B4J Question SSL Problems

Discussion in 'B4J Questions' started by keirS, Jun 13, 2019.

  1. keirS

    keirS Well-Known Member Licensed User

    Trying to setup JServer with a SSL connection and get an error when trying to connect:
    "This site can’t provide a secure connection subdomain.mydomain.com uses an unsupported protocol.

    I am using Java 11 and B4j 7.51.

    I created a key store using keytool:

    Imported the intermediate certificate first.

    keytool -import -trustcacerts -keystore C:\b4j\my.keystore -alias intermediate -file C:\b4j\intermediate.cer
    Then the SSL certificate

    keytool -import -trustcacerts -keystore C:\b4j\new.keystore -alias mycert.cer -file C:\b4j\mycert.cer[/code

    It's Windows server and the mycert.cer file was generated by exporting the Web hosting certificate using the MMC certificates snap in.


    The certificate is a GlobalSign AlphaSSL wildcard certificate. I didn't export it with the private key but I don't think I need to? The intermediate certificate was downloaded from: https://www.alphassl.com/support/install-root-certificate.html.

    For test purposes I am just using Erels JServer example:

    Sub AppStart (Args() As String)
        srvr.Port = 
        srvr.StaticFilesFolder = 
    File.Combine(File.DirApp, "www")
        srvr.LogsFileFolder = 
    File.Combine(File.DirApp, "logs")
    "C:\b4j""new.keystore"'path to keystore file
        ssl.KeyStorePassword = "illuminati"
        ssl.KeyManagerPassword = 
    'add filter to redirect all traffic from http to https (optional)
    '    pool.Initialize("com.mysql.jdbc.Driver", "jdbc:mysql://localhost/test?characterEncoding=utf8", _
    '        "root", "")
    '    Log("Testing the database connection")
    '    pool.GetConnection.Close
    Log("Server started")
    End Sub
  2. Erel

    Erel Administrator Staff Member Licensed User

    The private key should be added to the server.

    What is the type of the key that you received from AlphaSSL?
    Peter Simpson and keirS like this.
  3. keirS

    keirS Well-Known Member Licensed User

    No idea what the original key was as it's a clients server and they can't find the original certificate files. I have managed to export the certificate to a pfx file and convert that using OpenSSL to a CRT file. The Key Attribute is: X509v3 Key Usage: 10
  4. keirS

    keirS Well-Known Member Licensed User

    I have manged to get this working! I exported the certificate to PFX format which includes the private key. Then i used Keytool to convert the PFX file to a JKS file.

    keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS
    Turns out OpenSSL is not required and you just need keytool.
    Erel and OliverA like this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice