Thank you Erel, I read that link yesterday but couldn't get things to work. This morning I read it again and managed to create the keystore file.
Didn't work though. After having read many many posts here, I tried again with a LetsEncrypt certificate.
Now everything works! I can't believe it was that easy.
Steps A to D:
A) ------------------------------------------------------------------------------------
certbot certonly
Saving debug log to C:\Certbot\log\letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):
mydomain.ddns.net
Obtaining a new certificate
←[1m
IMPORTANT NOTES:
←[0m - Congratulations! Your certificate and chain have been saved at:
C:\Certbot\live\mydomain.ddns.net\fullchain.pem
Your key file has been saved at:
C:\Certbot\live\mydomain.ddns.net\privkey.pem
Your cert will expire on 2021-01-06. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
-> NOTE: for Renewal: certbot renew --dry-run (always do a --dry-run first, then without the parameter))
B) ------------------------------------------------------------------------------------
copy C:\Certbot\live\mydomain.ddns.net\fullchain.pem c:\OpenSSL-1.0.2p
copy C:\Certbot\live\mydomain.ddns.net\privkey.pem c:\OpenSSL-1.0.2p
cd \OpenSSL-1.0.2p
openssl pkcs12 -export -out keystore.pkcs12 -in ./fullchain1.pem -inkey ./privkey1.pem
Enter Export Password:
Verifying - Enter Export Password:
C) ------------------------------------------------------------------------------------
copy c:\OpenSSL-1.0.2p\keystore.pkcs12 c:\\java\jdk-11.0.1\bin
cd \java\jdk-11.0.1\bin
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore jetty.keystore
Importing keystore keystore.pkcs12 to jetty.keystore...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias 1 successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
D) ------------------------------------------------------------------------------------
copy the "jetty.keystore" file to the .........\objects\key folder of my b4j java server application.
here's my code:
Sub AppStart (Args() As String)
srvr.Initialize("")
rdcConnector1.Initialize
ConfigureSSL(
443)
srvr.Port = rdcConnector1.serverPort '17178 as the one used in the tutorial
srvr.AddHandler("/test", "TestHandler", False)
srvr.AddHandler("/rdc", "RDCHandler", False)
srvr.Start
Log($"jRDC is running (version = $1.2{VERSION})"$)
StartMessageLoop
End Sub
Private Sub ConfigureSSL (SslPort As Int)
'example of SSL connector configuration
Dim ssl As SslConfiguration
ssl.Initialize
Log(File.DirApp)
ssl.SetKeyStorePath(File.DirApp, "/key/jetty.keystore") 'path to keystore file
ssl.KeyStorePassword = "myPassword" 'I used the same password for both
ssl.KeyManagerPassword = "myPassword"
srvr.SetSslConfiguration(ssl, SslPort)
'add filter to redirect all traffic from http to https (optional)
'srvr.AddFilter("/*", "HttpsFilter", False) 'when uncommented I get an exception see next question here
End Sub
Then once the app is running I go to a webbrowser with this address:
or
Thank you to all of you who have been struggling with this before me.
Your posts have been very helpful.
