You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Maxim Solodovnik <so...@gmail.com> on 2018/01/02 16:42:54 UTC
Re: Configure https on centos7
All your steps sounds correct to me
It works for me
I got this "Allow Flash" message from browser only once
then everything works flawlessly
I can create recording with my steps after Jan, 9, if it will help .... not
sure how :(
On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> I will get back to you on these questions on Tuesday if that is OK.
>
> I did manage to get openmeetings to work via https, I do not have it
> fully scripted just yet, but close. This is using the self-signed CA
> and cert method described on the link.
>
> The reason I wen't this way in the first place was because when I
> enter an openmeetings room, I was not being presented a list of audio
> hardware to use. I was told that chrome needs https to access
> microphone.
>
> Well, even with the https, after enabling flash, after entering a room
> I click gear widget. It has choose webcam: Disabled, choose microphone
> disabled. On the right side it says: "Click to Enable Adobe Flash
> Player". I click, flash player seems to enable OK (keep in mind this
> is with PepperFlash). I can do recordings tests, etc.
>
> But still only option for microphone is Disabled. If I click widget
> again, setting is the same.
> If I restart chrome, and log back in, I do not have to enable flash
> this time, but still for microphone option is Disabled
>
> I know chromium can see my audio hardware, if I go to chromium ->
> settings -> content settings -> microphone, the correct device is
> listed there. My only option is "Ask before accessing (recommended)",
> otherwise mic is completely disabled. There are no sites listed in the
> blocked or allowed lists below.
>
> It would seem openmeetings is not asking to chromium to use
> microphone. Am I doing something wrong? Will the self signed cert
> method work to enable this?
>
> -Dave
>
>
> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > Do you have these options in your version?
> > What is the error?
> >
> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
> >> accept an argument despite what the help page said.
> >>
> >> -Dave
> >>
> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <solomax666@gmail.com
> >
> >> wrote:
> >> > here is mine output: (src and dest keystore options are highlighted)
> >> >
> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
> >> >
> >> > keytool -importkeystore [OPTION]...
> >> >
> >> > Imports one or all entries from another keystore
> >> >
> >> > Options:
> >> >
> >> > -srckeystore <srckeystore> source keystore name
> >> > -destkeystore <destkeystore> destination keystore name
> >> > -srcstoretype <srcstoretype> source keystore type
> >> > -deststoretype <deststoretype> destination keystore type
> >> > -srcstorepass <arg> source keystore password
> >> > -deststorepass <arg> destination keystore password
> >> > -srcprotected source keystore password
> >> > protected
> >> > -srcprovidername <srcprovidername> source keystore provider name
> >> > -destprovidername <destprovidername> destination keystore provider
> >> > name
> >> > -srcalias <srcalias> source alias
> >> > -destalias <destalias> destination alias
> >> > -srckeypass <arg> source key password
> >> > -destkeypass <arg> destination key password
> >> > -noprompt do not prompt
> >> > -providerclass <providerclass> provider class name
> >> > -providerarg <arg> provider argument
> >> > -providerpath <pathlist> provider classpath
> >> > -v verbose output
> >> >
> >> > Use "keytool -help" for all available commands
> >> >
> >> >
> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
> wrote:
> >> >>
> >> >> keytool --help does not list -keystorepass as an option for me. here
> >> >> is what we have to work with:
> >> >>
> >> >> #which keytool
> >> >> /usr/bin/keytool
> >> >>
> >> >> #namei /usr/bin/keytool
> >> >> f: /usr/bin/keytool
> >> >> d /
> >> >> d usr
> >> >> d bin
> >> >> l keytool -> /etc/alternatives/keytool
> >> >> d /
> >> >> d etc
> >> >> d alternatives
> >> >> l keytool ->
> >> >>
> >> >>
> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> d /
> >> >> d usr
> >> >> d lib
> >> >> d jvm
> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> d jre
> >> >> d bin
> >> >> - keytool
> >> >>
> >> >> #rpm -qf
> >> >>
> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >>
> >> >> #keytool -help
> >> >> Key and Certificate Management Tool
> >> >>
> >> >> Commands:
> >> >>
> >> >> -certreq Generates a certificate request
> >> >> -changealias Changes an entry's alias
> >> >> -delete Deletes an entry
> >> >> -exportcert Exports certificate
> >> >> -genkeypair Generates a key pair
> >> >> -genseckey Generates a secret key
> >> >> -gencert Generates certificate from a certificate request
> >> >> -importcert Imports a certificate or a certificate chain
> >> >> -importpass Imports a password
> >> >> -importkeystore Imports one or all entries from another keystore
> >> >> -keypasswd Changes the key password of an entry
> >> >> -list Lists entries in a keystore
> >> >> -printcert Prints the content of a certificate
> >> >> -printcertreq Prints the content of a certificate request
> >> >> -printcrl Prints the content of a CRL file
> >> >> -storepasswd Changes the store password of a keystore
> >> >>
> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >>
> >> >>
> >> >> I think we have the openjdk on the linux (perhaps other platforms
> too)
> >> >> and not the Sun/oracle implementation so as to get around license
> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux,
> it
> >> >> doesn't have keystorepass either.
> >> >>
> >> >>
> >> >> -Dave
> >> >>
> >> >>
> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >
> >> >> > For real server it might be better to set up "let's encrypt" free
> >> >> > certificate (script was posted some time ago)
> >> >> >
> >> >> > WBR, Maxim
> >> >> > (from mobile, sorry for the typos)
> >> >> >
> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
> >> >> >>
> >> >> >> I am working through these steps on rhel6 which is a close cousin
> to
> >> >> >> centos 6.
> >> >> >>
> >> >> >> I have the same issue, -keystorepass is not a valid argument to
> >> >> >> keytool.
> >> >> >>
> >> >> >> Instead, you can just leave that argument off (and the pass )
> since
> >> >> >> then keytool will just prompt.
> >> >> >>
> >> >> >> This still poses a problem for me because I am trying to have the
> >> >> >> entire setup in a script. Perhaps I can write an expect script
> just
> >> >> >> for this one line.
> >> >> >>
> >> >> >> Anyhow, I will work to further get SSL working next year. It turns
> >> >> >> out
> >> >> >> my version of chrome requires it for sound.
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> > I do all by this instruction
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> > except
> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >
> >> >> >> > In instruction error on this command:
> >> >> >> > keytool -import -alias root -keystore
> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Error:
> >> >> >> > illegal option: -keystorepass
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > In documentation
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> > not exist that option so
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> > is
> >> >> >> > not
> >> >> >> > can’t be used, not relevant.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >
> >> >> >> >
> >> >> >> > To: Openmeetings user-list
> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> > questions
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
> >> >> >> > means
> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > [1]
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >
> >> >> >> > [2]
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> > <p....@fort.crimea.com>
> >> >> >> > wrote:
> >> >> >> >
> >> >> >> > Ø The idea here is…
> >> >> >> >
> >> >> >> > I can’t do this idea in practice, something doing not right. I
> >> >> >> > create
> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
> >> >> >> > information
> >> >> >> > in instruction to do this fast step-by-step. Later I will have
> >> >> >> > ‘real’
> >> >> >> > certificate.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Ø At the moment you are starting #3 above there should be NO
> >> >> >> > keystore.jks,
> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >
> >> >> >> > What means #3?
> >> >> >> >
> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >
> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> -newkey
> >> >> >> > rsa:2048
> >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> >> >> >> > enter
> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
> like
> >> >> >> > that
> >> >> >> > I
> >> >> >> > still have this error.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> > To: Openmeetings user-list
> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > The idea here is
> >> >> >> >
> >> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
> >> >> >> > red5.crt
> >> >> >> >
> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> > red5.p12
> >> >> >> >
> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> > keystore.jks
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> > keystore.jks,
> >> >> >> > you
> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> > <p....@fort.crimea.com>
> >> >> >> > wrote:
> >> >> >> >
> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> > Subject: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Use this instruction
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> > For
> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >
> >> >> >> > Not all in instruction was wrote, so what I do first before
> >> >> >> > instruction
> >> >> >> > is
> >> >> >> > create self-signed sertificate:
> >> >> >> >
> >> >> >> > su -
> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >
> >> >> >> > cd /opt/prytsepov
> >> >> >> >
> >> >> >> > yum install mod_ssl
> >> >> >> >
> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Then I do by instruction:
> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
> step
> >> >> >> > password
> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> >> >> >> > -out
> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >
> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
> >> >> >> > red5.p12
> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Here I see errors:
> >> >> >> >
> >> >> >> > keytool error:java.io.IOException:keystore password was
> incorrect
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> >
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> >
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
yes, this was my point.
Unfortunately, I have no time to check all JVMs in all distros :(
This is why I'm not changing instructions right now
On Sat, Jan 6, 2018 at 12:39 AM, David Jentz <je...@gmail.com> wrote:
> Yes that is the same for me. Moreover, storepass seems to work just
> fine. Maybe keytool arguments vary from java to java.
>
> -Dave
>
> On Fri, Jan 5, 2018 at 3:29 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > I guess "keystorepass" should be "storepass" could you check on your
> system?
> >
> > keytool -import --help
> > keytool -importcert [OPTION]...
> >
> > Imports a certificate or a certificate chain
> >
> > Options:
> >
> > -noprompt do not prompt
> > -trustcacerts trust certificates from cacerts
> > -protected password through protected mechanism
> > -alias <alias> alias name of the entry to process
> > -file <filename> input file name
> > -keypass <arg> key password
> > -keystore <keystore> keystore name
> > -storepass <arg> keystore password
> > -storetype <storetype> keystore type
> > -providername <providername> provider name
> > -providerclass <providerclass> provider class name
> > -providerarg <arg> provider argument
> > -providerpath <pathlist> provider classpath
> > -v verbose output
> >
> >
> > On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> So I think I may have found the solution. May not have needed https
> >> all along. I know this is a bit off topic for the original thread, but
> >> I do not mean to create more work, so I will respond here.
> >>
> >> Still a bit preliminary here. Will post new details if I find them.
> >>
> >> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
> >>
> >> If I click the (i) in the address bar for my specific site, then click
> >> site settings, I can then switch microphone to "Allow" instead of
> >> "Ask(default)". I also do the same for flash.
> >>
> >>
> >> Anyhow, this appears to work just fine (or I'll get it soon).
> >>
> >> As for question about keystorepass srcstorepass and deststorepass, when
> I
> >> run
> >> keytool -importkeystore --help
> >> I get identical output to what you have listed (both srcstorepass and
> >> deststorepass)
> >>
> >> These items are on step 2 of the Steps for OM server guide. This step
> >> also seems to work just fine for me.
> >>
> >> I think, for me at least, the real problem is step 3
> >>
> >> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
> >> -keystorepass changeit -trustcacerts -file ca.crt
> >>
> >> Where keystorepass is not an option.
> >>
> >> Instead, if I just use -storepass it seems to work just fine :-)
> >>
> >> Thank you!
> >> -Dave
> >>
> >>
> >> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
> >> wrote:
> >> > All your steps sounds correct to me
> >> > It works for me
> >> > I got this "Allow Flash" message from browser only once
> >> >
> >> > then everything works flawlessly
> >> >
> >> > I can create recording with my steps after Jan, 9, if it will help
> ....
> >> > not
> >> > sure how :(
> >> >
> >> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> >> >>
> >> >> I will get back to you on these questions on Tuesday if that is OK.
> >> >>
> >> >> I did manage to get openmeetings to work via https, I do not have it
> >> >> fully scripted just yet, but close. This is using the self-signed CA
> >> >> and cert method described on the link.
> >> >>
> >> >> The reason I wen't this way in the first place was because when I
> >> >> enter an openmeetings room, I was not being presented a list of audio
> >> >> hardware to use. I was told that chrome needs https to access
> >> >> microphone.
> >> >>
> >> >> Well, even with the https, after enabling flash, after entering a
> room
> >> >> I click gear widget. It has choose webcam: Disabled, choose
> microphone
> >> >> disabled. On the right side it says: "Click to Enable Adobe Flash
> >> >> Player". I click, flash player seems to enable OK (keep in mind this
> >> >> is with PepperFlash). I can do recordings tests, etc.
> >> >>
> >> >> But still only option for microphone is Disabled. If I click widget
> >> >> again, setting is the same.
> >> >> If I restart chrome, and log back in, I do not have to enable flash
> >> >> this time, but still for microphone option is Disabled
> >> >>
> >> >> I know chromium can see my audio hardware, if I go to chromium ->
> >> >> settings -> content settings -> microphone, the correct device is
> >> >> listed there. My only option is "Ask before accessing (recommended)",
> >> >> otherwise mic is completely disabled. There are no sites listed in
> the
> >> >> blocked or allowed lists below.
> >> >>
> >> >> It would seem openmeetings is not asking to chromium to use
> >> >> microphone. Am I doing something wrong? Will the self signed cert
> >> >> method work to enable this?
> >> >>
> >> >> -Dave
> >> >>
> >> >>
> >> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > Do you have these options in your version?
> >> >> > What is the error?
> >> >> >
> >> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem
> >> >> >> to
> >> >> >> accept an argument despite what the help page said.
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
> >> >> >> <so...@gmail.com>
> >> >> >> wrote:
> >> >> >> > here is mine output: (src and dest keystore options are
> >> >> >> > highlighted)
> >> >> >> >
> >> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
> >> >> >> > --help
> >> >> >> >
> >> >> >> > keytool -importkeystore [OPTION]...
> >> >> >> >
> >> >> >> > Imports one or all entries from another keystore
> >> >> >> >
> >> >> >> > Options:
> >> >> >> >
> >> >> >> > -srckeystore <srckeystore> source keystore name
> >> >> >> > -destkeystore <destkeystore> destination keystore name
> >> >> >> > -srcstoretype <srcstoretype> source keystore type
> >> >> >> > -deststoretype <deststoretype> destination keystore type
> >> >> >> > -srcstorepass <arg> source keystore password
> >> >> >> > -deststorepass <arg> destination keystore
> >> >> >> > password
> >> >> >> > -srcprotected source keystore password
> >> >> >> > protected
> >> >> >> > -srcprovidername <srcprovidername> source keystore provider
> >> >> >> > name
> >> >> >> > -destprovidername <destprovidername> destination keystore
> >> >> >> > provider
> >> >> >> > name
> >> >> >> > -srcalias <srcalias> source alias
> >> >> >> > -destalias <destalias> destination alias
> >> >> >> > -srckeypass <arg> source key password
> >> >> >> > -destkeypass <arg> destination key password
> >> >> >> > -noprompt do not prompt
> >> >> >> > -providerclass <providerclass> provider class name
> >> >> >> > -providerarg <arg> provider argument
> >> >> >> > -providerpath <pathlist> provider classpath
> >> >> >> > -v verbose output
> >> >> >> >
> >> >> >> > Use "keytool -help" for all available commands
> >> >> >> >
> >> >> >> >
> >> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <jentzd@gmail.com
> >
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> keytool --help does not list -keystorepass as an option for me.
> >> >> >> >> here
> >> >> >> >> is what we have to work with:
> >> >> >> >>
> >> >> >> >> #which keytool
> >> >> >> >> /usr/bin/keytool
> >> >> >> >>
> >> >> >> >> #namei /usr/bin/keytool
> >> >> >> >> f: /usr/bin/keytool
> >> >> >> >> d /
> >> >> >> >> d usr
> >> >> >> >> d bin
> >> >> >> >> l keytool -> /etc/alternatives/keytool
> >> >> >> >> d /
> >> >> >> >> d etc
> >> >> >> >> d alternatives
> >> >> >> >> l keytool ->
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> >> d /
> >> >> >> >> d usr
> >> >> >> >> d lib
> >> >> >> >> d jvm
> >> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> >> d jre
> >> >> >> >> d bin
> >> >> >> >> - keytool
> >> >> >> >>
> >> >> >> >> #rpm -qf
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> >>
> >> >> >> >> #keytool -help
> >> >> >> >> Key and Certificate Management Tool
> >> >> >> >>
> >> >> >> >> Commands:
> >> >> >> >>
> >> >> >> >> -certreq Generates a certificate request
> >> >> >> >> -changealias Changes an entry's alias
> >> >> >> >> -delete Deletes an entry
> >> >> >> >> -exportcert Exports certificate
> >> >> >> >> -genkeypair Generates a key pair
> >> >> >> >> -genseckey Generates a secret key
> >> >> >> >> -gencert Generates certificate from a certificate
> >> >> >> >> request
> >> >> >> >> -importcert Imports a certificate or a certificate
> chain
> >> >> >> >> -importpass Imports a password
> >> >> >> >> -importkeystore Imports one or all entries from another
> >> >> >> >> keystore
> >> >> >> >> -keypasswd Changes the key password of an entry
> >> >> >> >> -list Lists entries in a keystore
> >> >> >> >> -printcert Prints the content of a certificate
> >> >> >> >> -printcertreq Prints the content of a certificate
> request
> >> >> >> >> -printcrl Prints the content of a CRL file
> >> >> >> >> -storepasswd Changes the store password of a keystore
> >> >> >> >>
> >> >> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> I think we have the openjdk on the linux (perhaps other
> platforms
> >> >> >> >> too)
> >> >> >> >> and not the Sun/oracle implementation so as to get around
> license
> >> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
> >> >> >> >> linux,
> >> >> >> >> it
> >> >> >> >> doesn't have keystorepass either.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> -Dave
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> >> >> <so...@gmail.com>
> >> >> >> >> wrote:
> >> >> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >> >> >
> >> >> >> >> > For real server it might be better to set up "let's encrypt"
> >> >> >> >> > free
> >> >> >> >> > certificate (script was posted some time ago)
> >> >> >> >> >
> >> >> >> >> > WBR, Maxim
> >> >> >> >> > (from mobile, sorry for the typos)
> >> >> >> >> >
> >> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
> >> >> >> >> > wrote:
> >> >> >> >> >>
> >> >> >> >> >> I am working through these steps on rhel6 which is a close
> >> >> >> >> >> cousin
> >> >> >> >> >> to
> >> >> >> >> >> centos 6.
> >> >> >> >> >>
> >> >> >> >> >> I have the same issue, -keystorepass is not a valid argument
> >> >> >> >> >> to
> >> >> >> >> >> keytool.
> >> >> >> >> >>
> >> >> >> >> >> Instead, you can just leave that argument off (and the pass
> )
> >> >> >> >> >> since
> >> >> >> >> >> then keytool will just prompt.
> >> >> >> >> >>
> >> >> >> >> >> This still poses a problem for me because I am trying to
> have
> >> >> >> >> >> the
> >> >> >> >> >> entire setup in a script. Perhaps I can write an expect
> script
> >> >> >> >> >> just
> >> >> >> >> >> for this one line.
> >> >> >> >> >>
> >> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
> >> >> >> >> >> turns
> >> >> >> >> >> out
> >> >> >> >> >> my version of chrome requires it for sound.
> >> >> >> >> >>
> >> >> >> >> >> -Dave
> >> >> >> >> >>
> >> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> >> >> > I do all by this instruction
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> > except
> >> >> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >> >> >
> >> >> >> >> >> > In instruction error on this command:
> >> >> >> >> >> > keytool -import -alias root -keystore
> >> >> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Error:
> >> >> >> >> >> > illegal option: -keystorepass
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > In documentation
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >> > not exist that option so
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> > is
> >> >> >> >> >> > not
> >> >> >> >> >> > can’t be used, not relevant.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> >> >> > questions
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit"
> >> >> >> >> >> > this
> >> >> >> >> >> > means
> >> >> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > [1]
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >> >
> >> >> >> >> >> > [2]
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> >> > wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > Ø The idea here is…
> >> >> >> >> >> >
> >> >> >> >> >> > I can’t do this idea in practice, something doing not
> right.
> >> >> >> >> >> > I
> >> >> >> >> >> > create
> >> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
> >> >> >> >> >> > enough
> >> >> >> >> >> > information
> >> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
> >> >> >> >> >> > have
> >> >> >> >> >> > ‘real’
> >> >> >> >> >> > certificate.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Ø At the moment you are starting #3 above there should be
> >> >> >> >> >> > NO
> >> >> >> >> >> > keystore.jks,
> >> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >> >> >
> >> >> >> >> >> > What means #3?
> >> >> >> >> >> >
> >> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
> >> >> >> >> >> > *jmx.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >> >> >
> >> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> >> >> >> >> >> > -newkey
> >> >> >> >> >> > rsa:2048
> >> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
> >> >> >> >> >> > /opt/prytsepov/red5.crt” I
> >> >> >> >> >> > enter
> >> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password.
> >> >> >> >> >> > If
> >> >> >> >> >> > like
> >> >> >> >> >> > that
> >> >> >> >> >> > I
> >> >> >> >> >> > still have this error.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > The idea here is
> >> >> >> >> >> >
> >> >> >> >> >> > 1) you are creating self-signed certificate
> (prerequisite)
> >> >> >> >> >> > ->
> >> >> >> >> >> > red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> >> >> > red5.p12
> >> >> >> >> >> >
> >> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> >> >> > keystore.jks
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> >> >> > keystore.jks,
> >> >> >> >> >> > you
> >> >> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> >> > wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> >> > Subject: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Use this instruction
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> >> >> > For
> >> >> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >> >> >
> >> >> >> >> >> > Not all in instruction was wrote, so what I do first
> before
> >> >> >> >> >> > instruction
> >> >> >> >> >> > is
> >> >> >> >> >> > create self-signed sertificate:
> >> >> >> >> >> >
> >> >> >> >> >> > su -
> >> >> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >> >> >
> >> >> >> >> >> > cd /opt/prytsepov
> >> >> >> >> >> >
> >> >> >> >> >> > yum install mod_ssl
> >> >> >> >> >> >
> >> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048
> >> >> >> >> >> > -keyout
> >> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Then I do by instruction:
> >> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On
> >> >> >> >> >> > this
> >> >> >> >> >> > step
> >> >> >> >> >> > password
> >> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
> >> >> >> >> >> > red5.key
> >> >> >> >> >> > -out
> >> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> > keytool -importkeystore -srcstorepass changeit
> -srckeystore
> >> >> >> >> >> > red5.p12
> >> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Here I see errors:
> >> >> >> >> >> >
> >> >> >> >> >> > keytool error:java.io.IOException:keystore password was
> >> >> >> >> >> > incorrect
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > --
> >> >> >> >> >> >
> >> >> >> >> >> > WBR
> >> >> >> >> >> > Maxim aka solomax
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > --
> >> >> >> >> >> >
> >> >> >> >> >> > WBR
> >> >> >> >> >> > Maxim aka solomax
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > WBR
> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
Yes that is the same for me. Moreover, storepass seems to work just
fine. Maybe keytool arguments vary from java to java.
