B4J Question SSL Problems


Well-Known Member
Licensed User
Trying to setup JServer with a SSL connection and get an error when trying to connect:
"This site can’t provide a secure connection subdomain.mydomain.com uses an unsupported protocol.

I am using Java 11 and B4j 7.51.

I created a key store using keytool:

Imported the intermediate certificate first.

keytool -import -trustcacerts -keystore C:\b4j\my.keystore -alias intermediate -file C:\b4j\intermediate.cer
Then the SSL certificate

keytool -import -trustcacerts -keystore C:\b4j\new.keystore -alias mycert.cer -file C:\b4j\mycert.cer[/code

It's Windows server and the mycert.cer file was generated by exporting the Web hosting certificate using the MMC certificates snap in.

The certificate is a GlobalSign AlphaSSL wildcard certificate. I didn't export it with the private key but I don't think I need to? The intermediate certificate was downloaded from: https://www.alphassl.com/support/install-root-certificate.html.

For test purposes I am just using Erels JServer example:

Sub AppStart (Args() As String)
    srvr.Port = 2220
    srvr.StaticFilesFolder = File.Combine(File.DirApp, "www")
    srvr.LogsFileFolder = File.Combine(File.DirApp, "logs")
    srvr.AddHandler("/hello", "HelloPage", False)
    srvr.AddHandler("/FormExampleHelper", "FormExampleHelper", False)
    srvr.AddHandler("/FileUpload", "FileUpload", False)
    ssl.SetKeyStorePath("C:\b4j", "new.keystore") 'path to keystore file
    ssl.KeyStorePassword = "illuminati"
    ssl.KeyManagerPassword = "illuminati"
    srvr.SetSslConfiguration(ssl, 2225)
    'add filter to redirect all traffic from http to https (optional)
'    pool.Initialize("com.mysql.jdbc.Driver", "jdbc:mysql://localhost/test?characterEncoding=utf8", _
'        "root", "")
'    Log("Testing the database connection")
'    pool.GetConnection.Close
    Log("Server started")
End Sub


Well-Known Member
Licensed User
No idea what the original key was as it's a clients server and they can't find the original certificate files. I have managed to export the certificate to a pfx file and convert that using OpenSSL to a CRT file. The Key Attribute is: X509v3 Key Usage: 10


Well-Known Member
Licensed User
I have manged to get this working! I exported the certificate to PFX format which includes the private key. Then i used Keytool to convert the PFX file to a JKS file.

keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS
Turns out OpenSSL is not required and you just need keytool.


Well-Known Member
Licensed User