You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Hossein Dehghanpoor <ho...@gmail.com> on 2017/11/21 19:04:23 UTC
self signed https problem
hello maxim
i have tried to setup self signed https on my om
according to this link:
https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-signed_certificate
i need tow cert files and one key file, iam i right?
so how can i generate ca.cert and red5.cert??
i got confused :))
and one thing more, can i integrate nginx and om?
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
I'm not sure I understand the question
sorry
On Sun, Nov 26, 2017 at 3:30 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> hello
> ok then.
> im going to calculate these statitics.
> im planning a big meeting for my students.
> i will let you know the results...
> one thing that i think i will have problem with that, is the delay for
> sharing desktop.
>
> do you have any plans for that?
>
> On Nov 25, 2017 13:38, "Maxim Solodovnik" <so...@gmail.com> wrote:
>
>> Not sure I understand your question :(
>> We don't have much people for testing :(
>> This is why I ask users to test using our demo ....
>>
>> WBR, Maxim
>> (from mobile, sorry for the typos)
>>
>> On Nov 25, 2017 02:43, "Hossein Dehghanpoor" <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> this is such a wow.
>>> so hame you tested how much attendees need how much RAM or CPU core?
>>>
>>> On Nov 24, 2017 18:54, "Maxim Solodovnik" <so...@gmail.com> wrote:
>>>
>>>> 8x Core(TM) i7 CPU 950 @ 3.07GHz
>>>> 24GB RAM
>>>> ;)
>>>>
>>>> On Fri, Nov 24, 2017 at 6:32 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> i tired almost every thing to set ssl :))
>>>>>
>>>>> that was really confusing...
>>>>>
>>>>> any way thank you..
>>>>>
>>>>>
>>>>> whats the hardware configuration for this server that you setup? ->
>>>>> om.alteametasoft.com
>>>>> it seems to be powerfull
>>>>>
>>>>>
>>>>> On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <
>>>>> solomax666@gmail.com> wrote:
>>>>>
>>>>>> great :)
>>>>>>
>>>>>> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> OK maxim
>>>>>>> it is solved and ok.
>>>>>>> thank you
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> this is mine httpd reverse proxy
>>>>>>>>
>>>>>>>> <IfModule mod_ssl.c>
>>>>>>>> #NameVirtualHost *:443
>>>>>>>> ProxyRequests Off
>>>>>>>> <VirtualHost *:80>
>>>>>>>> ServerAdmin info@saba-co.net
>>>>>>>> ServerName elearning.saba-co.net
>>>>>>>> ProxyPreserveHost On
>>>>>>>> RewriteEngine on
>>>>>>>> #CacheDisable "https://elearning.saba-co.net/"
>>>>>>>> # Redirect http traffic to https
>>>>>>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>>>>>>> </VirtualHost>
>>>>>>>> <VirtualHost *:443>
>>>>>>>> ServerAdmin info@saba-co.net
>>>>>>>> ServerName elearning.saba-co.net
>>>>>>>> SSLEngine on
>>>>>>>> SSLProxyEngine On
>>>>>>>> RequestHeader set Front-End-Https "On"
>>>>>>>> ProxyPreserveHost On
>>>>>>>> RewriteEngine on
>>>>>>>> CacheDisable "http://elearning.saba-co.net/"
>>>>>>>> #Reverse proxy all requests
>>>>>>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>>>>>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>>>>>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>>>>>>> SetEnvIf User-Agent ".*MSIE.*" \
>>>>>>>> nokeepalive ssl-unclean-shutdown \
>>>>>>>> downgrade-1.0 force-response-1.0
>>>>>>>> </VirtualHost>
>>>>>>>> </IfModule>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> i think that the problem is in reversed proxy..
>>>>>>>>>
>>>>>>>>> can any one help me to solve this issue?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> the only logs that i see are these:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>>>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>>>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>>>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>>>>>>
>>>>>>>>>>> that problem is ok.
>>>>>>>>>>>
>>>>>>>>>>> but another thing happen :((
>>>>>>>>>>>
>>>>>>>>>>> that error does not occure any more, but when i try to login,
>>>>>>>>>>> nothing happen and the page just gets refreshed..
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> yes. right now im using reversed proxy by httpd. the problem
>>>>>>>>>>>> which now im facing, is i can not get login and this is the log.
>>>>>>>>>>>>
>>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1]
>>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3]
>>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)"
>>>>>>>>>>>>> Is this the case?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Maxim
>>>>>>>>>>>>>> I have checked that.
>>>>>>>>>>>>>> it is said that: add '<property name="secure" value="true"
>>>>>>>>>>>>>> />' to ../conf/jee-container.xml right before '<property
>>>>>>>>>>>>>> name="connectionProperties">'
>>>>>>>>>>>>>> but this value, exists in "jee-container.xml" and the
>>>>>>>>>>>>>> problem still exists.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> do any thing else should i do?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> ?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Nik
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>>>>>>> ail.com]
>>>>>>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate
>>>>>>>>>>>>>>>>> and Intermediate cert as one file* - so because of this i
>>>>>>>>>>>>>>>>> removed some parts of the commands )
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key
>>>>>>>>>>>>>>>>> -out red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 7- keytool -import -alias root -keystore
>>>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file root.crt
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>>>>>>> connection
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> https://openmeetings.apache.or
>>>>>>>>>>>>>>>>> g/RTMPSAndHTTPS.html#Self-signed_certificate
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> WBR
>>>>>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> WBR
>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
hello
ok then.
im going to calculate these statitics.
im planning a big meeting for my students.
i will let you know the results...
one thing that i think i will have problem with that, is the delay for
sharing desktop.
do you have any plans for that?
On Nov 25, 2017 13:38, "Maxim Solodovnik" <so...@gmail.com> wrote:
> Not sure I understand your question :(
> We don't have much people for testing :(
> This is why I ask users to test using our demo ....
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Nov 25, 2017 02:43, "Hossein Dehghanpoor" <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> this is such a wow.
>> so hame you tested how much attendees need how much RAM or CPU core?
>>
>> On Nov 24, 2017 18:54, "Maxim Solodovnik" <so...@gmail.com> wrote:
>>
>>> 8x Core(TM) i7 CPU 950 @ 3.07GHz
>>> 24GB RAM
>>> ;)
>>>
>>> On Fri, Nov 24, 2017 at 6:32 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> i tired almost every thing to set ssl :))
>>>>
>>>> that was really confusing...
>>>>
>>>> any way thank you..
>>>>
>>>>
>>>> whats the hardware configuration for this server that you setup? ->
>>>> om.alteametasoft.com
>>>> it seems to be powerfull
>>>>
>>>>
>>>> On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <solomax666@gmail.com
>>>> > wrote:
>>>>
>>>>> great :)
>>>>>
>>>>> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> OK maxim
>>>>>> it is solved and ok.
>>>>>> thank you
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> this is mine httpd reverse proxy
>>>>>>>
>>>>>>> <IfModule mod_ssl.c>
>>>>>>> #NameVirtualHost *:443
>>>>>>> ProxyRequests Off
>>>>>>> <VirtualHost *:80>
>>>>>>> ServerAdmin info@saba-co.net
>>>>>>> ServerName elearning.saba-co.net
>>>>>>> ProxyPreserveHost On
>>>>>>> RewriteEngine on
>>>>>>> #CacheDisable "https://elearning.saba-co.net/"
>>>>>>> # Redirect http traffic to https
>>>>>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>>>>>> </VirtualHost>
>>>>>>> <VirtualHost *:443>
>>>>>>> ServerAdmin info@saba-co.net
>>>>>>> ServerName elearning.saba-co.net
>>>>>>> SSLEngine on
>>>>>>> SSLProxyEngine On
>>>>>>> RequestHeader set Front-End-Https "On"
>>>>>>> ProxyPreserveHost On
>>>>>>> RewriteEngine on
>>>>>>> CacheDisable "http://elearning.saba-co.net/"
>>>>>>> #Reverse proxy all requests
>>>>>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>>>>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>>>>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>>>>>> SetEnvIf User-Agent ".*MSIE.*" \
>>>>>>> nokeepalive ssl-unclean-shutdown \
>>>>>>> downgrade-1.0 force-response-1.0
>>>>>>> </VirtualHost>
>>>>>>> </IfModule>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> i think that the problem is in reversed proxy..
>>>>>>>>
>>>>>>>> can any one help me to solve this issue?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> the only logs that i see are these:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>>>>>
>>>>>>>>>> that problem is ok.
>>>>>>>>>>
>>>>>>>>>> but another thing happen :((
>>>>>>>>>>
>>>>>>>>>> that error does not occure any more, but when i try to login,
>>>>>>>>>> nothing happen and the page just gets refreshed..
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> yes. right now im using reversed proxy by httpd. the problem
>>>>>>>>>>> which now im facing, is i can not get login and this is the log.