-Dave
On Fri, Jan 5, 2018 at 3:29 AM, Maxim Solodovnik <so...@gmail.com> wrote:
> I guess "keystorepass" should be "storepass" could you check on your system?
>
> keytool -import --help
> keytool -importcert [OPTION]...
>
> Imports a certificate or a certificate chain
>
> Options:
>
> -noprompt do not prompt
> -trustcacerts trust certificates from cacerts
> -protected password through protected mechanism
> -alias <alias> alias name of the entry to process
> -file <filename> input file name
> -keypass <arg> key password
> -keystore <keystore> keystore name
> -storepass <arg> keystore password
> -storetype <storetype> keystore type
> -providername <providername> provider name
> -providerclass <providerclass> provider class name
> -providerarg <arg> provider argument
> -providerpath <pathlist> provider classpath
> -v verbose output
>
>
> On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
>>
>> So I think I may have found the solution. May not have needed https
>> all along. I know this is a bit off topic for the original thread, but
>> I do not mean to create more work, so I will respond here.
>>
>> Still a bit preliminary here. Will post new details if I find them.
>>
>> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
>>
>> If I click the (i) in the address bar for my specific site, then click
>> site settings, I can then switch microphone to "Allow" instead of
>> "Ask(default)". I also do the same for flash.
>>
>>
>> Anyhow, this appears to work just fine (or I'll get it soon).
>>
>> As for question about keystorepass srcstorepass and deststorepass, when I
>> run
>> keytool -importkeystore --help
>> I get identical output to what you have listed (both srcstorepass and
>> deststorepass)
>>
>> These items are on step 2 of the Steps for OM server guide. This step
>> also seems to work just fine for me.
>>
>> I think, for me at least, the real problem is step 3
>>
>> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
>> -keystorepass changeit -trustcacerts -file ca.crt
>>
>> Where keystorepass is not an option.
>>
>> Instead, if I just use -storepass it seems to work just fine :-)
>>
>> Thank you!
>> -Dave
>>
>>
>> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > All your steps sounds correct to me
>> > It works for me
>> > I got this "Allow Flash" message from browser only once
>> >
>> > then everything works flawlessly
>> >
>> > I can create recording with my steps after Jan, 9, if it will help ....
>> > not
>> > sure how :(
>> >
>> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
>> >>
>> >> I will get back to you on these questions on Tuesday if that is OK.
>> >>
>> >> I did manage to get openmeetings to work via https, I do not have it
>> >> fully scripted just yet, but close. This is using the self-signed CA
>> >> and cert method described on the link.
>> >>
>> >> The reason I wen't this way in the first place was because when I
>> >> enter an openmeetings room, I was not being presented a list of audio
>> >> hardware to use. I was told that chrome needs https to access
>> >> microphone.
>> >>
>> >> Well, even with the https, after enabling flash, after entering a room
>> >> I click gear widget. It has choose webcam: Disabled, choose microphone
>> >> disabled. On the right side it says: "Click to Enable Adobe Flash
>> >> Player". I click, flash player seems to enable OK (keep in mind this
>> >> is with PepperFlash). I can do recordings tests, etc.
>> >>
>> >> But still only option for microphone is Disabled. If I click widget
>> >> again, setting is the same.
>> >> If I restart chrome, and log back in, I do not have to enable flash
>> >> this time, but still for microphone option is Disabled
>> >>
>> >> I know chromium can see my audio hardware, if I go to chromium ->
>> >> settings -> content settings -> microphone, the correct device is
>> >> listed there. My only option is "Ask before accessing (recommended)",
>> >> otherwise mic is completely disabled. There are no sites listed in the
>> >> blocked or allowed lists below.
>> >>
>> >> It would seem openmeetings is not asking to chromium to use
>> >> microphone. Am I doing something wrong? Will the self signed cert
>> >> method work to enable this?
>> >>
>> >> -Dave
>> >>
>> >>
>> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik
>> >> <so...@gmail.com>
>> >> wrote:
>> >> > Do you have these options in your version?
>> >> > What is the error?
>> >> >
>> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem
>> >> >> to
>> >> >> accept an argument despite what the help page said.
>> >> >>
>> >> >> -Dave
>> >> >>
>> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
>> >> >> <so...@gmail.com>
>> >> >> wrote:
>> >> >> > here is mine output: (src and dest keystore options are
>> >> >> > highlighted)
>> >> >> >
>> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
>> >> >> > --help
>> >> >> >
>> >> >> > keytool -importkeystore [OPTION]...
>> >> >> >
>> >> >> > Imports one or all entries from another keystore
>> >> >> >
>> >> >> > Options:
>> >> >> >
>> >> >> > -srckeystore <srckeystore> source keystore name
>> >> >> > -destkeystore <destkeystore> destination keystore name
>> >> >> > -srcstoretype <srcstoretype> source keystore type
>> >> >> > -deststoretype <deststoretype> destination keystore type
>> >> >> > -srcstorepass <arg> source keystore password
>> >> >> > -deststorepass <arg> destination keystore
>> >> >> > password
>> >> >> > -srcprotected source keystore password
>> >> >> > protected
>> >> >> > -srcprovidername <srcprovidername> source keystore provider
>> >> >> > name
>> >> >> > -destprovidername <destprovidername> destination keystore
>> >> >> > provider
>> >> >> > name
>> >> >> > -srcalias <srcalias> source alias
>> >> >> > -destalias <destalias> destination alias
>> >> >> > -srckeypass <arg> source key password
>> >> >> > -destkeypass <arg> destination key password
>> >> >> > -noprompt do not prompt
>> >> >> > -providerclass <providerclass> provider class name
>> >> >> > -providerarg <arg> provider argument
>> >> >> > -providerpath <pathlist> provider classpath
>> >> >> > -v verbose output
>> >> >> >
>> >> >> > Use "keytool -help" for all available commands
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> keytool --help does not list -keystorepass as an option for me.
>> >> >> >> here
>> >> >> >> is what we have to work with:
>> >> >> >>
>> >> >> >> #which keytool
>> >> >> >> /usr/bin/keytool
>> >> >> >>
>> >> >> >> #namei /usr/bin/keytool
>> >> >> >> f: /usr/bin/keytool
>> >> >> >> d /
>> >> >> >> d usr
>> >> >> >> d bin
>> >> >> >> l keytool -> /etc/alternatives/keytool
>> >> >> >> d /
>> >> >> >> d etc
>> >> >> >> d alternatives
>> >> >> >> l keytool ->
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> >> d /
>> >> >> >> d usr
>> >> >> >> d lib
>> >> >> >> d jvm
>> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> >> d jre
>> >> >> >> d bin
>> >> >> >> - keytool
>> >> >> >>
>> >> >> >> #rpm -qf
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> >>
>> >> >> >> #keytool -help
>> >> >> >> Key and Certificate Management Tool
>> >> >> >>
>> >> >> >> Commands:
>> >> >> >>
>> >> >> >> -certreq Generates a certificate request
>> >> >> >> -changealias Changes an entry's alias
>> >> >> >> -delete Deletes an entry
>> >> >> >> -exportcert Exports certificate
>> >> >> >> -genkeypair Generates a key pair
>> >> >> >> -genseckey Generates a secret key
>> >> >> >> -gencert Generates certificate from a certificate
>> >> >> >> request
>> >> >> >> -importcert Imports a certificate or a certificate chain
>> >> >> >> -importpass Imports a password
>> >> >> >> -importkeystore Imports one or all entries from another
>> >> >> >> keystore
>> >> >> >> -keypasswd Changes the key password of an entry
>> >> >> >> -list Lists entries in a keystore
>> >> >> >> -printcert Prints the content of a certificate
>> >> >> >> -printcertreq Prints the content of a certificate request
>> >> >> >> -printcrl Prints the content of a CRL file
>> >> >> >> -storepasswd Changes the store password of a keystore
>> >> >> >>
>> >> >> >> Use "keytool -command_name -help" for usage of command_name
>> >> >> >>
>> >> >> >>
>> >> >> >> I think we have the openjdk on the linux (perhaps other platforms
>> >> >> >> too)
>> >> >> >> and not the Sun/oracle implementation so as to get around license
>> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
>> >> >> >> linux,
>> >> >> >> it
>> >> >> >> doesn't have keystorepass either.
