You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/11/09 03:42:43 UTC
svn commit: r1768826 - in /openmeetings:
application/branches/3.1.x/openmeetings-server/src/site/xdoc/
application/branches/3.2.x/openmeetings-server/src/site/xdoc/
application/trunk/openmeetings-server/src/site/xdoc/ site/trunk/
Author: solomax
Date: Wed Nov 9 03:42:42 2016
New Revision: 1768826
URL: http://svn.apache.org/viewvc?rev=1768826&view=rev
Log:
no jira: RTMPS documentation is improved
Modified:
openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
openmeetings/application/trunk/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
openmeetings/site/trunk/RTMPSAndHTTPS.html
Modified: openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml?rev=1768826&r1=1768825&r2=1768826&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml Wed Nov 9 03:42:42 2016
@@ -45,7 +45,7 @@
<li>Rename the existing truststore file <tt>red5/conf/truststore.jmx</tt> to <tt>red5/conf/truststore.bak</tt></li>
</ul>
</section>
- <section name="Configuring RTMPS for the Flash Client">
+ <section name="Create Keystore from the scratch (*)">
<ol>
<li>
Create a new keystore and key, use the same password for both:<br/>
@@ -90,6 +90,48 @@ Enter key password for <red5>
</li>
<li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
+ </li>
+ <li>Create additional certificate as described above.
+ Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
+ screen-sharing web application, you can copy "main" keystore while testing)
+ </li>
+ </ol>
+ </section>
+ <section name="Create Keystore using existing key-pair (**)">
+ <p>Prerequicites:</p>
+ <ul>
+ <li>Server key: red5.key</li>
+ <li>Signed CSR: red5.crt</li>
+ <li>CA's root certificate: root.crt</li>
+ <li>** Intermediate certificate(s): intermedXX.crt</li>
+ </ul>
+ <ol>
+ <li>
+ Export existing keys into PKCS12 format:<br/>
+ <br/><source><![CDATA[
+openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt
+
+Enter Export Password: password
+Verifying - Enter Export Password: password
+]]></source>
+ </li>
+ <li>Import resulting red5.p12 into keystore: <source><![CDATA[
+keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore -alias red5
+]]></source>
+ </li>
+ <li>Import your chosen CA's root certificate into the keystore (may
+ need to download it from their site - make sure to get the root CA and
+ not the intermediate one):
+ <source><![CDATA[keytool -import -alias root -keystore red5/conf/keystore -trustcacerts -file root.crt]]></source>
+ (note: you may receive a warning that the certificate already exists in the system wide keystore - import
+ anyway)
+ </li>
+ <li>Import the intermediate certificate(s) you normally receive with
+ the certificate:
+ <source><![CDATA[keytool -import -alias intermed -keystore red5/conf/keystore -trustcacerts -file intermedXX.crt]]></source>
+ </li>
+ <li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
+ guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
</li>
<li>Create additional certificate as described above.
Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
Modified: openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml?rev=1768826&r1=1768825&r2=1768826&view=diff
==============================================================================
--- openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml (original)
+++ openmeetings/application/branches/3.2.x/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml Wed Nov 9 03:42:42 2016
@@ -45,7 +45,7 @@
<li>Rename the existing truststore file <tt>red5/conf/truststore.jmx</tt> to <tt>red5/conf/truststore.bak</tt></li>
</ul>
</section>
- <section name="Configuring RTMPS for the Flash Client">
+ <section name="Create Keystore from the scratch (*)">
<ol>
<li>
Create a new keystore and key, use the same password for both:<br/>
@@ -90,6 +90,48 @@ Enter key password for <red5>
</li>
<li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
+ </li>
+ <li>Create additional certificate as described above.
+ Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
+ screen-sharing web application, you can copy "main" keystore while testing)
+ </li>
+ </ol>
+ </section>
+ <section name="Create Keystore using existing key-pair (**)">
+ <p>Prerequicites:</p>
+ <ul>
+ <li>Server key: red5.key</li>
+ <li>Signed CSR: red5.crt</li>
+ <li>CA's root certificate: root.crt</li>
+ <li>** Intermediate certificate(s): intermedXX.crt</li>
+ </ul>
+ <ol>
+ <li>
+ Export existing keys into PKCS12 format:<br/>
+ <br/><source><![CDATA[
+openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt
+
+Enter Export Password: password
+Verifying - Enter Export Password: password
+]]></source>
+ </li>
+ <li>Import resulting red5.p12 into keystore: <source><![CDATA[
+keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore -alias red5
+]]></source>
+ </li>
+ <li>Import your chosen CA's root certificate into the keystore (may
+ need to download it from their site - make sure to get the root CA and
+ not the intermediate one):
+ <source><![CDATA[keytool -import -alias root -keystore red5/conf/keystore -trustcacerts -file root.crt]]></source>
+ (note: you may receive a warning that the certificate already exists in the system wide keystore - import
+ anyway)
+ </li>
+ <li>Import the intermediate certificate(s) you normally receive with
+ the certificate:
+ <source><![CDATA[keytool -import -alias intermed -keystore red5/conf/keystore -trustcacerts -file intermedXX.crt]]></source>
+ </li>
+ <li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
+ guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
</li>
<li>Create additional certificate as described above.
Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
Modified: openmeetings/application/trunk/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml?rev=1768826&r1=1768825&r2=1768826&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml (original)
+++ openmeetings/application/trunk/openmeetings-server/src/site/xdoc/RTMPSAndHTTPS.xml Wed Nov 9 03:42:42 2016
@@ -45,7 +45,7 @@
<li>Rename the existing truststore file <tt>red5/conf/truststore.jmx</tt> to <tt>red5/conf/truststore.bak</tt></li>
</ul>
</section>
- <section name="Configuring RTMPS for the Flash Client">
+ <section name="Create Keystore from the scratch (*)">
<ol>
<li>
Create a new keystore and key, use the same password for both:<br/>
@@ -90,6 +90,48 @@ Enter key password for <red5>
</li>
<li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
+ </li>
+ <li>Create additional certificate as described above.
+ Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
+ screen-sharing web application, you can copy "main" keystore while testing)
+ </li>
+ </ol>
+ </section>
+ <section name="Create Keystore using existing key-pair (**)">
+ <p>Prerequicites:</p>
+ <ul>
+ <li>Server key: red5.key</li>
+ <li>Signed CSR: red5.crt</li>
+ <li>CA's root certificate: root.crt</li>
+ <li>** Intermediate certificate(s): intermedXX.crt</li>
+ </ul>
+ <ol>
+ <li>
+ Export existing keys into PKCS12 format:<br/>
+ <br/><source><![CDATA[
+openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt
+
+Enter Export Password: password
+Verifying - Enter Export Password: password
+]]></source>
+ </li>
+ <li>Import resulting red5.p12 into keystore: <source><![CDATA[
+keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore -alias red5
+]]></source>
+ </li>
+ <li>Import your chosen CA's root certificate into the keystore (may
+ need to download it from their site - make sure to get the root CA and
+ not the intermediate one):
+ <source><![CDATA[keytool -import -alias root -keystore red5/conf/keystore -trustcacerts -file root.crt]]></source>
+ (note: you may receive a warning that the certificate already exists in the system wide keystore - import
+ anyway)
+ </li>
+ <li>Import the intermediate certificate(s) you normally receive with
+ the certificate:
+ <source><![CDATA[keytool -import -alias intermed -keystore red5/conf/keystore -trustcacerts -file intermedXX.crt]]></source>
+ </li>
+ <li>Please NOTE according to this <a href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
+ guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
</li>
<li>Create additional certificate as described above.
Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
Modified: openmeetings/site/trunk/RTMPSAndHTTPS.html
URL: http://svn.apache.org/viewvc/openmeetings/site/trunk/RTMPSAndHTTPS.html?rev=1768826&r1=1768825&r2=1768826&view=diff
==============================================================================
--- openmeetings/site/trunk/RTMPSAndHTTPS.html (original)
+++ openmeetings/site/trunk/RTMPSAndHTTPS.html Wed Nov 9 03:42:42 2016
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-09-23
+ | Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-11-09
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="author" content="Apache OpenMeetings Team" />
- <meta name="Date-Revision-yyyymmdd" content="20160923" />
+ <meta name="Date-Revision-yyyymmdd" content="20161109" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache OpenMeetings Project – Using OpenMeetings with RTMPS and HTTPS</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5.min.css" />
@@ -42,7 +42,7 @@
<div id="breadcrumbs">
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2016-09-23
+ <li id="publishDate">Last Published: 2016-11-09
</li>
@@ -799,7 +799,7 @@
</div>
<div class="section">
-<h2><a name="Configuring_RTMPS_for_the_Flash_Client"></a>Configuring RTMPS for the Flash Client</h2>
+<h2><a name="Create_Keystore_from_the_scratch_"></a>Create Keystore from the scratch (*)</h2>
<ol style="list-style-type: decimal">
@@ -856,6 +856,67 @@ Enter key password for <red5>
</li>
<li>Please NOTE according to this <a class="externalLink" href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
+ guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
+ </li>
+
+<li>Create additional certificate as described above.
+ Add this certificate to the following keystores: <tt>red5/conf/keystore.screen</tt> and <tt>red5/conf/keystore</tt>. (This step is required to be able to use
+ screen-sharing web application, you can copy "main" keystore while testing)
+ </li>
+ </ol>
+ </div>
+
+<div class="section">
+<h2><a name="Create_Keystore_using_existing_key-pair_"></a>Create Keystore using existing key-pair (**)</h2>
+
+<p>Prerequicites:</p>
+
+<ul>
+
+<li>Server key: red5.key</li>
+
+<li>Signed CSR: red5.crt</li>
+
+<li>CA's root certificate: root.crt</li>
+
+<li>** Intermediate certificate(s): intermedXX.crt</li>
+ </ul>
+
+<ol style="list-style-type: decimal">
+
+<li>
+ Export existing keys into PKCS12 format:<br />
+ <br />
+<div class="source"><pre class="prettyprint">
+openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile root.crt -certfile intermedXX.crt
+
+Enter Export Password: password
+Verifying - Enter Export Password: password
+</pre></div>
+ </li>
+
+<li>Import resulting red5.p12 into keystore:
+<div class="source"><pre class="prettyprint">
+keytool -importkeystore -srcstorepass password -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore red5/conf/keystore -alias red5
+</pre></div>
+ </li>
+
+<li>Import your chosen CA's root certificate into the keystore (may
+ need to download it from their site - make sure to get the root CA and
+ not the intermediate one):
+
+<div class="source"><pre class="prettyprint">keytool -import -alias root -keystore red5/conf/keystore -trustcacerts -file root.crt</pre></div>
+ (note: you may receive a warning that the certificate already exists in the system wide keystore - import
+ anyway)
+ </li>
+
+<li>Import the intermediate certificate(s) you normally receive with
+ the certificate:
+
+<div class="source"><pre class="prettyprint">keytool -import -alias intermed -keystore red5/conf/keystore -trustcacerts -file intermedXX.crt</pre></div>
+ </li>
+
+<li>Please NOTE according to this <a class="externalLink" href="http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html">http://javarevisited.blogspot.com/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html</a>
guide you can split keystore and truststore (OPTIONAL you might just copy keystore to truststore)
</li>