NanoHTTPD server in Android with SSL: "Wrong version of key store"

Question

I'm trying to run a HTTPS server in Android with NanoHTTPD and I'm obtaining the IOException "Wrong version of key store". Explication:

HTTP work fine

When use HTTP (no HTTPS) all work fine, my code:

try {
    WebServer webServer = new WebServer(8080);
    webServer.start();
} catch (Exception e) {
    e.printStackTrace();
}

HTTPS DON'T work

Like the documentation say, I'm generating the certificate with:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass mypassword -validity 360 -keysize 2048 -ext SAN=DNS:localhost,IP:127.0.0.1  -validity 9999    

Test 1 (nothing happens):

try {
    WebServer webServer = new WebServer(443);
    webServer.makeSecure(NanoHTTPD.makeSSLSocketFactory("src/main/resources/keystore.jks",
        "mypassword".toCharArray()), null);
    webServer.start();
} catch (Exception e) {
    e.printStackTrace();
}

Test 2 (IOException):

try {
    NanoHTTPD secureAppServer = new WebServer(9043);
    File f = new File("src/main/resources/keystore.jks");
    System.setProperty("javax.net.ssl.trustStore", f.getAbsolutePath());
    secureAppServer.setServerSocketFactory(new NanoHTTPD.SecureServerSocketFactory(
        NanoHTTPD.makeSSLSocketFactory("/" + f.getName(), "mypassword".toCharArray()), null));
    secureAppServer.start();
} catch (IOException e) {
    Log.d("WebServer", "IOException e: " + e.getMessage());
    e.printStackTrace();
}

Any idea? Maybe I can fix this problem generating the certificate with other way, but I don't know how.

Thanks!

Answer 1

Easiest way to solve (guaranteed to work for Android, as of Oct 2021) is to switch from your existing Java KeyStore to BouncyCastle KeyStore (BKS) using KeyStore Explorer (downloadable executable for Mac & Windows available online).

Open your KeyStore file, and then use KeyStore Explorer to switch to BKS.