>> >> >> >>
>> >> >> >>
>> >> >> >> -Dave
>> >> >> >>
>> >> >> >>
>> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
>> >> >> >> <so...@gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Can you run "keytool --help" and check possible options?
>> >> >> >> >
>> >> >> >> > For real server it might be better to set up "let's encrypt"
>> >> >> >> > free
>> >> >> >> > certificate (script was posted some time ago)
>> >> >> >> >
>> >> >> >> > WBR, Maxim
>> >> >> >> > (from mobile, sorry for the typos)
>> >> >> >> >
>> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> I am working through these steps on rhel6 which is a close
>> >> >> >> >> cousin
>> >> >> >> >> to
>> >> >> >> >> centos 6.
>> >> >> >> >>
>> >> >> >> >> I have the same issue, -keystorepass is not a valid argument
>> >> >> >> >> to
>> >> >> >> >> keytool.
>> >> >> >> >>
>> >> >> >> >> Instead, you can just leave that argument off (and the pass )
>> >> >> >> >> since
>> >> >> >> >> then keytool will just prompt.
>> >> >> >> >>
>> >> >> >> >> This still poses a problem for me because I am trying to have
>> >> >> >> >> the
>> >> >> >> >> entire setup in a script. Perhaps I can write an expect script
>> >> >> >> >> just
>> >> >> >> >> for this one line.
>> >> >> >> >>
>> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
>> >> >> >> >> turns
>> >> >> >> >> out
>> >> >> >> >> my version of chrome requires it for sound.
>> >> >> >> >>
>> >> >> >> >> -Dave
>> >> >> >> >>
>> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> >> >> >> <p....@fort.crimea.com> wrote:
>> >> >> >> >> > I do all by this instruction
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> > except
>> >> >> >> >> > create in the beginning red5.key and red5.crt.
>> >> >> >> >> >
>> >> >> >> >> > In instruction error on this command:
>> >> >> >> >> > keytool -import -alias root -keystore
>> >> >> >> >> > /opt/red5401/conf/keystore.jks
>> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Error:
>> >> >> >> >> > illegal option: -keystorepass
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > In documentation
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >> > not exist that option so
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> > is
>> >> >> >> >> > not
>> >> >> >> >> > can’t be used, not relevant.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > To: Openmeetings user-list
>> >> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Please read documentation [1] and use search before asking
>> >> >> >> >> > questions
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit"
>> >> >> >> >> > this
>> >> >> >> >> > means
>> >> >> >> >> > "red5.p12" MUST have password "changeit"
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > [1]
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >> >
>> >> >> >> >> > [2]
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> >> > wrote:
>> >> >> >> >> >
>> >> >> >> >> > Ø The idea here is…
>> >> >> >> >> >
>> >> >> >> >> > I can’t do this idea in practice, something doing not right.
>> >> >> >> >> > I
>> >> >> >> >> > create
>> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
>> >> >> >> >> > enough
>> >> >> >> >> > information
>> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
>> >> >> >> >> > have
>> >> >> >> >> > ‘real’
>> >> >> >> >> > certificate.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Ø At the moment you are starting #3 above there should be
>> >> >> >> >> > NO
>> >> >> >> >> > keystore.jks,
>> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
>> >> >> >> >> >
>> >> >> >> >> > What means #3?
>> >> >> >> >> >
>> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
>> >> >> >> >> > *jmx.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >> >> >> >
>> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
>> >> >> >> >> > -newkey
>> >> >> >> >> > rsa:2048
>> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
>> >> >> >> >> > /opt/prytsepov/red5.crt” I
>> >> >> >> >> > enter
>> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password.
>> >> >> >> >> > If
>> >> >> >> >> > like
>> >> >> >> >> > that
>> >> >> >> >> > I
>> >> >> >> >> > still have this error.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> >> >> >> > To: Openmeetings user-list
>> >> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > The idea here is
>> >> >> >> >> >
>> >> >> >> >> > 1) you are creating self-signed certificate (prerequisite)
>> >> >> >> >> > ->
>> >> >> >> >> > red5.crt
>> >> >> >> >> >
>> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
>> >> >> >> >> > red5.p12
>> >> >> >> >> >
>> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
>> >> >> >> >> > keystore.jks
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > At the moment you are starting #3 above there should be NO
>> >> >> >> >> > keystore.jks,
>> >> >> >> >> > you
>> >> >> >> >> > already have renamed it to *.bak (prerequisite)
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Finally you are renaming passwords, they MUST match
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> >> > wrote:
>> >> >> >> >> >
>> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> >> > Subject: RE: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> >> > Subject: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Use this instruction
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> >> >> >> > For
>> >> >> >> >> > beginning I configure self-signed certificate.
>> >> >> >> >> >
>> >> >> >> >> > Not all in instruction was wrote, so what I do first before
>> >> >> >> >> > instruction
>> >> >> >> >> > is
>> >> >> >> >> > create self-signed sertificate:
>> >> >> >> >> >
>> >> >> >> >> > su -
>> >> >> >> >> > mkdir /opt/prytsepov
>> >> >> >> >> >
>> >> >> >> >> > cd /opt/prytsepov
>> >> >> >> >> >
>> >> >> >> >> > yum install mod_ssl
>> >> >> >> >> >
>> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048
>> >> >> >> >> > -keyout
>> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Then I do by instruction:
>> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On
>> >> >> >> >> > this
>> >> >> >> >> > step
>> >> >> >> >> > password
>> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
>> >> >> >> >> > red5.key
>> >> >> >> >> > -out
>> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >> >> >> >
>> >> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
>> >> >> >> >> > red5.p12
>> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Here I see errors:
>> >> >> >> >> >
>> >> >> >> >> > keytool error:java.io.IOException:keystore password was
>> >> >> >> >> > incorrect
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > --
>> >> >> >> >> >
>> >> >> >> >> > WBR
>> >> >> >> >> > Maxim aka solomax
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > --
>> >> >> >> >> >
>> >> >> >> >> > WBR
>> >> >> >> >> > Maxim aka solomax
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > WBR
>> >> >> > Maxim aka solomax
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > WBR
>> >> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
I guess "keystorepass" should be "storepass" could you check on your system?
*keytool -import --help*
keytool -importcert [OPTION]...
Imports a certificate or a certificate chain
Options:
-noprompt do not prompt
-trustcacerts trust certificates from cacerts
-protected password through protected mechanism
-alias <alias> alias name of the entry to process
-file <filename> input file name
-keypass <arg> key password
-keystore <keystore> keystore name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
> So I think I may have found the solution. May not have needed https
> all along. I know this is a bit off topic for the original thread, but
> I do not mean to create more work, so I will respond here.
