B4J Question SSL Problems

[keirS]

Trying to setup JServer with a SSL connection and get an error when trying to connect:
"This site can’t provide a secure connection subdomain.mydomain.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

I am using Java 11 and B4j 7.51.

I created a key store using keytool:

Imported the intermediate certificate first.

keytool -import -trustcacerts -keystore C:\b4j\my.keystore -alias intermediate -file C:\b4j\intermediate.cer

Then the SSL certificate

keytool -import -trustcacerts -keystore C:\b4j\new.keystore -alias mycert.cer -file C:\b4j\mycert.cer[/code

It's Windows server and the mycert.cer file was generated by exporting the Web hosting certificate using the MMC certificates snap in.

The certificate is a GlobalSign AlphaSSL wildcard certificate. I didn't export it with the private key but I don't think I need to? The intermediate certificate was downloaded from: https://www.alphassl.com/support/install-root-certificate.html.


For test purposes I am just using Erels JServer example:

Sub AppStart (Args() As String)
    srvr.Initialize("srvr")
    srvr.Port = 2220
   
    srvr.StaticFilesFolder = File.Combine(File.DirApp, "www")
    srvr.LogsFileFolder = File.Combine(File.DirApp, "logs")
    srvr.AddHandler("/hello", "HelloPage", False)
    srvr.AddHandler("/FormExampleHelper", "FormExampleHelper", False)
    srvr.AddHandler("/FileUpload", "FileUpload", False)
   
    ssl.Initialize
    ssl.SetKeyStorePath("C:\b4j", "new.keystore") 'path to keystore file
    ssl.KeyStorePassword = "illuminati"
    ssl.KeyManagerPassword = "illuminati"
    srvr.SetSslConfiguration(ssl, 2225)
    'add filter to redirect all traffic from http to https (optional)
   
'    pool.Initialize("com.mysql.jdbc.Driver", "jdbc:mysql://localhost/test?characterEncoding=utf8", _
'        "root", "")
'    Log("Testing the database connection")
'    pool.GetConnection.Close
    srvr.Start
    Log("Server started")
    StartMessageLoop
End Sub

 

[Erel]

The private key should be added to the server.

What is the type of the key that you received from AlphaSSL?

 

[keirS]

No idea what the original key was as it's a clients server and they can't find the original certificate files. I have managed to export the certificate to a pfx file and convert that using OpenSSL to a CRT file. The Key Attribute is: X509v3 Key Usage: 10

 

[keirS]

I have manged to get this working! I exported the certificate to PFX format which includes the private key. Then i used Keytool to convert the PFX file to a JKS file.

keytool -importkeystore -srckeystore C:\SSLCerts\mycert.pfx -srcstoretype pkcs12 -destkeystore C:\SSLCerts\mykeystore.jks -deststoretype JKS

Turns out OpenSSL is not required and you just need keytool.

 

[Angel Garcia]

I exported the certificate to PFX format

Hello Keir,
I'm facing a similar situation, and i want to try your solution, how did you exported your certificate to a PFX format?
Many thanks in advance!

 

[keirS]

Hello Keir,
I'm facing a similar situation, and i want to try your solution, how did you exported your certificate to a PFX format?

The link below explains how to export to PFX.

Windows Certificate Management with PowerShell

Effortlessly manage certs using Windows Certificate Manager and PowerShell. Simplify complex concepts and enhance your IT security skills.

adamtheautomator.com