>>>>>>>>>>>
>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1]
>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3]
>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is
>>>>>>>>>>>> this the case?
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Maxim
>>>>>>>>>>>>> I have checked that.
>>>>>>>>>>>>> it is said that: add '<property name="secure" value="true"
>>>>>>>>>>>>> />' to ../conf/jee-container.xml right before '<property
>>>>>>>>>>>>> name="connectionProperties">'
>>>>>>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>>>>>>> exists.
>>>>>>>>>>>>>
>>>>>>>>>>>>> do any thing else should i do?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Nik
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>>>>>> ail.com]
>>>>>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate
>>>>>>>>>>>>>>>> and Intermediate cert as one file* - so because of this i
>>>>>>>>>>>>>>>> removed some parts of the commands )
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key
>>>>>>>>>>>>>>>> -out red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 7- keytool -import -alias root -keystore
>>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file root.crt
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>>>>>> connection
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> https://openmeetings.apache.or
>>>>>>>>>>>>>>>> g/RTMPSAndHTTPS.html#Self-signed_certificate
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> WBR
>>>>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> WBR
>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
Not sure I understand your question :(
We don't have much people for testing :(
This is why I ask users to test using our demo ....
WBR, Maxim
(from mobile, sorry for the typos)
On Nov 25, 2017 02:43, "Hossein Dehghanpoor" <ho...@gmail.com>
wrote:
> this is such a wow.
> so hame you tested how much attendees need how much RAM or CPU core?
>
> On Nov 24, 2017 18:54, "Maxim Solodovnik" <so...@gmail.com> wrote:
>
>> 8x Core(TM) i7 CPU 950 @ 3.07GHz
>> 24GB RAM
>> ;)
>>
>> On Fri, Nov 24, 2017 at 6:32 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> i tired almost every thing to set ssl :))
>>>
>>> that was really confusing...
>>>
>>> any way thank you..
>>>
>>>
>>> whats the hardware configuration for this server that you setup? ->
>>> om.alteametasoft.com
>>> it seems to be powerfull
>>>
>>>
>>> On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> great :)
>>>>
>>>> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> OK maxim
>>>>> it is solved and ok.
>>>>> thank you
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> this is mine httpd reverse proxy
>>>>>>
>>>>>> <IfModule mod_ssl.c>
>>>>>> #NameVirtualHost *:443
>>>>>> ProxyRequests Off
>>>>>> <VirtualHost *:80>
>>>>>> ServerAdmin info@saba-co.net
>>>>>> ServerName elearning.saba-co.net
>>>>>> ProxyPreserveHost On
>>>>>> RewriteEngine on
>>>>>> #CacheDisable "https://elearning.saba-co.net/"
>>>>>> # Redirect http traffic to https
>>>>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>>>>> </VirtualHost>
>>>>>> <VirtualHost *:443>
>>>>>> ServerAdmin info@saba-co.net
>>>>>> ServerName elearning.saba-co.net
>>>>>> SSLEngine on
>>>>>> SSLProxyEngine On
>>>>>> RequestHeader set Front-End-Https "On"
>>>>>> ProxyPreserveHost On
>>>>>> RewriteEngine on
>>>>>> CacheDisable "http://elearning.saba-co.net/"
>>>>>> #Reverse proxy all requests
>>>>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>>>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>>>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>>>>> SetEnvIf User-Agent ".*MSIE.*" \
>>>>>> nokeepalive ssl-unclean-shutdown \
>>>>>> downgrade-1.0 force-response-1.0
>>>>>> </VirtualHost>
>>>>>> </IfModule>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> i think that the problem is in reversed proxy..
>>>>>>>
>>>>>>> can any one help me to solve this issue?
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> the only logs that i see are these:
>>>>>>>>
>>>>>>>>
>>>>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>>>>
>>>>>>>>> that problem is ok.
>>>>>>>>>
>>>>>>>>> but another thing happen :((
>>>>>>>>>
>>>>>>>>> that error does not occure any more, but when i try to login,
>>>>>>>>> nothing happen and the page just gets refreshed..
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> yes. right now im using reversed proxy by httpd. the problem
>>>>>>>>>> which now im facing, is i can not get login and this is the log.
>>>>>>>>>>
>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1]
>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3]
>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with
>>>>>>>>>> error 400 Origin does not correspond to request
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is
>>>>>>>>>>> this the case?
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Maxim
>>>>>>>>>>>> I have checked that.
>>>>>>>>>>>> it is said that: add '<property name="secure" value="true"
>>>>>>>>>>>> />' to ../conf/jee-container.xml right before '<property
>>>>>>>>>>>> name="connectionProperties">'
>>>>>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>>>>>> exists.
>>>>>>>>>>>>
>>>>>>>>>>>> do any thing else should i do?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Nik
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>>>>> ail.com]
>>>>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>>>>>>> Intermediate cert as one file* - so because of this i
>>>>>>>>>>>>>>> removed some parts of the commands )
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 7- keytool -import -alias root -keystore
>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file root.crt
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>>>>> connection
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>>>>>>> ed_certificate
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> WBR
>>>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> WBR
>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
this is such a wow.
so hame you tested how much attendees need how much RAM or CPU core?
On Nov 24, 2017 18:54, "Maxim Solodovnik" <so...@gmail.com> wrote:
> 8x Core(TM) i7 CPU 950 @ 3.07GHz
> 24GB RAM
> ;)
>
> On Fri, Nov 24, 2017 at 6:32 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> i tired almost every thing to set ssl :))
>>
>> that was really confusing...
>>
>> any way thank you..
>>
>>
>> whats the hardware configuration for this server that you setup? ->
>> om.alteametasoft.com
>> it seems to be powerfull
>>
>>
>> On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> great :)
>>>
>>> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> OK maxim
>>>> it is solved and ok.
>>>> thank you
>>>>
>>>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> this is mine httpd reverse proxy
>>>>>
>>>>> <IfModule mod_ssl.c>
>>>>> #NameVirtualHost *:443
>>>>> ProxyRequests Off
>>>>> <VirtualHost *:80>
>>>>> ServerAdmin info@saba-co.net
>>>>> ServerName elearning.saba-co.net
>>>>> ProxyPreserveHost On
>>>>> RewriteEngine on
>>>>> #CacheDisable "https://elearning.saba-co.net/"
>>>>> # Redirect http traffic to https
>>>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>>>> </VirtualHost>
>>>>> <VirtualHost *:443>
>>>>> ServerAdmin info@saba-co.net
>>>>> ServerName elearning.saba-co.net
>>>>> SSLEngine on
>>>>> SSLProxyEngine On
>>>>> RequestHeader set Front-End-Https "On"
>>>>> ProxyPreserveHost On
>>>>> RewriteEngine on
>>>>> CacheDisable "http://elearning.saba-co.net/"
>>>>> #Reverse proxy all requests
>>>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>>>> SetEnvIf User-Agent ".*MSIE.*" \
>>>>> nokeepalive ssl-unclean-shutdown \
>>>>> downgrade-1.0 force-response-1.0
>>>>> </VirtualHost>
>>>>> </IfModule>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> i think that the problem is in reversed proxy..
>>>>>>
>>>>>> can any one help me to solve this issue?
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> the only logs that i see are these:
>>>>>>>
>>>>>>>
>>>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>>>
>>>>>>>> that problem is ok.
>>>>>>>>
>>>>>>>> but another thing happen :((
>>>>>>>>
>>>>>>>> that error does not occure any more, but when i try to login,
>>>>>>>> nothing happen and the page just gets refreshed..
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> yes. right now im using reversed proxy by httpd. the problem which
>>>>>>>>> now im facing, is i can not get login and this is the log.
>>>>>>>>>
>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1]
>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>>> 400 Origin does not correspond to request
>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3]
>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>>> 400 Origin does not correspond to request
>>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>>> 400 Origin does not correspond to request
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is
>>>>>>>>>> this the case?
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Maxim
>>>>>>>>>>> I have checked that.
>>>>>>>>>>> it is said that: add '<property name="secure" value="true"
>>>>>>>>>>> />' to ../conf/jee-container.xml right before '<property
>>>>>>>>>>> name="connectionProperties">'
>>>>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>>>>> exists.
>>>>>>>>>>>
>>>>>>>>>>> do any thing else should i do?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Nik
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>>>> ail.com]
>>>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>>>>>> Intermediate cert as one file* - so because of this i
>>>>>>>>>>>>>> removed some parts of the commands )
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 7- keytool -import -alias root -keystore
>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file root.crt
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>>>> connection
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>>>>>> ed_certificate
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> WBR
>>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> WBR
>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
8x Core(TM) i7 CPU 950 @ 3.07GHz
24GB RAM
;)
On Fri, Nov 24, 2017 at 6:32 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> i tired almost every thing to set ssl :))
>
> that was really confusing...