>
> Still a bit preliminary here. Will post new details if I find them.
>
> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
>
> If I click the (i) in the address bar for my specific site, then click
> site settings, I can then switch microphone to "Allow" instead of
> "Ask(default)". I also do the same for flash.
>
>
> Anyhow, this appears to work just fine (or I'll get it soon).
>
> As for question about keystorepass srcstorepass and deststorepass, when I
> run
> keytool -importkeystore --help
> I get identical output to what you have listed (both srcstorepass and
> deststorepass)
>
> These items are on step 2 of the Steps for OM server guide. This step
> also seems to work just fine for me.
>
> I think, for me at least, the real problem is step 3
>
> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
> -keystorepass changeit -trustcacerts -file ca.crt
>
> Where keystorepass is not an option.
>
> Instead, if I just use -storepass it seems to work just fine :-)
>
> Thank you!
> -Dave
>
>
> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > All your steps sounds correct to me
> > It works for me
> > I got this "Allow Flash" message from browser only once
> >
> > then everything works flawlessly
> >
> > I can create recording with my steps after Jan, 9, if it will help ....
> not
> > sure how :(
> >
> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> I will get back to you on these questions on Tuesday if that is OK.
> >>
> >> I did manage to get openmeetings to work via https, I do not have it
> >> fully scripted just yet, but close. This is using the self-signed CA
> >> and cert method described on the link.
> >>
> >> The reason I wen't this way in the first place was because when I
> >> enter an openmeetings room, I was not being presented a list of audio
> >> hardware to use. I was told that chrome needs https to access
> >> microphone.
> >>
> >> Well, even with the https, after enabling flash, after entering a room
> >> I click gear widget. It has choose webcam: Disabled, choose microphone
> >> disabled. On the right side it says: "Click to Enable Adobe Flash
> >> Player". I click, flash player seems to enable OK (keep in mind this
> >> is with PepperFlash). I can do recordings tests, etc.
> >>
> >> But still only option for microphone is Disabled. If I click widget
> >> again, setting is the same.
> >> If I restart chrome, and log back in, I do not have to enable flash
> >> this time, but still for microphone option is Disabled
> >>
> >> I know chromium can see my audio hardware, if I go to chromium ->
> >> settings -> content settings -> microphone, the correct device is
> >> listed there. My only option is "Ask before accessing (recommended)",
> >> otherwise mic is completely disabled. There are no sites listed in the
> >> blocked or allowed lists below.
> >>
> >> It would seem openmeetings is not asking to chromium to use
> >> microphone. Am I doing something wrong? Will the self signed cert
> >> method work to enable this?
> >>
> >> -Dave
> >>
> >>
> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <solomax666@gmail.com
> >
> >> wrote:
> >> > Do you have these options in your version?
> >> > What is the error?
> >> >
> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
> wrote:
> >> >>
> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
> >> >> accept an argument despite what the help page said.
> >> >>
> >> >> -Dave
> >> >>
> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > here is mine output: (src and dest keystore options are
> highlighted)
> >> >> >
> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
> --help
> >> >> >
> >> >> > keytool -importkeystore [OPTION]...
> >> >> >
> >> >> > Imports one or all entries from another keystore
> >> >> >
> >> >> > Options:
> >> >> >
> >> >> > -srckeystore <srckeystore> source keystore name
> >> >> > -destkeystore <destkeystore> destination keystore name
> >> >> > -srcstoretype <srcstoretype> source keystore type
> >> >> > -deststoretype <deststoretype> destination keystore type
> >> >> > -srcstorepass <arg> source keystore password
> >> >> > -deststorepass <arg> destination keystore
> password
> >> >> > -srcprotected source keystore password
> >> >> > protected
> >> >> > -srcprovidername <srcprovidername> source keystore provider
> name
> >> >> > -destprovidername <destprovidername> destination keystore
> provider
> >> >> > name
> >> >> > -srcalias <srcalias> source alias
> >> >> > -destalias <destalias> destination alias
> >> >> > -srckeypass <arg> source key password
> >> >> > -destkeypass <arg> destination key password
> >> >> > -noprompt do not prompt
> >> >> > -providerclass <providerclass> provider class name
> >> >> > -providerarg <arg> provider argument
> >> >> > -providerpath <pathlist> provider classpath
> >> >> > -v verbose output
> >> >> >
> >> >> > Use "keytool -help" for all available commands
> >> >> >
> >> >> >
> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> keytool --help does not list -keystorepass as an option for me.
> here
> >> >> >> is what we have to work with:
> >> >> >>
> >> >> >> #which keytool
> >> >> >> /usr/bin/keytool
> >> >> >>
> >> >> >> #namei /usr/bin/keytool
> >> >> >> f: /usr/bin/keytool
> >> >> >> d /
> >> >> >> d usr
> >> >> >> d bin
> >> >> >> l keytool -> /etc/alternatives/keytool
> >> >> >> d /
> >> >> >> d etc
> >> >> >> d alternatives
> >> >> >> l keytool ->
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> d /
> >> >> >> d usr
> >> >> >> d lib
> >> >> >> d jvm
> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> d jre
> >> >> >> d bin
> >> >> >> - keytool
> >> >> >>
> >> >> >> #rpm -qf
> >> >> >>
> >> >> >>
> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >>
> >> >> >> #keytool -help
> >> >> >> Key and Certificate Management Tool
> >> >> >>
> >> >> >> Commands:
> >> >> >>
> >> >> >> -certreq Generates a certificate request
> >> >> >> -changealias Changes an entry's alias
> >> >> >> -delete Deletes an entry
> >> >> >> -exportcert Exports certificate
> >> >> >> -genkeypair Generates a key pair
> >> >> >> -genseckey Generates a secret key
> >> >> >> -gencert Generates certificate from a certificate
> >> >> >> request
> >> >> >> -importcert Imports a certificate or a certificate chain
> >> >> >> -importpass Imports a password
> >> >> >> -importkeystore Imports one or all entries from another
> >> >> >> keystore
> >> >> >> -keypasswd Changes the key password of an entry
> >> >> >> -list Lists entries in a keystore
> >> >> >> -printcert Prints the content of a certificate
> >> >> >> -printcertreq Prints the content of a certificate request
> >> >> >> -printcrl Prints the content of a CRL file
> >> >> >> -storepasswd Changes the store password of a keystore
> >> >> >>
> >> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >> >>
> >> >> >>
> >> >> >> I think we have the openjdk on the linux (perhaps other platforms
> >> >> >> too)
> >> >> >> and not the Sun/oracle implementation so as to get around license
> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
> linux,
> >> >> >> it
> >> >> >> doesn't have keystorepass either.
> >> >> >>
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >>
> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> >> <so...@gmail.com>
> >> >> >> wrote:
> >> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >> >
> >> >> >> > For real server it might be better to set up "let's encrypt"
> free
> >> >> >> > certificate (script was posted some time ago)
> >> >> >> >
> >> >> >> > WBR, Maxim
> >> >> >> > (from mobile, sorry for the typos)
> >> >> >> >
> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
> wrote:
> >> >> >> >>
> >> >> >> >> I am working through these steps on rhel6 which is a close
> cousin
> >> >> >> >> to
> >> >> >> >> centos 6.
> >> >> >> >>
> >> >> >> >> I have the same issue, -keystorepass is not a valid argument to
> >> >> >> >> keytool.
> >> >> >> >>
> >> >> >> >> Instead, you can just leave that argument off (and the pass )
> >> >> >> >> since
> >> >> >> >> then keytool will just prompt.
