Using https & Self Signed Certificates - lgallard/youTorrent-Controller GitHub Wiki

Due to Google is now more strict in the handling of SSL certificates in Android, they forced developers stop using insecure implementations for self-signed certificates. To accomplish this now you must use a BouncyCastle Keystore (BKS) to use self-signed certificates with youTorrent Controller.

You can use this keystore, which was created from a uTorrent server (blank password), and use it in youTorrent Controller.

Alternatively you can generate your own BouncyCastle keystore following the steps explained next.

###Getting the certificate

  1. Get the your the certificate from your uTorrent server:
openssl s_client -showcerts -connect 192.168.1.101:8080 </dev/null > utorrent.crt

In this example uTorrent IP address is 192.168.1.101 and is listening on port 8080.

  1. Edit the utorrent.crt file, and leave only the certificate information:

-----BEGIN CERTIFICATE----- MIICTjCCAbegAwIBAgIBADANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJVUzEL MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCkJp dFRvcnJlbnQxETAPBgNVBAsMCHVUb3JyZW50MREwDwYDVQQDDAh1VG9ycmVudDAe Fw0xNjA0MDMxOTM5MDBaFw0xNzA0MDgxOTM5MDBaMG0xCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwKQml0 VG9ycmVudDERMA8GA1UECwwIdVRvcnJlbnQxETAPBgNVBAMMCHVUb3JyZW50MIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZCjmFZb/lS/Va4KGXPaaMZvRi5vo5 2z8d0T3V1sm7hr/2eZibWvRoKei2cgV86UYbLm+Wj5MMVaMXBuorRooIcf9HnwqD lrJwmfZ67KwBodFSZd5fRtAFjHy2HtkhQe3nEDHYLAEiytUY0YEQ+4rG4uYrOOEa WWqlDmzynlWoVQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGmwuL5Toz8k8okM5i6T wMm/tiuF1d18RaFBX5TpxYFw9IVXnY/OfBdgdMrBjA9+JAQc4RsGyPQk3rIyxIos pbys7HiLgrq96f8qx2qNggSs9edGcnPOdaCgw//eMxL0LwTeJcutCgcGsqU5uaG8 E4qIfUbXSwWTfuEuCOrveO3p -----END CERTIFICATE-----


###Creating the BKS keystore using Portecle

Portecle is a user friendly GUI application for creating, managing and examining keystores and more. This is the easies way. 

You can download Portecle from here, the follow these steps:

![New Keystore](https://c2.staticflickr.com/2/1645/25843963135_3f150e17fa_z.jpg)

<details> 
<summary> ======= **Click here to see the remaining screenshots** =======</summary>
![BKS](https://c2.staticflickr.com/2/1516/25723034052_528a59cd19_z.jpg)
![Import Trusted Certificate](https://c2.staticflickr.com/2/1505/25543273530_fc3cbde9c7_o.png)
![uTorrent.crt](https://c2.staticflickr.com/2/1562/26314218545_d0160a6513_o.png)
![Could not establish...](https://c2.staticflickr.com/2/1500/25213454164_b030a52456_o.png)
![Certificate deteails](https://c2.staticflickr.com/2/1602/26221926422_53c41055ca_o.png)
![Accept the certificate?](https://c2.staticflickr.com/2/1539/25817919246_2eb475ccbf_o.png)
![Alias](https://c2.staticflickr.com/2/1673/25217386103_675d0ee11b_o.png)
![Import sucessful](https://c2.staticflickr.com/2/1712/25843963385_c8bd635e7f_o.png)
![Imported certificate](https://c2.staticflickr.com/2/1537/25843963425_587aba4cd4_o.png)
![Save Keystore](https://c2.staticflickr.com/2/1669/25817919406_816bbb7ddb_o.png)
![Set Keystore Password](https://c2.staticflickr.com/2/1644/25843963465_560e97e273_o.png)
![Save Keystore As](https://c2.staticflickr.com/2/1519/25711617413_9c938eb2ca_o.png)
</details>

###Creating the BKS keystore using keytool

Download the latest Bouncy Castle Provider from <a href="https://www.bouncycastle.org/latest_releases.html" target="_blank">here</a>. This examples uses version jdk15on-154

wget https://www.bouncycastle.org/download/bcprov-jdk15on-154.jar

keytool -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ./bcprov-jdk15on-154.jar -importcert -v -trustcacerts -file utorrent.crt -alias your.domain.com -keystore utorrent.bks -storetype BKS -storepass 'testtest'


###Using the BKS keystore in youTorrent Controller

1. In Settings configure your hostname
2. And then go to Advanced settings
3. In Advanced,  enable the https
4. Then touch on Self-signed certificate keystore
<BR/>
<BR/>
   ![Settings](https://c2.staticflickr.com/2/1688/25711935033_caacc0207d.jpg)
   ![Enable https](https://c2.staticflickr.com/2/1669/26248453871_94d6ef0820.jpg)
<BR/>
<BR/>
5. Browse to the directory paths where the keystore was saved
6. Choose the keystore file
<BR/>
<BR/>
   ![Download directory](https://c2.staticflickr.com/2/1566/26314764155_80924d70cf.jpg)
   ![Keystore](https://c2.staticflickr.com/2/1657/26314694575_1d6979ffdb.jpg)
<BR/>
<BR/>
7. Check you chose the correct keystore file
8. Set your keystore password (or leave it b kank if apply)
<BR/>
<BR/>
   ![Checking and keystore password](https://c2.staticflickr.com/2/1564/26288750046_84978c5f25.jpg)
<BR/>

### References ###
	
* <a href="http://www.akadia.com/services/ssh_test_certificate.html" target="_blank">How to create a self-signed SSL Certificate</a>
* <a href="http://stackoverflow.com/questions/4065379/how-to-create-a-bks-bouncycastle-format-java-keystore-that-contains-a-client-c" target="_blank">How to create a BKS (BouncyCastle) format Java Keystore that contains a client certificate chain</a>
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️