>
> any way thank you..
>
>
> whats the hardware configuration for this server that you setup? ->
> om.alteametasoft.com
> it seems to be powerfull
>
>
> On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> great :)
>>
>> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> OK maxim
>>> it is solved and ok.
>>> thank you
>>>
>>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> this is mine httpd reverse proxy
>>>>
>>>> <IfModule mod_ssl.c>
>>>> #NameVirtualHost *:443
>>>> ProxyRequests Off
>>>> <VirtualHost *:80>
>>>> ServerAdmin info@saba-co.net
>>>> ServerName elearning.saba-co.net
>>>> ProxyPreserveHost On
>>>> RewriteEngine on
>>>> #CacheDisable "https://elearning.saba-co.net/"
>>>> # Redirect http traffic to https
>>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>>> </VirtualHost>
>>>> <VirtualHost *:443>
>>>> ServerAdmin info@saba-co.net
>>>> ServerName elearning.saba-co.net
>>>> SSLEngine on
>>>> SSLProxyEngine On
>>>> RequestHeader set Front-End-Https "On"
>>>> ProxyPreserveHost On
>>>> RewriteEngine on
>>>> CacheDisable "http://elearning.saba-co.net/"
>>>> #Reverse proxy all requests
>>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>>> SetEnvIf User-Agent ".*MSIE.*" \
>>>> nokeepalive ssl-unclean-shutdown \
>>>> downgrade-1.0 force-response-1.0
>>>> </VirtualHost>
>>>> </IfModule>
>>>>
>>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> i think that the problem is in reversed proxy..
>>>>>
>>>>> can any one help me to solve this issue?
>>>>>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> the only logs that i see are these:
>>>>>>
>>>>>>
>>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>>
>>>>>>> that problem is ok.
>>>>>>>
>>>>>>> but another thing happen :((
>>>>>>>
>>>>>>> that error does not occure any more, but when i try to login,
>>>>>>> nothing happen and the page just gets refreshed..
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> yes. right now im using reversed proxy by httpd. the problem which
>>>>>>>> now im facing, is i can not get login and this is the log.
>>>>>>>>
>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack,
>>>>>>>> request URL: http://elearning.saba-co.
>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>> 400 Origin does not correspond to request
>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack,
>>>>>>>> request URL: http://elearning.saba-co.
>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>> 400 Origin does not correspond to request
>>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>>> 400 Origin does not correspond to request
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is
>>>>>>>>> this the case?
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Maxim
>>>>>>>>>> I have checked that.
>>>>>>>>>> it is said that: add '<property name="secure" value="true" />'
>>>>>>>>>> to ../conf/jee-container.xml right before '<property
>>>>>>>>>> name="connectionProperties">'
>>>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>>>> exists.
>>>>>>>>>>
>>>>>>>>>> do any thing else should i do?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>>
>>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>>
>>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>>
>>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>>
>>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>>
>>>>>>>>>>>>> ?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Nik
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>>> ail.com]
>>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>>
>>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>>
>>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>>
>>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>>
>>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>>>>> Intermediate cert as one file* - so because of this i removed
>>>>>>>>>>>>> some parts of the commands )
>>>>>>>>>>>>>
>>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>>
>>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>>
>>>>>>>>>>>>> 7- keytool -import -alias root -keystore
>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file root.crt
>>>>>>>>>>>>>
>>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>>
>>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>>
>>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>>
>>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>>> connection
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>>
>>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>>
>>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>>
>>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>>>>> ed_certificate
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>>
>>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>>
>>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> WBR
>>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> WBR
>>>>>>>>> Maxim aka solomax
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
i tired almost every thing to set ssl :))
that was really confusing...
any way thank you..
whats the hardware configuration for this server that you setup? ->
om.alteametasoft.com
it seems to be powerfull
On Fri, Nov 24, 2017 at 6:08 AM, Maxim Solodovnik <so...@gmail.com>
wrote:
> great :)
>
> On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> OK maxim
>> it is solved and ok.
>> thank you
>>
>> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> this is mine httpd reverse proxy
>>>
>>> <IfModule mod_ssl.c>
>>> #NameVirtualHost *:443
>>> ProxyRequests Off
>>> <VirtualHost *:80>
>>> ServerAdmin info@saba-co.net
>>> ServerName elearning.saba-co.net
>>> ProxyPreserveHost On
>>> RewriteEngine on
>>> #CacheDisable "https://elearning.saba-co.net/"
>>> # Redirect http traffic to https
>>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>>> </VirtualHost>
>>> <VirtualHost *:443>
>>> ServerAdmin info@saba-co.net
>>> ServerName elearning.saba-co.net
>>> SSLEngine on
>>> SSLProxyEngine On
>>> RequestHeader set Front-End-Https "On"
>>> ProxyPreserveHost On
>>> RewriteEngine on
>>> CacheDisable "http://elearning.saba-co.net/"
>>> #Reverse proxy all requests
>>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>>> SetEnvIf User-Agent ".*MSIE.*" \
>>> nokeepalive ssl-unclean-shutdown \
>>> downgrade-1.0 force-response-1.0
>>> </VirtualHost>
>>> </IfModule>
>>>
>>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> i think that the problem is in reversed proxy..
>>>>
>>>> can any one help me to solve this issue?
>>>>
>>>>
>>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> the only logs that i see are these:
>>>>>
>>>>>
>>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> sorry there were two <property name="connectionProperties">.
>>>>>>
>>>>>> that problem is ok.
>>>>>>
>>>>>> but another thing happen :((
>>>>>>
>>>>>> that error does not occure any more, but when i try to login, nothing
>>>>>> happen and the page just gets refreshed..
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> yes. right now im using reversed proxy by httpd. the problem which
>>>>>>> now im facing, is i can not get login and this is the log.
>>>>>>>
>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack,
>>>>>>> request URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>>>> -co.net, action: aborted with error 400 Origin does not correspond
>>>>>>> to request
>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack,
>>>>>>> request URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>>>> -co.net, action: aborted with error 400 Origin does not correspond
>>>>>>> to request
>>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10]
>>>>>>> org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener
>>>>>>> - Possible CSRF attack, request URL: http://elearning.saba-co.
>>>>>>> net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pag
>>>>>>> es.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
>>>>>>> Origin: https://elearning.saba-co.net, action: aborted with error
>>>>>>> 400 Origin does not correspond to request
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>
>>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is
>>>>>>>> this the case?
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hello Maxim
>>>>>>>>> I have checked that.
>>>>>>>>> it is said that: add '<property name="secure" value="true" />'
>>>>>>>>> to ../conf/jee-container.xml right before '<property
>>>>>>>>> name="connectionProperties">'
>>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>>> exists.
>>>>>>>>>
>>>>>>>>> do any thing else should i do?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Dear Maxim,
>>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>>> *Yes I done that.*
>>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>>
>>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>>
>>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>>
>>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>>
>>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>>
>>>>>>>>>>>> ?
>>>>>>>>>>>>
>>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Nik
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>>> ail.com]
>>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> hola maxim
>>>>>>>>>>>>
>>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> here are my steps:
>>>>>>>>>>>>
>>>>>>>>>>>> 1- create key
>>>>>>>>>>>>
>>>>>>>>>>>> 2- create csr
>>>>>>>>>>>>
>>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>>
>>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>>>> Intermediate cert as one file* - so because of this i removed
>>>>>>>>>>>> some parts of the commands )
>>>>>>>>>>>>
>>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>>
>>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>>
>>>>>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>>>>>>> -trustcacerts -file root.crt
>>>>>>>>>>>>
>>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>>
>>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>>
>>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>>
>>>>>>>>>>>> but the connection got refused when i try to get https
>>>>>>>>>>>> connection
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> You can google it :))
>>>>>>>>>>>>
>>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> hello maxim
>>>>>>>>>>>>
>>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>>
>>>>>>>>>>>> according to this link:
>>>>>>>>>>>>
>>>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>>>> ed_certificate
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>>
>>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>>
>>>>>>>>>>>> i got confused :))
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> WBR
>>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> WBR
>>>>>>>> Maxim aka solomax
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
great :)
On Fri, Nov 24, 2017 at 2:54 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> OK maxim
> it is solved and ok.
> thank you
>
> On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> this is mine httpd reverse proxy
>>
>> <IfModule mod_ssl.c>
>> #NameVirtualHost *:443
>> ProxyRequests Off
>> <VirtualHost *:80>
>> ServerAdmin info@saba-co.net
>> ServerName elearning.saba-co.net
>> ProxyPreserveHost On
>> RewriteEngine on
>> #CacheDisable "https://elearning.saba-co.net/"
>> # Redirect http traffic to https
>> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
>> </VirtualHost>
>> <VirtualHost *:443>
>> ServerAdmin info@saba-co.net
>> ServerName elearning.saba-co.net
>> SSLEngine on
>> SSLProxyEngine On
>> RequestHeader set Front-End-Https "On"
>> ProxyPreserveHost On
>> RewriteEngine on
>> CacheDisable "http://elearning.saba-co.net/"
>> #Reverse proxy all requests
>> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
>> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
>> SSLCertificateKeyFile /etc/pki/tls/private/server.key
>> SetEnvIf User-Agent ".*MSIE.*" \
>> nokeepalive ssl-unclean-shutdown \
>> downgrade-1.0 force-response-1.0
>> </VirtualHost>
>> </IfModule>
>>
>> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> i think that the problem is in reversed proxy..
>>>
>>> can any one help me to solve this issue?
>>>
>>>
>>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> the only logs that i see are these:
>>>>
>>>>
>>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>>
>>>>
>>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> sorry there were two <property name="connectionProperties">.
>>>>>
>>>>> that problem is ok.
>>>>>
>>>>> but another thing happen :((
>>>>>
>>>>> that error does not occure any more, but when i try to login, nothing
>>>>> happen and the page just gets refreshed..
>>>>>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> yes. right now im using reversed proxy by httpd. the problem which
>>>>>> now im facing, is i can not get login and this is the log.
>>>>>>
>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>>> -co.net, action: aborted with error 400 Origin does not correspond
>>>>>> to request
>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>>> -co.net, action: aborted with error 400 Origin does not correspond
>>>>>> to request
>>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
>>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>>> -co.net, action: aborted with error 400 Origin does not correspond
>>>>>> to request
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>>> solomax666@gmail.com> wrote:
>>>>>>
>>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this
>>>>>>> the case?
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello Maxim
>>>>>>>> I have checked that.
>>>>>>>> it is said that: add '<property name="secure" value="true" />'
>>>>>>>> to ../conf/jee-container.xml right before '<property
>>>>>>>> name="connectionProperties">'
>>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>>> exists.
>>>>>>>>
>>>>>>>> do any thing else should i do?
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hello Dear Maxim,
>>>>>>>>> Ok thank you. i will check that
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>>> *Yes I done that.*
>>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>>
>>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Hossein,
>>>>>>>>>>>
>>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>>
>>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>>
>>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>>
>>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>>
>>>>>>>>>>> ?
>>>>>>>>>>>
>>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Nik
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gm
>>>>>>>>>>> ail.com]
>>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> hola maxim
>>>>>>>>>>>
>>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> here are my steps:
>>>>>>>>>>>
>>>>>>>>>>> 1- create key
>>>>>>>>>>>
>>>>>>>>>>> 2- create csr
>>>>>>>>>>>
>>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>>
>>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>>> Intermediate cert as one file* - so because of this i removed
>>>>>>>>>>> some parts of the commands )
>>>>>>>>>>>
>>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile
>>>>>>>>>>> intermedXX.crt deleted)
>>>>>>>>>>>
>>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>>
>>>>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>>>>>> -trustcacerts -file root.crt
>>>>>>>>>>>
>>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>>
>>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>>
>>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>>
>>>>>>>>>>> but the connection got refused when i try to get https connection
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> You can google it :))
>>>>>>>>>>>
>>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>> hello maxim
>>>>>>>>>>>
>>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>>
>>>>>>>>>>> according to this link:
>>>>>>>>>>>
>>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>>> ed_certificate
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>>
>>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>>
>>>>>>>>>>> i got confused :))
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> WBR
>>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> WBR
>>>>>>> Maxim aka solomax
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
OK maxim
it is solved and ok.
thank you
On Thu, Nov 23, 2017 at 2:32 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> this is mine httpd reverse proxy
>
> <IfModule mod_ssl.c>
> #NameVirtualHost *:443
> ProxyRequests Off
> <VirtualHost *:80>
> ServerAdmin info@saba-co.net
> ServerName elearning.saba-co.net
> ProxyPreserveHost On
> RewriteEngine on
> #CacheDisable "https://elearning.saba-co.net/"
> # Redirect http traffic to https
> RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
> </VirtualHost>
> <VirtualHost *:443>
> ServerAdmin info@saba-co.net
> ServerName elearning.saba-co.net
> SSLEngine on
> SSLProxyEngine On
> RequestHeader set Front-End-Https "On"
> ProxyPreserveHost On
> RewriteEngine on
> CacheDisable "http://elearning.saba-co.net/"
> #Reverse proxy all requests
> RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
> SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
> SSLCertificateKeyFile /etc/pki/tls/private/server.key
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> </VirtualHost>
> </IfModule>
>
> On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> i think that the problem is in reversed proxy..
>>
>> can any one help me to solve this issue?
>>
>>
>> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> the only logs that i see are these:
>>>
>>>
>>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>>
>>>
>>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> sorry there were two <property name="connectionProperties">.
>>>>
>>>> that problem is ok.
>>>>
>>>> but another thing happen :((
>>>>
>>>> that error does not occure any more, but when i try to login, nothing
>>>> happen and the page just gets refreshed..
>>>>
>>>>
>>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> yes. right now im using reversed proxy by httpd. the problem which now
>>>>> im facing, is i can not get login and this is the log.
>>>>>
>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>> -co.net, action: aborted with error 400 Origin does not correspond to
>>>>> request
>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>> -co.net, action: aborted with error 400 Origin does not correspond to
>>>>> request
>>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
>>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba
>>>>> -co.net, action: aborted with error 400 Origin does not correspond to
>>>>> request
>>>>>
>>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <
>>>>> solomax666@gmail.com> wrote:
>>>>>
>>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this
>>>>>> the case?
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> Hello Maxim
>>>>>>> I have checked that.
>>>>>>> it is said that: add '<property name="secure" value="true" />' to
>>>>>>> ../conf/jee-container.xml right before '<property
>>>>>>> name="connectionProperties">'
>>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>>> exists.
>>>>>>>
>>>>>>> do any thing else should i do?
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello Dear Maxim,
>>>>>>>> Ok thank you. i will check that
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>>> *Yes I done that.*
>>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>>
>>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Hossein,
>>>>>>>>>>
>>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>>
>>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>>
>>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>>
>>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>>
>>>>>>>>>> ?
>>>>>>>>>>
>>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Nik
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>>>>>>>
>>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> hola maxim
>>>>>>>>>>
>>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> here are my steps:
>>>>>>>>>>
>>>>>>>>>> 1- create key
>>>>>>>>>>
>>>>>>>>>> 2- create csr
>>>>>>>>>>
>>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>>
>>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>>> Intermediate cert as one file* - so because of this i removed
>>>>>>>>>> some parts of the commands )
>>>>>>>>>>
>>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile intermedXX.crt
>>>>>>>>>> deleted)
>>>>>>>>>>
>>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore
>>>>>>>>>> red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>>
>>>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>>>>> -trustcacerts -file root.crt
>>>>>>>>>>
>>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>>
>>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>>
>>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>>
>>>>>>>>>> but the connection got refused when i try to get https connection
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> You can google it :))
>>>>>>>>>>
>>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>> hello maxim
>>>>>>>>>>
>>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>>
>>>>>>>>>> according to this link:
>>>>>>>>>>
>>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>>> ed_certificate
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>>
>>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>>
>>>>>>>>>> i got confused :))
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>>> WBR
>>>>>>>>>> Maxim aka solomax
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
this is mine httpd reverse proxy
<IfModule mod_ssl.c>
#NameVirtualHost *:443
ProxyRequests Off
<VirtualHost *:80>
ServerAdmin info@saba-co.net
ServerName elearning.saba-co.net
ProxyPreserveHost On
RewriteEngine on
#CacheDisable "https://elearning.saba-co.net/"
# Redirect http traffic to https
RewriteRule ^/(.*) https://elearning.saba-co.net/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin info@saba-co.net
ServerName elearning.saba-co.net
SSLEngine on
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPreserveHost On
RewriteEngine on
CacheDisable "http://elearning.saba-co.net/"
#Reverse proxy all requests
RewriteRule ^/(.*) http://elearning.saba-co.net:5080/ersa/$1 [P]
SSLCertificateFile /etc/pki/tls/certs/Cert_bundle.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
On Thu, Nov 23, 2017 at 2:31 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> i think that the problem is in reversed proxy..
>
> can any one help me to solve this issue?
>
>
> On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> the only logs that i see are these:
>>
>>
>> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
>> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
>> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
>> [0.0-5080-exec-3] - getActiveLdapConfigs
>>
>>
>> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> sorry there were two <property name="connectionProperties">.
>>>
>>> that problem is ok.
>>>
>>> but another thing happen :((
>>>
>>> that error does not occure any more, but when i try to login, nothing
>>> happen and the page just gets refreshed..