> >> >> >> >>
> >> >> >> >> This still poses a problem for me because I am trying to have
> the
> >> >> >> >> entire setup in a script. Perhaps I can write an expect script
> >> >> >> >> just
> >> >> >> >> for this one line.
> >> >> >> >>
> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
> >> >> >> >> turns
> >> >> >> >> out
> >> >> >> >> my version of chrome requires it for sound.
> >> >> >> >>
> >> >> >> >> -Dave
> >> >> >> >>
> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> >> > I do all by this instruction
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> > except
> >> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >> >
> >> >> >> >> > In instruction error on this command:
> >> >> >> >> > keytool -import -alias root -keystore
> >> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Error:
> >> >> >> >> > illegal option: -keystorepass
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > In documentation
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> > not exist that option so
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> > is
> >> >> >> >> > not
> >> >> >> >> > can’t be used, not relevant.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> >> > questions
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
> >> >> >> >> > means
> >> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > [1]
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >
> >> >> >> >> > [2]
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> > wrote:
> >> >> >> >> >
> >> >> >> >> > Ø The idea here is…
> >> >> >> >> >
> >> >> >> >> > I can’t do this idea in practice, something doing not right.
> I
> >> >> >> >> > create
> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
> enough
> >> >> >> >> > information
> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
> have
> >> >> >> >> > ‘real’
> >> >> >> >> > certificate.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Ø At the moment you are starting #3 above there should be NO
> >> >> >> >> > keystore.jks,
> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >> >
> >> >> >> >> > What means #3?
> >> >> >> >> >
> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
> >> >> >> >> > *jmx.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >> >
> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> >> >> >> >> > -newkey
> >> >> >> >> > rsa:2048
> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
> /opt/prytsepov/red5.crt” I
> >> >> >> >> > enter
> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
> >> >> >> >> > like
> >> >> >> >> > that
> >> >> >> >> > I
> >> >> >> >> > still have this error.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > The idea here is
> >> >> >> >> >
> >> >> >> >> > 1) you are creating self-signed certificate (prerequisite)
> ->
> >> >> >> >> > red5.crt
> >> >> >> >> >
> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> >> > red5.p12
> >> >> >> >> >
> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> >> > keystore.jks
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> >> > keystore.jks,
> >> >> >> >> > you
> >> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> > wrote:
> >> >> >> >> >
> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> > Subject: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Use this instruction
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> >> > For
> >> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >> >
> >> >> >> >> > Not all in instruction was wrote, so what I do first before
> >> >> >> >> > instruction
> >> >> >> >> > is
> >> >> >> >> > create self-signed sertificate:
> >> >> >> >> >
> >> >> >> >> > su -
> >> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >> >
> >> >> >> >> > cd /opt/prytsepov
> >> >> >> >> >
> >> >> >> >> > yum install mod_ssl
> >> >> >> >> >
> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Then I do by instruction:
> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
> >> >> >> >> > step
> >> >> >> >> > password
> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
> red5.key
> >> >> >> >> > -out
> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >> >
> >> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
> >> >> >> >> > red5.p12
> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Here I see errors:
> >> >> >> >> >
> >> >> >> >> > keytool error:java.io.IOException:keystore password was
> >> >> >> >> > incorrect
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --
> >> >> >> >> >
> >> >> >> >> > WBR
> >> >> >> >> > Maxim aka solomax
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --
> >> >> >> >> >
> >> >> >> >> > WBR
> >> >> >> >> > Maxim aka solomax
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > WBR
> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
So I think I may have found the solution. May not have needed https
all along. I know this is a bit off topic for the original thread, but
I do not mean to create more work, so I will respond here.
Still a bit preliminary here. Will post new details if I find them.
have chromium-browser-63.0.3239.84-1.el6_9.x86_64
If I click the (i) in the address bar for my specific site, then click
site settings, I can then switch microphone to "Allow" instead of
"Ask(default)". I also do the same for flash.
Anyhow, this appears to work just fine (or I'll get it soon).
As for question about keystorepass srcstorepass and deststorepass, when I run
keytool -importkeystore --help
I get identical output to what you have listed (both srcstorepass and
deststorepass)
These items are on step 2 of the Steps for OM server guide. This step
also seems to work just fine for me.
I think, for me at least, the real problem is step 3
keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
-keystorepass changeit -trustcacerts -file ca.crt
Where keystorepass is not an option.
Instead, if I just use -storepass it seems to work just fine :-)
Thank you!
-Dave
On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com> wrote:
> All your steps sounds correct to me
> It works for me
> I got this "Allow Flash" message from browser only once
>
> then everything works flawlessly
>
> I can create recording with my steps after Jan, 9, if it will help .... not
> sure how :(
>
> On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
>>
>> I will get back to you on these questions on Tuesday if that is OK.
>>
>> I did manage to get openmeetings to work via https, I do not have it
>> fully scripted just yet, but close. This is using the self-signed CA
>> and cert method described on the link.
>>
>> The reason I wen't this way in the first place was because when I
>> enter an openmeetings room, I was not being presented a list of audio
>> hardware to use. I was told that chrome needs https to access
>> microphone.
>>
>> Well, even with the https, after enabling flash, after entering a room
>> I click gear widget. It has choose webcam: Disabled, choose microphone
>> disabled. On the right side it says: "Click to Enable Adobe Flash
>> Player". I click, flash player seems to enable OK (keep in mind this
>> is with PepperFlash). I can do recordings tests, etc.
>>
>> But still only option for microphone is Disabled. If I click widget
>> again, setting is the same.
>> If I restart chrome, and log back in, I do not have to enable flash
>> this time, but still for microphone option is Disabled
>>
>> I know chromium can see my audio hardware, if I go to chromium ->
>> settings -> content settings -> microphone, the correct device is
>> listed there. My only option is "Ask before accessing (recommended)",
>> otherwise mic is completely disabled. There are no sites listed in the
>> blocked or allowed lists below.
>>
>> It would seem openmeetings is not asking to chromium to use
>> microphone. Am I doing something wrong? Will the self signed cert
>> method work to enable this?
>>
>> -Dave
>>
>>
>> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > Do you have these options in your version?
>> > What is the error?
>> >
>> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
>> >>
>> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
>> >> accept an argument despite what the help page said.
>> >>
>> >> -Dave
>> >>
>> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
>> >> <so...@gmail.com>
>> >> wrote:
>> >> > here is mine output: (src and dest keystore options are highlighted)
>> >> >
>> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
>> >> >
>> >> > keytool -importkeystore [OPTION]...
