssl, SSLsvrPort) ' re-start the server joServer.GetFieldJO("server").RunMethod("start", Null)

Maybe my ABCron lib can be some help to do this at a certain time: https://www.b4x.com/android/forum/threads/web-app-with-mssql-database.71243/post-455994

Alwaysbusy

Thanks, I'll give that a try @OliverA

alwaysbusy · Feb 25, 2021

I'm looking further into how we could get the Let's Encrypt Certificate through code...

Alwaysbusy

Jmu5667 · Feb 25, 2021

alwaysbusy said:
I'm looking further into how we could get the Let's Encrypt Certificate through code...

Alwaysbusy

The abyss web server, does it get the .crt file delived to C:\Abyss Web Server\kcstore folder or some other folder, if so we can monitor it and if the file has changed then some how create a new keystore file using it, would this be possible ?

OliverA · Feb 25, 2021

For certificate renewals under Windows, maybe use something like this https://www.win-acme.com/ . Then this support ticket seems to have added got reloading to Jetty: https://github.com/eclipse/jetty.project/issues/918. So add this with

Jmu5667 said:
monitor it and if the file has changed

and a little bit of glue code, there may be an auto-renewal system for Jetty

Jmu5667 · Feb 25, 2021

java - how to add .crt file to keystore and trust store - Stack Overflow

alwaysbusy · Feb 25, 2021

OliverA said:
this https://www.win-acme.com/

I'm wrapping the acme4j library and see how far I can get. I believe it can get to the .crt file, so then it would just be a matter to run the openssl and keytool via jshell.

Jmu5667 · Feb 25, 2021

OliverA said:
For certificate renewals under Windows, maybe use something like this https://www.win-acme.com/ . Then this support ticket seems to have added got reloading to Jetty: https://github.com/eclipse/jetty.project/issues/918. So add this with

and a little bit of glue code, there may be an auto-renewal system for Jetty

Thats very interesting

Jmu5667 · Feb 25, 2021

What version of Jetty is included in Jserver in B4J 8.9( @Erel )

alwaysbusy · Feb 25, 2021

Jmu5667 said:
version of Jetty is included in Jserver in B4J

jetty-9.4.z I believe

Jmu5667 · Feb 25, 2021

alwaysbusy said:
jetty-9.4.z I believe

Do you know if SslContextFactory.reload is in 9.4.z ?

alwaysbusy · Feb 25, 2021

Ok I have been able to do what certbot can do, but with B4X code. I received a domain-chain.crt on my Raspberry Pi 4:

B4X:

Sub AppStart (Args() As String)
    Dim client As ABACMEClient
    client.Initialize("./html/") '<--- here I had to search where my 'entry point' in my webserver was (it was var/www/html and not var/www/)
   
    Dim domains As List
    domains.Initialize
   
    domains.Add("banano.always-busy.com")
    Log(client.fetchCertificate(domains))
   
    StartMessageLoop
End Sub

Alwaysbusy

alwaysbusy · Feb 25, 2021

Now how to get from this .crt file to the .jks file...

OliverA · Feb 25, 2021

This may be some interesting code to wrap/adapt: https://github.com/alastairmccormack/keyutil/tree/master/src/uk/co/mccnet/keyutil
This would negate the need of keytool/openssl usage (meaning: lots of external dependencies gone)

alwaysbusy · Feb 25, 2021

I'm looking into similar code

Jmu5667 · Feb 25, 2021

OliverA said:
This may be some interesting code to wrap/adapt: https://github.com/alastairmccormack/keyutil/tree/master/src/uk/co/mccnet/keyutil
This would negate the need of keytool/openssl usage (meaning: lots of external dependencies gone)

The ultimate solution would be a B4J app that will produce a keystore file. All other ABM apps can look to see if the keystore file has been modified and reload it wihout stopping the ABM app. Our company use's LetsEncrypt for certs.

OliverA · Feb 25, 2021

OliverA said:
Then this support ticket seems to have added got reloading to Jetty

Hot loading works!!!!! See https://www.b4x.com/android/forum/t...f-sslcontextfactory-reload.128051/post-802925

B4J Question [Solved] [ABMaterial] - using https (secure)

Expert

Well-Known Member

Expert

Well-Known Member

Expert

Well-Known Member

Expert

Well-Known Member

Expert

Well-Known Member

Expert

Well-Known Member

Well-Known Member

Expert

Well-Known Member

Expert

Expert

Expert

Expert

Well-Known Member

Expert

Similar Threads