>>>
>>>
>>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> yes. right now im using reversed proxy by httpd. the problem which now
>>>> im facing, is i can not get login and this is the log.
>>>>
>>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>>> action: aborted with error 400 Origin does not correspond to request
>>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>>> action: aborted with error 400 Origin does not correspond to request
>>>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
>>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>>> action: aborted with error 400 Origin does not correspond to request
>>>>
>>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <solomax666@gmail.com
>>>> > wrote:
>>>>
>>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this
>>>>> the case?
>>>>>
>>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> Hello Maxim
>>>>>> I have checked that.
>>>>>> it is said that: add '<property name="secure" value="true" />' to
>>>>>> ../conf/jee-container.xml right before '<property
>>>>>> name="connectionProperties">'
>>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>>> exists.
>>>>>>
>>>>>> do any thing else should i do?
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> Hello Dear Maxim,
>>>>>>> Ok thank you. i will check that
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>>> *Hello Dear Yakovlev,*
>>>>>>>> *Yes I done that.*
>>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>>
>>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>>
>>>>>>>>> Hello Hossein,
>>>>>>>>>
>>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>>
>>>>>>>>> rtmps.keystorepass=...
>>>>>>>>>
>>>>>>>>> rtmps.truststorepass=...
>>>>>>>>>
>>>>>>>>> jmx.keystorepass=...
>>>>>>>>>
>>>>>>>>> ?
>>>>>>>>>
>>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Nik
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>>>>>>
>>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>>> *To:* Openmeetings user-list
>>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> hola maxim
>>>>>>>>>
>>>>>>>>> i googled a lot and did some thing.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> here are my steps:
>>>>>>>>>
>>>>>>>>> 1- create key
>>>>>>>>>
>>>>>>>>> 2- create csr
>>>>>>>>>
>>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>>
>>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>>> Intermediate cert as one file* - so because of this i removed
>>>>>>>>> some parts of the commands )
>>>>>>>>>
>>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile intermedXX.crt
>>>>>>>>> deleted)
>>>>>>>>>
>>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>>>>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>>
>>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>>>> -trustcacerts -file root.crt
>>>>>>>>>
>>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>>
>>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>>
>>>>>>>>> 10- and server is listening on 443
>>>>>>>>>
>>>>>>>>> but the connection got refused when i try to get https connection
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> You can google it :))
>>>>>>>>>
>>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> hello maxim
>>>>>>>>>
>>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>>
>>>>>>>>> according to this link:
>>>>>>>>>
>>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>>> ed_certificate
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>>
>>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>>
>>>>>>>>> i got confused :))
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> WBR
>>>>>>>>> Maxim aka solomax
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>
>>>>
>>>
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
i think that the problem is in reversed proxy..
can any one help me to solve this issue?
On Thu, Nov 23, 2017 at 2:23 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> the only logs that i see are these:
>
>
> DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
> [0.0-5080-exec-4] - Level Admin :: [GRANTED]
> DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
> [0.0-5080-exec-3] - getActiveLdapConfigs
>
>
> On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> sorry there were two <property name="connectionProperties">.
>>
>> that problem is ok.
>>
>> but another thing happen :((
>>
>> that error does not occure any more, but when i try to login, nothing
>> happen and the page just gets refreshed..
>>
>>
>> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> yes. right now im using reversed proxy by httpd. the problem which now
>>> im facing, is i can not get login and this is the log.
>>>
>>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>> action: aborted with error 400 Origin does not correspond to request
>>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>> action: aborted with error 400 Origin does not correspond to request
>>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
>>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>>> action: aborted with error 400 Origin does not correspond to request
>>>
>>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this
>>>> the case?
>>>>
>>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> Hello Maxim
>>>>> I have checked that.
>>>>> it is said that: add '<property name="secure" value="true" />' to
>>>>> ../conf/jee-container.xml right before '<property
>>>>> name="connectionProperties">'
>>>>> but this value, exists in "jee-container.xml" and the problem still
>>>>> exists.
>>>>>
>>>>> do any thing else should i do?
>>>>>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> Hello Dear Maxim,
>>>>>> Ok thank you. i will check that
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>>> *Hello Dear Yakovlev,*
>>>>>>> *Yes I done that.*
>>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>>
>>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <
>>>>>>> yakovlev_nd@krvostok.ru> wrote:
>>>>>>>
>>>>>>>> Hello Hossein,
>>>>>>>>
>>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>>
>>>>>>>> rtmps.keystorepass=...
>>>>>>>>
>>>>>>>> rtmps.truststorepass=...
>>>>>>>>
>>>>>>>> jmx.keystorepass=...
>>>>>>>>
>>>>>>>> ?
>>>>>>>>
>>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Nik
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>>> *To:* Openmeetings user-list
>>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> hola maxim
>>>>>>>>
>>>>>>>> i googled a lot and did some thing.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> here are my steps:
>>>>>>>>
>>>>>>>> 1- create key
>>>>>>>>
>>>>>>>> 2- create csr
>>>>>>>>
>>>>>>>> 3- request a CA to sign my csr
>>>>>>>>
>>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>>> Intermediate cert as one file* - so because of this i removed some
>>>>>>>> parts of the commands )
>>>>>>>>
>>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile intermedXX.crt
>>>>>>>> deleted)
>>>>>>>>
>>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>>>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>>
>>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>>> -trustcacerts -file root.crt
>>>>>>>>
>>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>>
>>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>>
>>>>>>>> 10- and server is listening on 443
>>>>>>>>
>>>>>>>> but the connection got refused when i try to get https connection
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>
>>>>>>>> You can google it :))
>>>>>>>>
>>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>>
>>>>>>>> hello maxim
>>>>>>>>
>>>>>>>> i have tried to setup self signed https on my om
>>>>>>>>
>>>>>>>> according to this link:
>>>>>>>>
>>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>>> ed_certificate
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>>
>>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>>
>>>>>>>> i got confused :))
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> WBR
>>>>>>>> Maxim aka solomax
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
the only logs that i see are these:
DEBUG 11-23 05:53:09.781 722725 42 o.a.o.d.u.AuthLevelUtil
[0.0-5080-exec-4] - Level Admin :: [GRANTED]
DEBUG 11-23 05:53:10.190 723134 74 o.a.o.d.d.s.LdapConfigDao
[0.0-5080-exec-3] - getActiveLdapConfigs
On Thu, Nov 23, 2017 at 2:22 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> sorry there were two <property name="connectionProperties">.
>
> that problem is ok.
>
> but another thing happen :((
>
> that error does not occure any more, but when i try to login, nothing
> happen and the page just gets refreshed..
>
>
> On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> yes. right now im using reversed proxy by httpd. the problem which now im
>> facing, is i can not get login and this is the log.
>>
>> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>> action: aborted with error 400 Origin does not correspond to request
>> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>> action: aborted with error 400 Origin does not correspond to request
>> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
>> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request
>> URL: http://elearning.saba-co.net/ersa/wicket/bookmarkable/o
>> rg.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
>> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
>> action: aborted with error 400 Origin does not correspond to request
>>
>> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> You wrote before: "i used proxy reversed by apache (httpd)" Is this the
>>> case?
>>>
>>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> Hello Maxim
>>>> I have checked that.
>>>> it is said that: add '<property name="secure" value="true" />' to
>>>> ../conf/jee-container.xml right before '<property
>>>> name="connectionProperties">'
>>>> but this value, exists in "jee-container.xml" and the problem still
>>>> exists.
>>>>
>>>> do any thing else should i do?
>>>>
>>>>
>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> Hello Dear Maxim,
>>>>> Ok thank you. i will check that
>>>>>
>>>>>
>>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>>> *Hello Dear Yakovlev,*
>>>>>> *Yes I done that.*
>>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>>
>>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <yakovlev_nd@krvostok.ru
>>>>>> > wrote:
>>>>>>
>>>>>>> Hello Hossein,
>>>>>>>
>>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>>
>>>>>>> rtmps.keystorepass=...
>>>>>>>
>>>>>>> rtmps.truststorepass=...
>>>>>>>
>>>>>>> jmx.keystorepass=...
>>>>>>>
>>>>>>> ?
>>>>>>>
>>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Nik
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>>> *To:* Openmeetings user-list
>>>>>>> *Subject:* Re: self signed https problem
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> hola maxim
>>>>>>>
>>>>>>> i googled a lot and did some thing.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> here are my steps:
>>>>>>>
>>>>>>> 1- create key
>>>>>>>
>>>>>>> 2- create csr
>>>>>>>
>>>>>>> 3- request a CA to sign my csr
>>>>>>>
>>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>>> Intermediate cert as one file* - so because of this i removed some
>>>>>>> parts of the commands )
>>>>>>>
>>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>>>>>>> red5.p12 -name red5 -certfile root.crt (-certfile intermedXX.crt
>>>>>>> deleted)
>>>>>>>
>>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>>
>>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>>> -trustcacerts -file root.crt
>>>>>>>
>>>>>>> 8- (keytool -import -alias intermed -keystore
>>>>>>> red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>>
>>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>>
>>>>>>> 10- and server is listening on 443
>>>>>>>
>>>>>>> but the connection got refused when i try to get https connection
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>
>>>>>>> You can google it :))
>>>>>>>
>>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>>> om/article-most-common-openssl-commands.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>>
>>>>>>> hello maxim
>>>>>>>
>>>>>>> i have tried to setup self signed https on my om
>>>>>>>
>>>>>>> according to this link:
>>>>>>>
>>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>>> ed_certificate
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>>
>>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>>
>>>>>>> i got confused :))
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> WBR
>>>>>>> Maxim aka solomax
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
sorry there were two <property name="connectionProperties">.
that problem is ok.
but another thing happen :((
that error does not occure any more, but when i try to login, nothing
happen and the page just gets refreshed..
On Thu, Nov 23, 2017 at 2:06 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> yes. right now im using reversed proxy by httpd. the problem which now im
> facing, is i can not get login and this is the log.
>
> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.htt
> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/
> org.apache.openmeetings.web.pages.auth.SignInPage;
> jsessionid=7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.
> saba-co.net, action: aborted with error 400 Origin does not correspond to
> request
> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.htt
> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/
> org.apache.openmeetings.web.pages.auth.SignInPage;
> jsessionid=7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.
> saba-co.net, action: aborted with error 400 Origin does not correspond to
> request
> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.htt
> p.CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/
> org.apache.openmeetings.web.pages.auth.SignInPage;
> jsessionid=7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.
> saba-co.net, action: aborted with error 400 Origin does not correspond to
> request
>
> On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> You wrote before: "i used proxy reversed by apache (httpd)" Is this the
>> case?
>>
>> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> Hello Maxim
>>> I have checked that.
>>> it is said that: add '<property name="secure" value="true" />' to
>>> ../conf/jee-container.xml right before '<property
>>> name="connectionProperties">'
>>> but this value, exists in "jee-container.xml" and the problem still
>>> exists.
>>>
>>> do any thing else should i do?
>>>
>>>
>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> Hello Dear Maxim,
>>>> Ok thank you. i will check that
>>>>
>>>>
>>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>>> *Hello Dear Yakovlev,*
>>>>> *Yes I done that.*
>>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>>
>>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
>>>>> wrote:
>>>>>
>>>>>> Hello Hossein,
>>>>>>
>>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>>
>>>>>> rtmps.keystorepass=...
>>>>>>
>>>>>> rtmps.truststorepass=...
>>>>>>
>>>>>> jmx.keystorepass=...
>>>>>>
>>>>>> ?
>>>>>>
>>>>>> Ones must be the same you entered by the keytool command.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Nik
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>>> *To:* Openmeetings user-list
>>>>>> *Subject:* Re: self signed https problem
>>>>>>
>>>>>>
>>>>>>
>>>>>> hola maxim
>>>>>>
>>>>>> i googled a lot and did some thing.
>>>>>>
>>>>>>
>>>>>>
>>>>>> here are my steps:
>>>>>>
>>>>>> 1- create key
>>>>>>
>>>>>> 2- create csr
>>>>>>
>>>>>> 3- request a CA to sign my csr
>>>>>>
>>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>>> Intermediate cert as one file* - so because of this i removed some
>>>>>> parts of the commands )
>>>>>>
>>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>>>>>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>>>>>>
>>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>>> red5/conf/keystore.jks -alias red5
>>>>>>
>>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>>> -trustcacerts -file root.crt
>>>>>>
>>>>>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>>>>>> -trustcacerts -file intermedXX.crt - Deleted)
>>>>>>
>>>>>> 9- edited red5/conf/jee-container.xml
>>>>>>
>>>>>> 10- and server is listening on 443
>>>>>>
>>>>>> but the connection got refused when i try to get https connection
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>>> solomax666@gmail.com> wrote:
>>>>>>
>>>>>> You can google it :))
>>>>>>
>>>>>> Here are something to start from: https://www.sslshopper.c
>>>>>> om/article-most-common-openssl-commands.html
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>>
>>>>>> hello maxim
>>>>>>
>>>>>> i have tried to setup self signed https on my om
>>>>>>
>>>>>> according to this link:
>>>>>>
>>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>>> ed_certificate
>>>>>>
>>>>>>
>>>>>>
>>>>>> i need tow cert files and one key file, iam i right?
>>>>>>
>>>>>> so how can i generate ca.cert and red5.cert??
>>>>>>
>>>>>> i got confused :))
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> and one thing more, can i integrate nginx and om?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
yes. right now im using reversed proxy by httpd. the problem which now im
facing, is i can not get login and this is the log.
[INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.http.
CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
action: aborted with error 400 Origin does not correspond to request
[INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.http.
CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
action: aborted with error 400 Origin does not correspond to request
[INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.http.
CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
action: aborted with error 400 Origin does not correspond to request
On Thu, Nov 23, 2017 at 1:08 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> You wrote before: "i used proxy reversed by apache (httpd)" Is this the
> case?
>
> On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> Hello Maxim
>> I have checked that.
>> it is said that: add '<property name="secure" value="true" />' to
>> ../conf/jee-container.xml right before '<property
>> name="connectionProperties">'
>> but this value, exists in "jee-container.xml" and the problem still
>> exists.
>>
>> do any thing else should i do?
>>
>>
>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> Hello Dear Maxim,
>>> Ok thank you. i will check that
>>>
>>>
>>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> *Hello Dear Yakovlev,*
>>>> *Yes I done that.*
>>>> *as i checked the logs, OM says that keystore is not found.*
>>>>
>>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
>>>> wrote:
>>>>
>>>>> Hello Hossein,
>>>>>
>>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>>
>>>>> rtmps.keystorepass=...
>>>>>
>>>>> rtmps.truststorepass=...
>>>>>
>>>>> jmx.keystorepass=...
>>>>>
>>>>> ?
>>>>>
>>>>> Ones must be the same you entered by the keytool command.
>>>>>
>>>>>
>>>>>
>>>>> Nik
>>>>>
>>>>>
>>>>>
>>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>>> *To:* Openmeetings user-list
>>>>> *Subject:* Re: self signed https problem
>>>>>
>>>>>
>>>>>
>>>>> hola maxim
>>>>>
>>>>> i googled a lot and did some thing.
>>>>>
>>>>>
>>>>>
>>>>> here are my steps:
>>>>>
>>>>> 1- create key
>>>>>
>>>>> 2- create csr
>>>>>
>>>>> 3- request a CA to sign my csr
>>>>>
>>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>>> Intermediate cert as one file* - so because of this i removed some
>>>>> parts of the commands )
>>>>>
>>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>>>>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>>>>>
>>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>>> red5/conf/keystore.jks -alias red5
>>>>>
>>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>>> -trustcacerts -file root.crt
>>>>>
>>>>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>>>>> -trustcacerts -file intermedXX.crt - Deleted)
>>>>>
>>>>> 9- edited red5/conf/jee-container.xml
>>>>>
>>>>> 10- and server is listening on 443
>>>>>
>>>>> but the connection got refused when i try to get https connection
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <
>>>>> solomax666@gmail.com> wrote:
>>>>>
>>>>> You can google it :))
>>>>>
>>>>> Here are something to start from: https://www.sslshopper.c
>>>>> om/article-most-common-openssl-commands.html
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>>
>>>>> hello maxim
>>>>>
>>>>> i have tried to setup self signed https on my om
>>>>>
>>>>> according to this link:
>>>>>
>>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>>> ed_certificate
>>>>>
>>>>>
>>>>>
>>>>> i need tow cert files and one key file, iam i right?
>>>>>
>>>>> so how can i generate ca.cert and red5.cert??
>>>>>
>>>>> i got confused :))
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> and one thing more, can i integrate nginx and om?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
You wrote before: "i used proxy reversed by apache (httpd)" Is this the
case?
On Thu, Nov 23, 2017 at 2:14 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> Hello Maxim
> I have checked that.
> it is said that: add '<property name="secure" value="true" />' to
> ../conf/jee-container.xml right before '<property
> name="connectionProperties">'
> but this value, exists in "jee-container.xml" and the problem still
> exists.
>
> do any thing else should i do?
>
>
> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> Hello Dear Maxim,
>> Ok thank you. i will check that
>>
>>
>> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> *Hello Dear Yakovlev,*
>>> *Yes I done that.*
>>> *as i checked the logs, OM says that keystore is not found.*
>>>
>>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
>>> wrote:
>>>
>>>> Hello Hossein,
>>>>
>>>> did you change passwords in ../red5/conf/red5.properties:
>>>>
>>>> rtmps.keystorepass=...
>>>>
>>>> rtmps.truststorepass=...
>>>>
>>>> jmx.keystorepass=...
>>>>
>>>> ?
>>>>
>>>> Ones must be the same you entered by the keytool command.
>>>>
>>>>
>>>>
>>>> Nik
>>>>
>>>>
>>>>
>>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>>> *To:* Openmeetings user-list
>>>> *Subject:* Re: self signed https problem
>>>>
>>>>
>>>>
>>>> hola maxim
>>>>
>>>> i googled a lot and did some thing.
>>>>
>>>>
>>>>
>>>> here are my steps:
>>>>
>>>> 1- create key
>>>>
>>>> 2- create csr
>>>>
>>>> 3- request a CA to sign my csr
>>>>
>>>> 4- i got my crt files (*but CA gave me root certificate and
>>>> Intermediate cert as one file* - so because of this i removed some
>>>> parts of the commands )
>>>>
>>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>>>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>>>>
>>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>>> red5/conf/keystore.jks -alias red5
>>>>
>>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>>> -trustcacerts -file root.crt
>>>>
>>>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>>>> -trustcacerts -file intermedXX.crt - Deleted)
>>>>
>>>> 9- edited red5/conf/jee-container.xml
>>>>
>>>> 10- and server is listening on 443
>>>>
>>>> but the connection got refused when i try to get https connection
>>>>
>>>>
>>>>
>>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
>>>> wrote:
>>>>
>>>> You can google it :))
>>>>
>>>> Here are something to start from: https://www.sslshopper.c
>>>> om/article-most-common-openssl-commands.html
>>>>
>>>>
>>>>
>>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>>> hossein.dehghanpoor@gmail.com> wrote:
>>>>
>>>> hello maxim
>>>>
>>>> i have tried to setup self signed https on my om
>>>>
>>>> according to this link:
>>>>
>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>> ed_certificate
>>>>
>>>>
>>>>
>>>> i need tow cert files and one key file, iam i right?
>>>>
>>>> so how can i generate ca.cert and red5.cert??
>>>>
>>>> i got confused :))
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> and one thing more, can i integrate nginx and om?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>>
>>>>
>>>
>>>
>>
>
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
Hello Maxim
I have checked that.
it is said that: add '<property name="secure" value="true" />' to
../conf/jee-container.xml right before '<property
name="connectionProperties">'
but this value, exists in "jee-container.xml" and the problem still exists.
do any thing else should i do?
On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> Hello Dear Maxim,
> Ok thank you. i will check that
>
>
> On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> *Hello Dear Yakovlev,*
>> *Yes I done that.*
>> *as i checked the logs, OM says that keystore is not found.*
>>
>> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
>> wrote:
>>
>>> Hello Hossein,
>>>
>>> did you change passwords in ../red5/conf/red5.properties:
>>>
>>> rtmps.keystorepass=...
>>>
>>> rtmps.truststorepass=...
>>>
>>> jmx.keystorepass=...
>>>
>>> ?
>>>
>>> Ones must be the same you entered by the keytool command.
>>>
>>>
>>>
>>> Nik
>>>
>>>
>>>
>>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>>> *To:* Openmeetings user-list
>>> *Subject:* Re: self signed https problem
>>>
>>>
>>>
>>> hola maxim
>>>
>>> i googled a lot and did some thing.
>>>
>>>
>>>
>>> here are my steps:
>>>
>>> 1- create key
>>>
>>> 2- create csr
>>>
>>> 3- request a CA to sign my csr
>>>
>>> 4- i got my crt files (*but CA gave me root certificate and
>>> Intermediate cert as one file* - so because of this i removed some
>>> parts of the commands )
>>>
>>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>>>
>>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>>> red5/conf/keystore.jks -alias red5
>>>
>>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>>> -trustcacerts -file root.crt
>>>
>>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>>> -trustcacerts -file intermedXX.crt - Deleted)
>>>
>>> 9- edited red5/conf/jee-container.xml
>>>
>>> 10- and server is listening on 443
>>>
>>> but the connection got refused when i try to get https connection
>>>
>>>
>>>
>>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>> You can google it :))
>>>
>>> Here are something to start from: https://www.sslshopper.c
>>> om/article-most-common-openssl-commands.html
>>>
>>>
>>>
>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>> hello maxim
>>>
>>> i have tried to setup self signed https on my om
>>>
>>> according to this link:
>>>
>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>> ed_certificate
>>>
>>>
>>>
>>> i need tow cert files and one key file, iam i right?
>>>
>>> so how can i generate ca.cert and red5.cert??
>>>
>>> i got confused :))
>>>
>>>
>>>
>>>
>>>
>>> and one thing more, can i integrate nginx and om?
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> WBR
>>> Maxim aka solomax
>>>
>>>
>>>
>>
>>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
Hello Dear Maxim,
Ok thank you. i will check that
On Thu, Nov 23, 2017 at 10:04 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> *Hello Dear Yakovlev,*
> *Yes I done that.*
> *as i checked the logs, OM says that keystore is not found.*
>
> On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
> wrote:
>
>> Hello Hossein,
>>
>> did you change passwords in ../red5/conf/red5.properties:
>>
>> rtmps.keystorepass=...
>>
>> rtmps.truststorepass=...
>>
>> jmx.keystorepass=...
>>
>> ?
>>
>> Ones must be the same you entered by the keytool command.
>>
>>
>>
>> Nik
>>
>>
>>
>> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
>> *Sent:* Wednesday, November 22, 2017 9:51 PM
>> *To:* Openmeetings user-list
>> *Subject:* Re: self signed https problem
>>
>>
>>
>> hola maxim
>>
>> i googled a lot and did some thing.
>>
>>
>>
>> here are my steps:
>>
>> 1- create key
>>
>> 2- create csr
>>
>> 3- request a CA to sign my csr
>>
>> 4- i got my crt files (*but CA gave me root certificate and Intermediate
>> cert as one file* - so because of this i removed some parts of the
>> commands )
>>
>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>>
>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>> red5/conf/keystore.jks -alias red5
>>
>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>> -trustcacerts -file root.crt
>>
>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>> -trustcacerts -file intermedXX.crt - Deleted)
>>
>> 9- edited red5/conf/jee-container.xml
>>
>> 10- and server is listening on 443
>>
>> but the connection got refused when i try to get https connection
>>
>>
>>
>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>> You can google it :))
>>
>> Here are something to start from: https://www.sslshopper.c
>> om/article-most-common-openssl-commands.html
>>
>>
>>
>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>> hello maxim
>>
>> i have tried to setup self signed https on my om
>>
>> according to this link:
>>
>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>> ed_certificate
>>
>>
>>
>> i need tow cert files and one key file, iam i right?
>>
>> so how can i generate ca.cert and red5.cert??
>>
>> i got confused :))
>>
>>
>>
>>
>>
>> and one thing more, can i integrate nginx and om?
>>
>>
>>
>>
>>
>> --
>>
>> WBR
>> Maxim aka solomax
>>
>>
>>
>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
*Hello Dear Yakovlev,*
*Yes I done that.*
*as i checked the logs, OM says that keystore is not found.*
On Thu, Nov 23, 2017 at 8:45 AM, Yakovlev N. <ya...@krvostok.ru>
wrote:
> Hello Hossein,
>
> did you change passwords in ../red5/conf/red5.properties:
>
> rtmps.keystorepass=...
>
> rtmps.truststorepass=...
>
> jmx.keystorepass=...
>
> ?
>
> Ones must be the same you entered by the keytool command.
>
>
>
> Nik
>
>
>
> *From:* Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
> *Sent:* Wednesday, November 22, 2017 9:51 PM
> *To:* Openmeetings user-list
> *Subject:* Re: self signed https problem
>
>
>
> hola maxim
>
> i googled a lot and did some thing.
>
>
>
> here are my steps:
>
> 1- create key
>
> 2- create csr
>
> 3- request a CA to sign my csr
>
> 4- i got my crt files (*but CA gave me root certificate and Intermediate
> cert as one file* - so because of this i removed some parts of the
> commands )
>
> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>
> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
> red5/conf/keystore.jks -alias red5
>
> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
> -trustcacerts -file root.crt
>
> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
> -trustcacerts -file intermedXX.crt - Deleted)
>
> 9- edited red5/conf/jee-container.xml
>
> 10- and server is listening on 443
>
> but the connection got refused when i try to get https connection
>
>
>
> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
> You can google it :))
>
> Here are something to start from: https://www.sslshopper.
> com/article-most-common-openssl-commands.html
>
>
>
> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
> hello maxim
>
> i have tried to setup self signed https on my om
>
> according to this link:
>
> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-signed_certificate
>
>
>
> i need tow cert files and one key file, iam i right?
>
> so how can i generate ca.cert and red5.cert??
>
> i got confused :))
>
>
>
>
>
> and one thing more, can i integrate nginx and om?
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
RE: self signed https problem
Posted by "Yakovlev N." <ya...@krvostok.ru>.
Hello Hossein,
did you change passwords in ../red5/conf/red5.properties:
rtmps.keystorepass=...
rtmps.truststorepass=...
jmx.keystorepass=...
?
Ones must be the same you entered by the keytool command.
Nik
From: Hossein Dehghanpoor [mailto:hossein.dehghanpoor@gmail.com]
Sent: Wednesday, November 22, 2017 9:51 PM
To: Openmeetings user-list
Subject: Re: self signed https problem
hola maxim
i googled a lot and did some thing.
here are my steps:
1- create key
2- create csr
3- request a CA to sign my csr
4- i got my crt files (but CA gave me root certificate and Intermediate cert as one file - so because of this i removed some parts of the commands )
5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass XXX -destkeystore red5/conf/keystore.jks -alias red5
7- keytool -import -alias root -keystore red5/conf/keystore.jks -trustcacerts -file root.crt
8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks -trustcacerts -file intermedXX.crt - Deleted)
9- edited red5/conf/jee-container.xml
10- and server is listening on 443
but the connection got refused when i try to get https connection
On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com> wrote:
You can google it :))
Here are something to start from: https://www.sslshopper.com/article-most-common-openssl-commands.html
On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <ho...@gmail.com> wrote:
hello maxim
i have tried to setup self signed https on my om
according to this link:
https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-signed_certificate
i need tow cert files and one key file, iam i right?
so how can i generate ca.cert and red5.cert??
i got confused :))
and one thing more, can i integrate nginx and om?
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
You are proxying HTTPS request to HTTP server
in this case you need to do one simple change, as described here [1]
[1]
https://issues.apache.org/jira/browse/INFRA-14166?focusedCommentId=16049040&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16049040
On Thu, Nov 23, 2017 at 6:17 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> ok maxim
>
> i forget to use https in that way.
>
> i used proxy reversed by apache (httpd)
>
> i setup ssl and it works.
>
> but there is a problem.
>
> [INFO] [http-nio-0.0.0.0-5080-exec-1] org.apache.wicket.protocol.http.
> CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
> apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
> action: aborted with error 400 Origin does not correspond to request
> [INFO] [http-nio-0.0.0.0-5080-exec-3] org.apache.wicket.protocol.http.
> CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
> apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
> action: aborted with error 400 Origin does not correspond to request
> [INFO] [http-nio-0.0.0.0-5080-exec-10] org.apache.wicket.protocol.http.
> CsrfPreventionRequestCycleListener - Possible CSRF attack, request URL:
> http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.
> apache.openmeetings.web.pages.auth.SignInPage;jsessionid=
> 7399F24381E9299DF229D27AD4A034AF, Origin: https://elearning.saba-co.net,
> action: aborted with error 400 Origin does not correspond to request
>
>
> On Wed, Nov 22, 2017 at 10:20 PM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> hola maxim
>> i googled a lot and did some thing.
>>
>> here are my steps:
>> 1- create key
>> 2- create csr
>> 3- request a CA to sign my csr
>> 4- i got my crt files (*but CA gave me root certificate and Intermediate
>> cert as one file* - so because of this i removed some parts of the
>> commands )
>> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
>> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
>> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
>> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
>> red5/conf/keystore.jks -alias red5
>> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
>> -trustcacerts -file root.crt
>> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
>> -trustcacerts -file intermedXX.crt - Deleted)
>> 9- edited red5/conf/jee-container.xml
>> 10- and server is listening on 443
>> but the connection got refused when i try to get https connection
>>
>> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> You can google it :))
>>> Here are something to start from: https://www.sslshopper.c
>>> om/article-most-common-openssl-commands.html
>>>
>>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>>> hossein.dehghanpoor@gmail.com> wrote:
>>>
>>>> hello maxim
>>>> i have tried to setup self signed https on my om
>>>> according to this link:
>>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>>> ed_certificate
>>>>
>>>> i need tow cert files and one key file, iam i right?
>>>> so how can i generate ca.cert and red5.cert??
>>>> i got confused :))
>>>>
>>>>
>>>> and one thing more, can i integrate nginx and om?
>>>>
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>
--
WBR
Maxim aka solomax
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
ok maxim
i forget to use https in that way.
i used proxy reversed by apache (httpd)
i setup ssl and it works.
but there is a problem.
[INFO] [http-nio-0.0.0.0-5080-exec-1]
org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
Origin: https://elearning.saba-co.net, action: aborted with error 400
Origin does not correspond to request
[INFO] [http-nio-0.0.0.0-5080-exec-3]
org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
Origin: https://elearning.saba-co.net, action: aborted with error 400
Origin does not correspond to request
[INFO] [http-nio-0.0.0.0-5080-exec-10]
org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener -
Possible CSRF attack, request URL:
http://elearning.saba-co.net/ersa/wicket/bookmarkable/org.apache.openmeetings.web.pages.auth.SignInPage;jsessionid=7399F24381E9299DF229D27AD4A034AF,
Origin: https://elearning.saba-co.net, action: aborted with error 400
Origin does not correspond to request
On Wed, Nov 22, 2017 at 10:20 PM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> hola maxim
> i googled a lot and did some thing.
>
> here are my steps:
> 1- create key
> 2- create csr
> 3- request a CA to sign my csr
> 4- i got my crt files (*but CA gave me root certificate and Intermediate
> cert as one file* - so because of this i removed some parts of the
> commands )
> 5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12
> -name red5 -certfile root.crt (-certfile intermedXX.crt deleted)
> 6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass XXX -destkeystore
> red5/conf/keystore.jks -alias red5
> 7- keytool -import -alias root -keystore red5/conf/keystore.jks
> -trustcacerts -file root.crt
> 8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
> -trustcacerts -file intermedXX.crt - Deleted)
> 9- edited red5/conf/jee-container.xml
> 10- and server is listening on 443
> but the connection got refused when i try to get https connection
>
> On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> You can google it :))
>> Here are something to start from: https://www.sslshopper.c
>> om/article-most-common-openssl-commands.html
>>
>> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
>> hossein.dehghanpoor@gmail.com> wrote:
>>
>>> hello maxim
>>> i have tried to setup self signed https on my om
>>> according to this link:
>>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>>> ed_certificate
>>>
>>> i need tow cert files and one key file, iam i right?
>>> so how can i generate ca.cert and red5.cert??
>>> i got confused :))
>>>
>>>
>>> and one thing more, can i integrate nginx and om?
>>>
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: self signed https problem
Posted by Hossein Dehghanpoor <ho...@gmail.com>.
hola maxim
i googled a lot and did some thing.
here are my steps:
1- create key
2- create csr
3- request a CA to sign my csr
4- i got my crt files (*but CA gave me root certificate and Intermediate
cert as one file* - so because of this i removed some parts of the commands
)
5- openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name
red5 -certfile root.crt (-certfile intermedXX.crt deleted)
6- keytool -importkeystore -srcstorepass XXX -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass XXX -destkeystore
red5/conf/keystore.jks -alias red5
7- keytool -import -alias root -keystore red5/conf/keystore.jks
-trustcacerts -file root.crt
8- (keytool -import -alias intermed -keystore red5/conf/keystore.jks
-trustcacerts -file intermedXX.crt - Deleted)
9- edited red5/conf/jee-container.xml
10- and server is listening on 443
but the connection got refused when i try to get https connection
On Wed, Nov 22, 2017 at 6:13 AM, Maxim Solodovnik <so...@gmail.com>
wrote:
> You can google it :))
> Here are something to start from: https://www.sslshopper.
> com/article-most-common-openssl-commands.html
>
> On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
> hossein.dehghanpoor@gmail.com> wrote:
>
>> hello maxim
>> i have tried to setup self signed https on my om
>> according to this link:
>> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-sign
>> ed_certificate
>>
>> i need tow cert files and one key file, iam i right?
>> so how can i generate ca.cert and red5.cert??
>> i got confused :))
>>
>>
>> and one thing more, can i integrate nginx and om?
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: self signed https problem
Posted by Maxim Solodovnik <so...@gmail.com>.
You can google it :))
Here are something to start from:
https://www.sslshopper.com/article-most-common-openssl-commands.html
On Wed, Nov 22, 2017 at 2:04 AM, Hossein Dehghanpoor <
hossein.dehghanpoor@gmail.com> wrote:
> hello maxim
> i have tried to setup self signed https on my om
> according to this link:
> https://openmeetings.apache.org/RTMPSAndHTTPS.html#Self-signed_certificate
>
> i need tow cert files and one key file, iam i right?
> so how can i generate ca.cert and red5.cert??
> i got confused :))
>
>
> and one thing more, can i integrate nginx and om?
>
--
WBR
Maxim aka solomax