>> >> >
>> >> > Imports one or all entries from another keystore
>> >> >
>> >> > Options:
>> >> >
>> >> > -srckeystore <srckeystore> source keystore name
>> >> > -destkeystore <destkeystore> destination keystore name
>> >> > -srcstoretype <srcstoretype> source keystore type
>> >> > -deststoretype <deststoretype> destination keystore type
>> >> > -srcstorepass <arg> source keystore password
>> >> > -deststorepass <arg> destination keystore password
>> >> > -srcprotected source keystore password
>> >> > protected
>> >> > -srcprovidername <srcprovidername> source keystore provider name
>> >> > -destprovidername <destprovidername> destination keystore provider
>> >> > name
>> >> > -srcalias <srcalias> source alias
>> >> > -destalias <destalias> destination alias
>> >> > -srckeypass <arg> source key password
>> >> > -destkeypass <arg> destination key password
>> >> > -noprompt do not prompt
>> >> > -providerclass <providerclass> provider class name
>> >> > -providerarg <arg> provider argument
>> >> > -providerpath <pathlist> provider classpath
>> >> > -v verbose output
>> >> >
>> >> > Use "keytool -help" for all available commands
>> >> >
>> >> >
>> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> keytool --help does not list -keystorepass as an option for me. here
>> >> >> is what we have to work with:
>> >> >>
>> >> >> #which keytool
>> >> >> /usr/bin/keytool
>> >> >>
>> >> >> #namei /usr/bin/keytool
>> >> >> f: /usr/bin/keytool
>> >> >> d /
>> >> >> d usr
>> >> >> d bin
>> >> >> l keytool -> /etc/alternatives/keytool
>> >> >> d /
>> >> >> d etc
>> >> >> d alternatives
>> >> >> l keytool ->
>> >> >>
>> >> >>
>> >> >>
>> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> d /
>> >> >> d usr
>> >> >> d lib
>> >> >> d jvm
>> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> d jre
>> >> >> d bin
>> >> >> - keytool
>> >> >>
>> >> >> #rpm -qf
>> >> >>
>> >> >>
>> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>> >> >>
>> >> >> #keytool -help
>> >> >> Key and Certificate Management Tool
>> >> >>
>> >> >> Commands:
>> >> >>
>> >> >> -certreq Generates a certificate request
>> >> >> -changealias Changes an entry's alias
>> >> >> -delete Deletes an entry
>> >> >> -exportcert Exports certificate
>> >> >> -genkeypair Generates a key pair
>> >> >> -genseckey Generates a secret key
>> >> >> -gencert Generates certificate from a certificate
>> >> >> request
>> >> >> -importcert Imports a certificate or a certificate chain
>> >> >> -importpass Imports a password
>> >> >> -importkeystore Imports one or all entries from another
>> >> >> keystore
>> >> >> -keypasswd Changes the key password of an entry
>> >> >> -list Lists entries in a keystore
>> >> >> -printcert Prints the content of a certificate
>> >> >> -printcertreq Prints the content of a certificate request
>> >> >> -printcrl Prints the content of a CRL file
>> >> >> -storepasswd Changes the store password of a keystore
>> >> >>
>> >> >> Use "keytool -command_name -help" for usage of command_name
>> >> >>
>> >> >>
>> >> >> I think we have the openjdk on the linux (perhaps other platforms
>> >> >> too)
>> >> >> and not the Sun/oracle implementation so as to get around license
>> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux,
>> >> >> it
>> >> >> doesn't have keystorepass either.
>> >> >>
>> >> >>
>> >> >> -Dave
>> >> >>
>> >> >>
>> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
>> >> >> <so...@gmail.com>
>> >> >> wrote:
>> >> >> > Can you run "keytool --help" and check possible options?
>> >> >> >
>> >> >> > For real server it might be better to set up "let's encrypt" free
>> >> >> > certificate (script was posted some time ago)
>> >> >> >
>> >> >> > WBR, Maxim
>> >> >> > (from mobile, sorry for the typos)
>> >> >> >
>> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
>> >> >> >>
>> >> >> >> I am working through these steps on rhel6 which is a close cousin
>> >> >> >> to
>> >> >> >> centos 6.
>> >> >> >>
>> >> >> >> I have the same issue, -keystorepass is not a valid argument to
>> >> >> >> keytool.
>> >> >> >>
>> >> >> >> Instead, you can just leave that argument off (and the pass )
>> >> >> >> since
>> >> >> >> then keytool will just prompt.
>> >> >> >>
>> >> >> >> This still poses a problem for me because I am trying to have the
>> >> >> >> entire setup in a script. Perhaps I can write an expect script
>> >> >> >> just
>> >> >> >> for this one line.
>> >> >> >>
>> >> >> >> Anyhow, I will work to further get SSL working next year. It
>> >> >> >> turns
>> >> >> >> out
>> >> >> >> my version of chrome requires it for sound.
>> >> >> >>
>> >> >> >> -Dave
>> >> >> >>
>> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> >> >> <p....@fort.crimea.com> wrote:
>> >> >> >> > I do all by this instruction
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> > except
>> >> >> >> > create in the beginning red5.key and red5.crt.
>> >> >> >> >
>> >> >> >> > In instruction error on this command:
>> >> >> >> > keytool -import -alias root -keystore
>> >> >> >> > /opt/red5401/conf/keystore.jks
>> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Error:
>> >> >> >> > illegal option: -keystorepass
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > In documentation
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> > not exist that option so
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> > is
>> >> >> >> > not
>> >> >> >> > can’t be used, not relevant.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > To: Openmeetings user-list
>> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Please read documentation [1] and use search before asking
>> >> >> >> > questions
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
>> >> >> >> > means
>> >> >> >> > "red5.p12" MUST have password "changeit"
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > [1]
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >
>> >> >> >> > [2]
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> > wrote:
>> >> >> >> >
>> >> >> >> > Ø The idea here is…
>> >> >> >> >
>> >> >> >> > I can’t do this idea in practice, something doing not right. I
>> >> >> >> > create
>> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> >> >> >> > information
>> >> >> >> > in instruction to do this fast step-by-step. Later I will have
>> >> >> >> > ‘real’
>> >> >> >> > certificate.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Ø At the moment you are starting #3 above there should be NO
>> >> >> >> > keystore.jks,
>> >> >> >> > you already have renamed it to *.bak (prerequisite)
>> >> >> >> >
>> >> >> >> > What means #3?
>> >> >> >> >
>> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
>> >> >> >> > *jmx.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >> >> >
>> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
>> >> >> >> > -newkey
>> >> >> >> > rsa:2048
>> >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
>> >> >> >> > enter
>> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
>> >> >> >> > like
>> >> >> >> > that
>> >> >> >> > I
>> >> >> >> > still have this error.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> >> >> > To: Openmeetings user-list
>> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > The idea here is
>> >> >> >> >
>> >> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
>> >> >> >> > red5.crt
>> >> >> >> >
>> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
>> >> >> >> > red5.p12
>> >> >> >> >
>> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
>> >> >> >> > keystore.jks
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > At the moment you are starting #3 above there should be NO
>> >> >> >> > keystore.jks,
>> >> >> >> > you
>> >> >> >> > already have renamed it to *.bak (prerequisite)
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Finally you are renaming passwords, they MUST match
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> > wrote:
>> >> >> >> >
>> >> >> >> > Its standard, line “jmx.keystorepass=password”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> > Subject: RE: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> > Subject: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Use this instruction
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> >> >> > For
>> >> >> >> > beginning I configure self-signed certificate.
>> >> >> >> >
>> >> >> >> > Not all in instruction was wrote, so what I do first before
>> >> >> >> > instruction
>> >> >> >> > is
>> >> >> >> > create self-signed sertificate:
>> >> >> >> >
>> >> >> >> > su -
>> >> >> >> > mkdir /opt/prytsepov
>> >> >> >> >
>> >> >> >> > cd /opt/prytsepov
>> >> >> >> >
>> >> >> >> > yum install mod_ssl
>> >> >> >> >
>> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Then I do by instruction:
>> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
>> >> >> >> > step
>> >> >> >> > password
>> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
>> >> >> >> > -out
>> >> >> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >> >> >
>> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
>> >> >> >> > red5.p12
>> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Here I see errors:
>> >> >> >> >
>> >> >> >> > keytool error:java.io.IOException:keystore password was
>> >> >> >> > incorrect
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> >
>> >> >> >> > WBR
>> >> >> >> > Maxim aka solomax
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> >
>> >> >> >> > WBR
>> >> >> >> > Maxim aka solomax
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > WBR
>> >> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax