You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Yah's Global Kingdom <ya...@gmail.com> on 2019/10/10 02:13:55 UTC
VOIP for 5.0.0.M
Is there a plan to implement VOIP for this version of Openmeetings?
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Thanks Maxim,
I got it to work and you are correct I needed the SpecialSSLHostConfig in
the server.xml
On Thu, Oct 17, 2019 at 2:29 AM Maxim Solodovnik <so...@gmail.com>
wrote:
> Actually there is no need to specify *AprProtocol to use let's encrypt
> certificates without conversions
> Here is simple step-by-step guide:
> https://community.letsencrypt.org/t/using-letsencrypt-certificates-on-tomcat-8-x-on-windows/28548/7
> all you need is "Special SSLHostConfig"
> Documentation is here:
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig
>
> On Thu, 17 Oct 2019 at 13:16, René Scholz <
> rene.scholz@abakus-edv-systems.de> wrote:
>
>> Hello,
>>
>> hm, that looks complicated. In my configuration it was not necessary to
>> define a protocol like you have done.
>> The error-message shows that the choosen protocol requires a library. Its
>> possible that this is the error, but I dont know
>> if your certificate match to this protocol.
>>
>> I am afraid without deeper knowledge of your certificates and (maybe very
>> complicated and high-secured)
>> network-configuration I have no further idea what goes wrong.
>>
>> I have only rudimentary knowledge about certificates - in my
>> configuration "behind a NAT" the https-certificate
>> was the lesser evil.
>>
>> Best regrads,
>>
>> René
>>
>>
>>
>>
>>
>> Am 16.10.2019 um 15:25 schrieb Yah's Global Kingdom:
>>
>> Rene, I apologize and thanks for your help! I did use the lines you sent
>> me and changed the necessary information. .
>> The private key is using http11NioProtocol, the format you provided goes
>> into the Http11AprProtocol section.
>>
>> I got this error:
>>
>> 16-Oct-2019 05:58:47.266 SEVERE [main]
>> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
>> initialize component
>> [Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
>> org.apache.catalina.LifecycleException: The configured protocol
>> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
>> library which is not available
>>
>> When I use the Http11NioProtocol I get this error. My keystore only has
>> one key in it the private key.
>>
>> 16-Oct-2019 06:05:35.065 INFO [main]
>> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
>> ["http-nio-5080"]
>> 16-Oct-2019 06:05:35.107 INFO [main]
>> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
>> ["https-jsse-nio-5443"]
>> 16-Oct-2019 06:05:35.352 SEVERE [main]
>> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
>> initialize component [Connector[HTTP/1.1-5443]]
>> org.apache.catalina.LifecycleException: Protocol handler initialization
>> failed
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at
>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at
>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
>> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>> Caused by: java.lang.IllegalArgumentException: Cannot store
>> non-PrivateKeys
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
>> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
>> at
>> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
>> at
>> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
>> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
>> at
>> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
>> ... 13 more
>> Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
>> at
>> java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
>> at
>> java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
>> at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
>> at
>> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
>> at
>> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
>> ... 20 more
>> here is the relevant part of my server.xml that includes the original
>> configuration plus the two configurations I have tried to use to get this
>> to work commented out. <fqdn> is my servername.domainname.org perhaps
>> you can look and see what I have done wrong.
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> Licensed to the Apache Software Foundation (ASF) under one or more
>> contributor license agreements. See the NOTICE file distributed with
>> this work for additional information regarding copyright ownership.
>> The ASF licenses this file to You under the Apache License, Version 2.0
>> (the "License"); you may not use this file except in compliance with
>> the License. You may obtain a copy of the License at
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>> Unless required by applicable law or agreed to in writing, software
>> distributed under the License is distributed on an "AS IS" BASIS,
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> See the License for the specific language governing permissions and
>> limitations under the License.
>> -->
>> <!-- Note: A "Server" is not itself a "Container", so you may not
>> define subcomponents such as "Valves" at this level.
>> Documentation at /docs/config/server.html
>> -->
>> <Server port="8005" shutdown="SHUTDOWN">
>> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
>> />
>> <!-- Security listener. Documentation at /docs/config/listeners.html
>> <Listener className="org.apache.catalina.security.SecurityListener" />
>> -->
>> <!--APR library loader. Documentation at /docs/apr.html -->
>> <Listener className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="on" />
>> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
>> <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
>> <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>>
>> <!-- A "Service" is a collection of one or more "Connectors" that share
>> a single "Container" Note: A "Service" is not itself a
>> "Container",
>> so you may not define subcomponents such as "Valves" at this level.
>> Documentation at /docs/config/service.html
>> -->
>> <Service name="Catalina">
>>
>> <!--The connectors can use a shared executor, you can define one or
>> more named thread pools-->
>> <!--
>> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>> maxThreads="150" minSpareThreads="4"/>
>> -->
>>
>>
>> <!-- A "Connector" represents an endpoint by which requests are
>> received
>> and responses are returned. Documentation at :
>> Java HTTP Connector: /docs/config/http.html
>> Java AJP Connector: /docs/config/ajp.html
>> APR (HTTP/AJP) Connector: /docs/apr.html
>> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
>> -->
>> <Connector port="5080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> redirectPort="5443" />
>> <Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> maxThreads="150" SSLEnabled="true"
>> keystoreFile="conf/keystore" keystorePass="openmeetings"
>> clientAuth="false" sslProtocol="TLS"/>
>>
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
>> This connector uses the APR/native implementation which always
>> uses
>> OpenSSL for TLS.
>> Either JSSE or OpenSSL style configuration may be used. OpenSSL
>> style
>> configuration is used below.
>> -->
>> -->
>> <!--Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>> maxThreads="150" SSLEnabled="true" scheme="https"
>> secure="true" URIEncoding="UTF-8"
>> keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>> clientAuth="false" sslProtocol="TLS" /-->
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
>> This connector uses the APR/native implementation which always
>> uses
>> OpenSSL for TLS.
>> Either JSSE or OpenSSL style configuration may be used. OpenSSL
>> style
>> configuration is used below.
>> -->
>>
>> <!--Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>> maxThreads="150" SSLEnabled="true">
>>
>> <UpgradeProtocol
>> className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig>
>> <Certificate
>> certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>>
>> certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>>
>> certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> -->
>> On Wed, Oct 16, 2019 at 1:50 AM René Scholz <
>> rene.scholz@abakus-edv-systems.de> wrote:
>>
>>> Hello,
>>>
>>> why don't you try out the config-part I sent you?
>>> Make a backup of your sever.xml, edit the part for your connector-port,
>>> restart your OM, pray a little bit and open your browser with https and
>>> your port.
>>>
>>> Whats the result?
>>>
>>> When you mean that something goes wrong replace it with your backuped
>>> server.xml.
>>>
>>> Best regards,
>>>
>>> René
>>>
>>> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>>>
>>> Your saying I don't have to use a keystore with these certs?
>>>
>>> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> With this config import is redundant
>>>> you can use your keys as-is :)
>>>>
>>>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
>>>> wrote:
>>>>
>>>>> Thanks for the information, if I might ask which of these keys did you
>>>>> import into your keystore for openmeetings?
>>>>>
>>>>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
>>>>> rene.scholz@abakus-edv-systems.de> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> this is the part in my server.xml in the conf-dir of my openmeeting I
>>>>>> use without problems:
>>>>>>
>>>>>> <Connector port="5443"
>>>>>> SSLEnabled="true">
>>>>>> <SSLHostConfig>
>>>>>> <Certificate certificateFile="/etc/letsencrypt/live/
>>>>>> subdomain.domain.de/cert.pem"
>>>>>> certificateKeyFile="/etc/letsencrypt/live/
>>>>>> subdomain.domain.de/privkey.pem"
>>>>>> certificateChainFile="/etc/letsencrypt/live/
>>>>>> subdomain.domain.de/fullchain.pem" />
>>>>>> </SSLHostConfig>
>>>>>> </Connector>
>>>>>>
>>>>>> With best regards,
>>>>>>
>>>>>> René
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>>>>
>>>>>> Ok understood for the VOIP implementation. Hopefully, there will be
>>>>>> time for in the near future as it was feature that was really appreciated
>>>>>> and used.
>>>>>> On a different note. I am using LetsEncrypt for ssl certificates.
>>>>>> The wiki at https://openmeetings.apache.org/HTTPS.html does not seem
>>>>>> to apply as you can not submit a .csr file to lets encrypt and it only
>>>>>> works on port 443. I have changed /conf/server.conf to 443 but the server
>>>>>> still refuses to connect. Are there any instructions for how to make OM
>>>>>> 5.0.0.M2 OR M3 work with LetEncrypt and Certbot? Thanks for all your help
>>>>>> Maxim.
>>>>>>
>>>>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <
>>>>>> solomax666@gmail.com> wrote:
>>>>>>
>>>>>>> Yes, sure
>>>>>>> unfortunately my time is very limited
>>>>>>> not sure i can provide any estimates
>>>>>>>
>>>>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <
>>>>>>> yahsgkm@gmail.com> wrote:
>>>>>>>
>>>>>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> WBR
>>>>>>> Maxim aka solomax
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>>
>
> --
> WBR
> Maxim aka solomax
>
Re: VOIP for 5.0.0.M
Posted by Maxim Solodovnik <so...@gmail.com>.
Actually there is no need to specify *AprProtocol to use let's encrypt
certificates without conversions
Here is simple step-by-step guide:
https://community.letsencrypt.org/t/using-letsencrypt-certificates-on-tomcat-8-x-on-windows/28548/7
all you need is "Special SSLHostConfig"
Documentation is here:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig
On Thu, 17 Oct 2019 at 13:16, René Scholz <re...@abakus-edv-systems.de>
wrote:
> Hello,
>
> hm, that looks complicated. In my configuration it was not necessary to
> define a protocol like you have done.
> The error-message shows that the choosen protocol requires a library. Its
> possible that this is the error, but I dont know
> if your certificate match to this protocol.
>
> I am afraid without deeper knowledge of your certificates and (maybe very
> complicated and high-secured)
> network-configuration I have no further idea what goes wrong.
>
> I have only rudimentary knowledge about certificates - in my configuration
> "behind a NAT" the https-certificate
> was the lesser evil.
>
> Best regrads,
>
> René
>
>
>
>
>
> Am 16.10.2019 um 15:25 schrieb Yah's Global Kingdom:
>
> Rene, I apologize and thanks for your help! I did use the lines you sent
> me and changed the necessary information. .
> The private key is using http11NioProtocol, the format you provided goes
> into the Http11AprProtocol section.
>
> I got this error:
>
> 16-Oct-2019 05:58:47.266 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
> org.apache.catalina.LifecycleException: The configured protocol
> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
> library which is not available
>
> When I use the Http11NioProtocol I get this error. My keystore only has
> one key in it the private key.
>
> 16-Oct-2019 06:05:35.065 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-5080"]
> 16-Oct-2019 06:05:35.107 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-5443"]
> 16-Oct-2019 06:05:35.352 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-5443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
> ... 13 more
> Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
> at
> java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
> at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
> at
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
> at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
> ... 20 more
> here is the relevant part of my server.xml that includes the original
> configuration plus the two configurations I have tried to use to get this
> to work commented out. <fqdn> is my servername.domainname.org perhaps
> you can look and see what I have done wrong.
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="5080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="5443" />
> <Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true"
> keystoreFile="conf/keystore" keystorePass="openmeetings"
> clientAuth="false" sslProtocol="TLS"/>
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always
> uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL
> style
> configuration is used below.
> -->
> -->
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
> URIEncoding="UTF-8"
> keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
> clientAuth="false" sslProtocol="TLS" /-->
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always
> uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL
> style
> configuration is used below.
> -->
>
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true">
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
> <SSLHostConfig>
> <Certificate
> certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>
> certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>
> certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> On Wed, Oct 16, 2019 at 1:50 AM René Scholz <
> rene.scholz@abakus-edv-systems.de> wrote:
>
>> Hello,
>>
>> why don't you try out the config-part I sent you?
>> Make a backup of your sever.xml, edit the part for your connector-port,
>> restart your OM, pray a little bit and open your browser with https and
>> your port.
>>
>> Whats the result?
>>
>> When you mean that something goes wrong replace it with your backuped
>> server.xml.
>>
>> Best regards,
>>
>> René
>>
>> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>>
>> Your saying I don't have to use a keystore with these certs?
>>
>> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> With this config import is redundant
>>> you can use your keys as-is :)
>>>
>>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
>>> wrote:
>>>
>>>> Thanks for the information, if I might ask which of these keys did you
>>>> import into your keystore for openmeetings?
>>>>
>>>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
>>>> rene.scholz@abakus-edv-systems.de> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> this is the part in my server.xml in the conf-dir of my openmeeting I
>>>>> use without problems:
>>>>>
>>>>> <Connector port="5443"
>>>>> SSLEnabled="true">
>>>>> <SSLHostConfig>
>>>>> <Certificate certificateFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/cert.pem"
>>>>> certificateKeyFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/privkey.pem"
>>>>> certificateChainFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/fullchain.pem" />
>>>>> </SSLHostConfig>
>>>>> </Connector>
>>>>>
>>>>> With best regards,
>>>>>
>>>>> René
>>>>>
>>>>>
>>>>>
>>>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>>>
>>>>> Ok understood for the VOIP implementation. Hopefully, there will be
>>>>> time for in the near future as it was feature that was really appreciated
>>>>> and used.
>>>>> On a different note. I am using LetsEncrypt for ssl certificates.
>>>>> The wiki at https://openmeetings.apache.org/HTTPS.html does not seem
>>>>> to apply as you can not submit a .csr file to lets encrypt and it only
>>>>> works on port 443. I have changed /conf/server.conf to 443 but the server
>>>>> still refuses to connect. Are there any instructions for how to make OM
>>>>> 5.0.0.M2 OR M3 work with LetEncrypt and Certbot? Thanks for all your help
>>>>> Maxim.
>>>>>
>>>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <
>>>>> solomax666@gmail.com> wrote:
>>>>>
>>>>>> Yes, sure
>>>>>> unfortunately my time is very limited
>>>>>> not sure i can provide any estimates
>>>>>>
>>>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>
>>>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>
--
WBR
Maxim aka solomax
Re: VOIP for 5.0.0.M
Posted by René Scholz <re...@abakus-edv-systems.de>.
Hello,
Ihmo: No way to work behind a NAT without a TURN-server.
Best regards,
René
Am 17.10.2019 um 13:05 schrieb Yah's Global Kingdom:
> Thanks Ren'e, I got it to work I appreciate your taking the time to
> help me. That brings up another question. Do your camera work from
> behind a NAT without a stun or turn server?
>
> On Thu, Oct 17, 2019 at 2:16 AM René Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello,
>
> hm, that looks complicated. In my configuration it was not
> necessary to define a protocol like you have done.
> The error-message shows that the choosen protocol requires a
> library. Its possible that this is the error, but I dont know
> if your certificate match to this protocol.
>
> I am afraid without deeper knowledge of your certificates and
> (maybe very complicated and high-secured)
> network-configuration I have no further idea what goes wrong.
>
> I have only rudimentary knowledge about certificates - in my
> configuration "behind a NAT" the https-certificate
> was the lesser evil.
>
> Best regrads,
>
> René
>
>
>
>
>
> Am 16.10.2019 um 15:25 schrieb Yah's Global Kingdom:
>> Rene, I apologize and thanks for your help! I did use the lines
>> you sent me and changed the necessary information. .
>> The private key is using http11NioProtocol, the format you
>> provided goes into the Http11AprProtocol section.
>>
>> I got this error:
>>
>> 16-Oct-2019 05:58:47.266 SEVERE [main]
>> org.apache.catalina.util.LifecycleBase.handleSubClassException
>> Failed to initialize component
>> [Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
>> org.apache.catalina.LifecycleException: The configured protocol
>> [org.apache.coyote.http11.Http11AprProtocol] requires the
>> APR/native library which is not available
>>
>> When I use the Http11NioProtocol I get this error. My keystore
>> only has one key in it the private key.
>>
>> 16-Oct-2019 06:05:35.065 INFO [main]
>> org.apache.coyote.AbstractProtocol.init Initializing
>> ProtocolHandler ["http-nio-5080"]
>> 16-Oct-2019 06:05:35.107 INFO [main]
>> org.apache.coyote.AbstractProtocol.init Initializing
>> ProtocolHandler ["https-jsse-nio-5443"]
>> 16-Oct-2019 06:05:35.352 SEVERE [main]
>> org.apache.catalina.util.LifecycleBase.handleSubClassException
>> Failed to initialize component [Connector[HTTP/1.1-5443]]
>> org.apache.catalina.LifecycleException: Protocol handler
>> initialization failed
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
>> at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at
>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
>> at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at
>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
>> at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
>> at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>> Caused by: java.lang.IllegalArgumentException: Cannot store
>> non-PrivateKeys
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
>> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
>> at
>> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
>> at
>> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
>> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
>> at
>> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
>> at
>> org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
>> ... 13 more
>> Caused by: java.security.KeyStoreException: Cannot store
>> non-PrivateKeys
>> at
>> java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
>> at
>> java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
>> at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
>> at
>> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
>> at
>> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
>> at
>> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
>> ... 20 more
>> here is the relevant part of my server.xml that includes the
>> original configuration plus the two configurations I have tried
>> to use to get this to work commented out. <fqdn> is my
>> servername.domainname.org <http://servername.domainname.org>
>> perhaps you can look and see what I have done wrong.
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> Licensed to the Apache Software Foundation (ASF) under one or more
>> contributor license agreements. See the NOTICE file
>> distributed with
>> this work for additional information regarding copyright ownership.
>> The ASF licenses this file to You under the Apache License,
>> Version 2.0
>> (the "License"); you may not use this file except in compliance
>> with
>> the License. You may obtain a copy of the License at
>>
>> http://www.apache.org/licenses/LICENSE-2.0
>>
>> Unless required by applicable law or agreed to in writing, software
>> distributed under the License is distributed on an "AS IS" BASIS,
>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
>> implied.
>> See the License for the specific language governing permissions and
>> limitations under the License.
>> -->
>> <!-- Note: A "Server" is not itself a "Container", so you may not
>> define subcomponents such as "Valves" at this level.
>> Documentation at /docs/config/server.html
>> -->
>> <Server port="8005" shutdown="SHUTDOWN">
>> <Listener
>> className="org.apache.catalina.startup.VersionLoggerListener" />
>> <!-- Security listener. Documentation at
>> /docs/config/listeners.html
>> <Listener
>> className="org.apache.catalina.security.SecurityListener" />
>> -->
>> <!--APR library loader. Documentation at /docs/apr.html -->
>> <Listener
>> className="org.apache.catalina.core.AprLifecycleListener"
>> SSLEngine="on" />
>> <!-- Prevent memory leaks due to use of particular java/javax
>> APIs-->
>> <Listener
>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener"
>> />
>> <Listener
>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
>> />
>> <Listener
>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
>> />
>>
>> <!-- A "Service" is a collection of one or more "Connectors"
>> that share
>> a single "Container" Note: A "Service" is not itself a
>> "Container",
>> so you may not define subcomponents such as "Valves" at
>> this level.
>> Documentation at /docs/config/service.html
>> -->
>> <Service name="Catalina">
>>
>> <!--The connectors can use a shared executor, you can define
>> one or more named thread pools-->
>> <!--
>> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
>> maxThreads="150" minSpareThreads="4"/>
>> -->
>>
>>
>> <!-- A "Connector" represents an endpoint by which requests
>> are received
>> and responses are returned. Documentation at :
>> Java HTTP Connector: /docs/config/http.html
>> Java AJP Connector: /docs/config/ajp.html
>> APR (HTTP/AJP) Connector: /docs/apr.html
>> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
>> -->
>> <Connector port="5080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> redirectPort="5443" />
>> <Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> maxThreads="150" SSLEnabled="true"
>> keystoreFile="conf/keystore"
>> keystorePass="openmeetings"
>> clientAuth="false" sslProtocol="TLS"/>
>>
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
>> This connector uses the APR/native implementation which
>> always uses
>> OpenSSL for TLS.
>> Either JSSE or OpenSSL style configuration may be used.
>> OpenSSL style
>> configuration is used below.
>> -->
>> -->
>> <!--Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>> maxThreads="150" SSLEnabled="true" scheme="https"
>> secure="true" URIEncoding="UTF-8"
>> keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>> clientAuth="false" sslProtocol="TLS" /-->
>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
>> This connector uses the APR/native implementation which
>> always uses
>> OpenSSL for TLS.
>> Either JSSE or OpenSSL style configuration may be used.
>> OpenSSL style
>> configuration is used below.
>> -->
>>
>> <!--Connector port="5443"
>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>> maxThreads="150" SSLEnabled="true">
>>
>> <UpgradeProtocol
>> className="org.apache.coyote.http2.Http2Protocol" />
>> <SSLHostConfig>
>> <Certificate
>> certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>> certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>> certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
>> type="RSA" />
>> </SSLHostConfig>
>> </Connector>
>> -->
>> On Wed, Oct 16, 2019 at 1:50 AM René Scholz
>> <rene.scholz@abakus-edv-systems.de
>> <ma...@abakus-edv-systems.de>> wrote:
>>
>> Hello,
>>
>> why don't you try out the config-part I sent you?
>> Make a backup of your sever.xml, edit the part for your
>> connector-port, restart your OM, pray a little bit and open
>> your browser with https and your port.
>>
>> Whats the result?
>>
>> When you mean that something goes wrong replace it with your
>> backuped server.xml.
>>
>> Best regards,
>>
>> René
>>
>> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>>> Your saying I don't have to use a keystore with these certs?
>>>
>>> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik
>>> <solomax666@gmail.com <ma...@gmail.com>> wrote:
>>>
>>> With this config import is redundant
>>> you can use your keys as-is :)
>>>
>>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom
>>> <yahsgkm@gmail.com <ma...@gmail.com>> wrote:
>>>
>>> Thanks for the information, if I might ask which of
>>> these keys did you import into your keystore for
>>> openmeetings?
>>>
>>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz
>>> <rene.scholz@abakus-edv-systems.de
>>> <ma...@abakus-edv-systems.de>> wrote:
>>>
>>> Hello,
>>>
>>> this is the part in my server.xml in the
>>> conf-dir of my openmeeting I use without problems:
>>>
>>> <Connector port="5443"
>>> SSLEnabled="true">
>>> <SSLHostConfig>
>>> <Certificate
>>> certificateFile="/etc/letsencrypt/live/subdomain.domain.de/cert.pem
>>> <http://subdomain.domain.de/cert.pem>"
>>> certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.de/privkey.pem
>>> <http://subdomain.domain.de/privkey.pem>"
>>> certificateChainFile="/etc/letsencrypt/live/subdomain.domain.de/fullchain.pem
>>> <http://subdomain.domain.de/fullchain.pem>" />
>>> </SSLHostConfig>
>>> </Connector>
>>>
>>> With best regards,
>>>
>>> René
>>>
>>>
>>>
>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>> Ok understood for the VOIP implementation.
>>>> Hopefully, there will be time for in the near
>>>> future as it was feature that was really
>>>> appreciated and used.
>>>> On a different note. I am using LetsEncrypt
>>>> for ssl certificates. The wiki at
>>>> https://openmeetings.apache.org/HTTPS.html does
>>>> not seem to apply as you can not submit a .csr
>>>> file to lets encrypt and it only works on port
>>>> 443. I have changed /conf/server.conf to 443
>>>> but the server still refuses to connect. Are
>>>> there any instructions for how to make OM
>>>> 5.0.0.M2 OR M3 work with LetEncrypt and
>>>> Certbot? Thanks for all your help Maxim.
>>>>
>>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim
>>>> Solodovnik <solomax666@gmail.com
>>>> <ma...@gmail.com>> wrote:
>>>>
>>>> Yes, sure
>>>> unfortunately my time is very limited
>>>> not sure i can provide any estimates
>>>>
>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global
>>>> Kingdom <yahsgkm@gmail.com
>>>> <ma...@gmail.com>> wrote:
>>>>
>>>> Is there a plan to implement VOIP for
>>>> this version of Openmeetings?
>>>>
>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Thanks Ren'e, I got it to work I appreciate your taking the time to help
me. That brings up another question. Do your camera work from behind a
NAT without a stun or turn server?
On Thu, Oct 17, 2019 at 2:16 AM René Scholz <
rene.scholz@abakus-edv-systems.de> wrote:
> Hello,
>
> hm, that looks complicated. In my configuration it was not necessary to
> define a protocol like you have done.
> The error-message shows that the choosen protocol requires a library. Its
> possible that this is the error, but I dont know
> if your certificate match to this protocol.
>
> I am afraid without deeper knowledge of your certificates and (maybe very
> complicated and high-secured)
> network-configuration I have no further idea what goes wrong.
>
> I have only rudimentary knowledge about certificates - in my configuration
> "behind a NAT" the https-certificate
> was the lesser evil.
>
> Best regrads,
>
> René
>
>
>
>
>
> Am 16.10.2019 um 15:25 schrieb Yah's Global Kingdom:
>
> Rene, I apologize and thanks for your help! I did use the lines you sent
> me and changed the necessary information. .
> The private key is using http11NioProtocol, the format you provided goes
> into the Http11AprProtocol section.
>
> I got this error:
>
> 16-Oct-2019 05:58:47.266 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
> org.apache.catalina.LifecycleException: The configured protocol
> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
> library which is not available
>
> When I use the Http11NioProtocol I get this error. My keystore only has
> one key in it the private key.
>
> 16-Oct-2019 06:05:35.065 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-5080"]
> 16-Oct-2019 06:05:35.107 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-5443"]
> 16-Oct-2019 06:05:35.352 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-5443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
> ... 13 more
> Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
> at
> java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
> at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
> at
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
> at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
> ... 20 more
> here is the relevant part of my server.xml that includes the original
> configuration plus the two configurations I have tried to use to get this
> to work commented out. <fqdn> is my servername.domainname.org perhaps
> you can look and see what I have done wrong.
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <Listener className="org.apache.catalina.startup.VersionLoggerListener"
> />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one or
> more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="5080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="5443" />
> <Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true"
> keystoreFile="conf/keystore" keystorePass="openmeetings"
> clientAuth="false" sslProtocol="TLS"/>
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always
> uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL
> style
> configuration is used below.
> -->
> -->
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
> URIEncoding="UTF-8"
> keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
> clientAuth="false" sslProtocol="TLS" /-->
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which always
> uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used. OpenSSL
> style
> configuration is used below.
> -->
>
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true">
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
> <SSLHostConfig>
> <Certificate
> certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
>
> certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
>
> certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> On Wed, Oct 16, 2019 at 1:50 AM René Scholz <
> rene.scholz@abakus-edv-systems.de> wrote:
>
>> Hello,
>>
>> why don't you try out the config-part I sent you?
>> Make a backup of your sever.xml, edit the part for your connector-port,
>> restart your OM, pray a little bit and open your browser with https and
>> your port.
>>
>> Whats the result?
>>
>> When you mean that something goes wrong replace it with your backuped
>> server.xml.
>>
>> Best regards,
>>
>> René
>>
>> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>>
>> Your saying I don't have to use a keystore with these certs?
>>
>> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> With this config import is redundant
>>> you can use your keys as-is :)
>>>
>>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
>>> wrote:
>>>
>>>> Thanks for the information, if I might ask which of these keys did you
>>>> import into your keystore for openmeetings?
>>>>
>>>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
>>>> rene.scholz@abakus-edv-systems.de> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> this is the part in my server.xml in the conf-dir of my openmeeting I
>>>>> use without problems:
>>>>>
>>>>> <Connector port="5443"
>>>>> SSLEnabled="true">
>>>>> <SSLHostConfig>
>>>>> <Certificate certificateFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/cert.pem"
>>>>> certificateKeyFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/privkey.pem"
>>>>> certificateChainFile="/etc/letsencrypt/live/
>>>>> subdomain.domain.de/fullchain.pem" />
>>>>> </SSLHostConfig>
>>>>> </Connector>
>>>>>
>>>>> With best regards,
>>>>>
>>>>> René
>>>>>
>>>>>
>>>>>
>>>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>>>
>>>>> Ok understood for the VOIP implementation. Hopefully, there will be
>>>>> time for in the near future as it was feature that was really appreciated
>>>>> and used.
>>>>> On a different note. I am using LetsEncrypt for ssl certificates.
>>>>> The wiki at https://openmeetings.apache.org/HTTPS.html does not seem
>>>>> to apply as you can not submit a .csr file to lets encrypt and it only
>>>>> works on port 443. I have changed /conf/server.conf to 443 but the server
>>>>> still refuses to connect. Are there any instructions for how to make OM
>>>>> 5.0.0.M2 OR M3 work with LetEncrypt and Certbot? Thanks for all your help
>>>>> Maxim.
>>>>>
>>>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <
>>>>> solomax666@gmail.com> wrote:
>>>>>
>>>>>> Yes, sure
>>>>>> unfortunately my time is very limited
>>>>>> not sure i can provide any estimates
>>>>>>
>>>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>
>>>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>
Re: VOIP for 5.0.0.M
Posted by René Scholz <re...@abakus-edv-systems.de>.
Hello,
hm, that looks complicated. In my configuration it was not necessary to
define a protocol like you have done.
The error-message shows that the choosen protocol requires a library.
Its possible that this is the error, but I dont know
if your certificate match to this protocol.
I am afraid without deeper knowledge of your certificates and (maybe
very complicated and high-secured)
network-configuration I have no further idea what goes wrong.
I have only rudimentary knowledge about certificates - in my
configuration "behind a NAT" the https-certificate
was the lesser evil.
Best regrads,
René
Am 16.10.2019 um 15:25 schrieb Yah's Global Kingdom:
> Rene, I apologize and thanks for your help! I did use the lines you
> sent me and changed the necessary information. .
> The private key is using http11NioProtocol, the format you provided
> goes into the Http11AprProtocol section.
>
> I got this error:
>
> 16-Oct-2019 05:58:47.266 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component
> [Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
> org.apache.catalina.LifecycleException: The configured protocol
> [org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
> library which is not available
>
> When I use the Http11NioProtocol I get this error. My keystore only
> has one key in it the private key.
>
> 16-Oct-2019 06:05:35.065 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-5080"]
> 16-Oct-2019 06:05:35.107 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-5443"]
> 16-Oct-2019 06:05:35.352 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
> to initialize component [Connector[HTTP/1.1-5443]]
> org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: Cannot store
> non-PrivateKeys
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
> ... 13 more
> Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
> at
> java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
> at
> java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
> at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
> at
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
> at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
> ... 20 more
> here is the relevant part of my server.xml that includes the original
> configuration plus the two configurations I have tried to use to get
> this to work commented out. <fqdn> is my servername.domainname.org
> <http://servername.domainname.org> perhaps you can look and see what I
> have done wrong.
> <?xml version="1.0" encoding="UTF-8"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
>
> http://www.apache.org/licenses/LICENSE-2.0
>
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> -->
> <!-- Note: A "Server" is not itself a "Container", so you may not
> define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/server.html
> -->
> <Server port="8005" shutdown="SHUTDOWN">
> <Listener
> className="org.apache.catalina.startup.VersionLoggerListener" />
> <!-- Security listener. Documentation at /docs/config/listeners.html
> <Listener className="org.apache.catalina.security.SecurityListener" />
> -->
> <!--APR library loader. Documentation at /docs/apr.html -->
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
> <!-- Prevent memory leaks due to use of particular java/javax APIs-->
> <Listener
> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
> <Listener
> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
>
> <!-- A "Service" is a collection of one or more "Connectors" that share
> a single "Container" Note: A "Service" is not itself a
> "Container",
> so you may not define subcomponents such as "Valves" at this level.
> Documentation at /docs/config/service.html
> -->
> <Service name="Catalina">
>
> <!--The connectors can use a shared executor, you can define one
> or more named thread pools-->
> <!--
> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
> maxThreads="150" minSpareThreads="4"/>
> -->
>
>
> <!-- A "Connector" represents an endpoint by which requests are
> received
> and responses are returned. Documentation at :
> Java HTTP Connector: /docs/config/http.html
> Java AJP Connector: /docs/config/ajp.html
> APR (HTTP/AJP) Connector: /docs/apr.html
> Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
> -->
> <Connector port="5080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="5443" />
> <Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" SSLEnabled="true"
> keystoreFile="conf/keystore" keystorePass="openmeetings"
> clientAuth="false" sslProtocol="TLS"/>
>
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which
> always uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used.
> OpenSSL style
> configuration is used below.
> -->
> -->
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
> maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true" URIEncoding="UTF-8"
> keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
> clientAuth="false" sslProtocol="TLS" /-->
> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
> This connector uses the APR/native implementation which
> always uses
> OpenSSL for TLS.
> Either JSSE or OpenSSL style configuration may be used.
> OpenSSL style
> configuration is used below.
> -->
>
> <!--Connector port="5443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true">
>
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate
> certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
> certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
> certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> -->
> On Wed, Oct 16, 2019 at 1:50 AM René Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello,
>
> why don't you try out the config-part I sent you?
> Make a backup of your sever.xml, edit the part for your
> connector-port, restart your OM, pray a little bit and open your
> browser with https and your port.
>
> Whats the result?
>
> When you mean that something goes wrong replace it with your
> backuped server.xml.
>
> Best regards,
>
> René
>
> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>> Your saying I don't have to use a keystore with these certs?
>>
>> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik
>> <solomax666@gmail.com <ma...@gmail.com>> wrote:
>>
>> With this config import is redundant
>> you can use your keys as-is :)
>>
>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom
>> <yahsgkm@gmail.com <ma...@gmail.com>> wrote:
>>
>> Thanks for the information, if I might ask which of these
>> keys did you import into your keystore for openmeetings?
>>
>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz
>> <rene.scholz@abakus-edv-systems.de
>> <ma...@abakus-edv-systems.de>> wrote:
>>
>> Hello,
>>
>> this is the part in my server.xml in the conf-dir of
>> my openmeeting I use without problems:
>>
>> <Connector port="5443"
>> SSLEnabled="true">
>> <SSLHostConfig>
>> <Certificate
>> certificateFile="/etc/letsencrypt/live/subdomain.domain.de/cert.pem
>> <http://subdomain.domain.de/cert.pem>"
>> certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.de/privkey.pem
>> <http://subdomain.domain.de/privkey.pem>"
>> certificateChainFile="/etc/letsencrypt/live/subdomain.domain.de/fullchain.pem
>> <http://subdomain.domain.de/fullchain.pem>" />
>> </SSLHostConfig>
>> </Connector>
>>
>> With best regards,
>>
>> René
>>
>>
>>
>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>> Ok understood for the VOIP implementation.
>>> Hopefully, there will be time for in the near future
>>> as it was feature that was really appreciated and used.
>>> On a different note. I am using LetsEncrypt for ssl
>>> certificates. The wiki at
>>> https://openmeetings.apache.org/HTTPS.html does not
>>> seem to apply as you can not submit a .csr file to
>>> lets encrypt and it only works on port 443. I have
>>> changed /conf/server.conf to 443 but the server
>>> still refuses to connect. Are there any
>>> instructions for how to make OM 5.0.0.M2 OR M3 work
>>> with LetEncrypt and Certbot? Thanks for all your
>>> help Maxim.
>>>
>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik
>>> <solomax666@gmail.com <ma...@gmail.com>>
>>> wrote:
>>>
>>> Yes, sure
>>> unfortunately my time is very limited
>>> not sure i can provide any estimates
>>>
>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global
>>> Kingdom <yahsgkm@gmail.com
>>> <ma...@gmail.com>> wrote:
>>>
>>> Is there a plan to implement VOIP for this
>>> version of Openmeetings?
>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Rene, I apologize and thanks for your help! I did use the lines you sent
me and changed the necessary information. .
The private key is using http11NioProtocol, the format you provided goes
into the Http11AprProtocol section.
I got this error:
16-Oct-2019 05:58:47.266 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component
[Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
org.apache.catalina.LifecycleException: The configured protocol
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
library which is not available
When I use the Http11NioProtocol I get this error. My keystore only has
one key in it the private key.
16-Oct-2019 06:05:35.065 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-5080"]
16-Oct-2019 06:05:35.107 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-5443"]
16-Oct-2019 06:05:35.352 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-5443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
... 13 more
Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
at
java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
at
java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 more
here is the relevant part of my server.xml that includes the original
configuration plus the two configurations I have tried to use to get this
to work commented out. <fqdn> is my servername.domainname.org perhaps you
can look and see what I have done wrong.
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or
more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="5080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="5443" />
<Connector port="5443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
keystoreFile="conf/keystore" keystorePass="openmeetings"
clientAuth="false" sslProtocol="TLS"/>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL
style
configuration is used below.
-->
-->
<!--Connector port="5443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
URIEncoding="UTF-8"
keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
clientAuth="false" sslProtocol="TLS" /-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL
style
configuration is used below.
-->
<!--Connector port="5443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>
<SSLHostConfig>
<Certificate
certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
On Wed, Oct 16, 2019 at 1:50 AM René Scholz <
rene.scholz@abakus-edv-systems.de> wrote:
> Hello,
>
> why don't you try out the config-part I sent you?
> Make a backup of your sever.xml, edit the part for your connector-port,
> restart your OM, pray a little bit and open your browser with https and
> your port.
>
> Whats the result?
>
> When you mean that something goes wrong replace it with your backuped
> server.xml.
>
> Best regards,
>
> René
>
> Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
>
> Your saying I don't have to use a keystore with these certs?
>
> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> With this config import is redundant
>> you can use your keys as-is :)
>>
>> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
>> wrote:
>>
>>> Thanks for the information, if I might ask which of these keys did you
>>> import into your keystore for openmeetings?
>>>
>>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
>>> rene.scholz@abakus-edv-systems.de> wrote:
>>>
>>>> Hello,
>>>>
>>>> this is the part in my server.xml in the conf-dir of my openmeeting I
>>>> use without problems:
>>>>
>>>> <Connector port="5443"
>>>> SSLEnabled="true">
>>>> <SSLHostConfig>
>>>> <Certificate certificateFile="/etc/letsencrypt/live/
>>>> subdomain.domain.de/cert.pem"
>>>> certificateKeyFile="/etc/letsencrypt/live/
>>>> subdomain.domain.de/privkey.pem"
>>>> certificateChainFile="/etc/letsencrypt/live/
>>>> subdomain.domain.de/fullchain.pem" />
>>>> </SSLHostConfig>
>>>> </Connector>
>>>>
>>>> With best regards,
>>>>
>>>> René
>>>>
>>>>
>>>>
>>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>>
>>>> Ok understood for the VOIP implementation. Hopefully, there will be
>>>> time for in the near future as it was feature that was really appreciated
>>>> and used.
>>>> On a different note. I am using LetsEncrypt for ssl certificates. The
>>>> wiki at https://openmeetings.apache.org/HTTPS.html does not seem to
>>>> apply as you can not submit a .csr file to lets encrypt and it only works
>>>> on port 443. I have changed /conf/server.conf to 443 but the server still
>>>> refuses to connect. Are there any instructions for how to make OM 5.0.0.M2
>>>> OR M3 work with LetEncrypt and Certbot? Thanks for all your help Maxim.
>>>>
>>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <so...@gmail.com>
>>>> wrote:
>>>>
>>>>> Yes, sure
>>>>> unfortunately my time is very limited
>>>>> not sure i can provide any estimates
>>>>>
>>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>
>>>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: VOIP for 5.0.0.M
Posted by René Scholz <re...@abakus-edv-systems.de>.
Hello,
why don't you try out the config-part I sent you?
Make a backup of your sever.xml, edit the part for your connector-port,
restart your OM, pray a little bit and open your browser with https and
your port.
Whats the result?
When you mean that something goes wrong replace it with your backuped
server.xml.
Best regards,
René
Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
> Your saying I don't have to use a keystore with these certs?
>
> On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <solomax666@gmail.com
> <ma...@gmail.com>> wrote:
>
> With this config import is redundant
> you can use your keys as-is :)
>
> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom
> <yahsgkm@gmail.com <ma...@gmail.com>> wrote:
>
> Thanks for the information, if I might ask which of these keys
> did you import into your keystore for openmeetings?
>
> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello,
>
> this is the part in my server.xml in the conf-dir of my
> openmeeting I use without problems:
>
> <Connector port="5443"
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/subdomain.domain.de/cert.pem
> <http://subdomain.domain.de/cert.pem>"
> certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.de/privkey.pem
> <http://subdomain.domain.de/privkey.pem>"
> certificateChainFile="/etc/letsencrypt/live/subdomain.domain.de/fullchain.pem
> <http://subdomain.domain.de/fullchain.pem>" />
> </SSLHostConfig>
> </Connector>
>
> With best regards,
>
> René
>
>
>
> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>> Ok understood for the VOIP implementation. Hopefully,
>> there will be time for in the near future as it was
>> feature that was really appreciated and used.
>> On a different note. I am using LetsEncrypt for ssl
>> certificates. The wiki at
>> https://openmeetings.apache.org/HTTPS.html does not seem
>> to apply as you can not submit a .csr file to lets
>> encrypt and it only works on port 443. I have changed
>> /conf/server.conf to 443 but the server still refuses to
>> connect. Are there any instructions for how to make OM
>> 5.0.0.M2 OR M3 work with LetEncrypt and Certbot? Thanks
>> for all your help Maxim.
>>
>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik
>> <solomax666@gmail.com <ma...@gmail.com>> wrote:
>>
>> Yes, sure
>> unfortunately my time is very limited
>> not sure i can provide any estimates
>>
>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom
>> <yahsgkm@gmail.com <ma...@gmail.com>> wrote:
>>
>> Is there a plan to implement VOIP for this
>> version of Openmeetings?
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Your saying I don't have to use a keystore with these certs?
On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik <so...@gmail.com>
wrote:
> With this config import is redundant
> you can use your keys as-is :)
>
> On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
> wrote:
>
>> Thanks for the information, if I might ask which of these keys did you
>> import into your keystore for openmeetings?
>>
>> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
>> rene.scholz@abakus-edv-systems.de> wrote:
>>
>>> Hello,
>>>
>>> this is the part in my server.xml in the conf-dir of my openmeeting I
>>> use without problems:
>>>
>>> <Connector port="5443"
>>> SSLEnabled="true">
>>> <SSLHostConfig>
>>> <Certificate certificateFile="/etc/letsencrypt/live/
>>> subdomain.domain.de/cert.pem"
>>> certificateKeyFile="/etc/letsencrypt/live/
>>> subdomain.domain.de/privkey.pem"
>>> certificateChainFile="/etc/letsencrypt/live/
>>> subdomain.domain.de/fullchain.pem" />
>>> </SSLHostConfig>
>>> </Connector>
>>>
>>> With best regards,
>>>
>>> René
>>>
>>>
>>>
>>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>>
>>> Ok understood for the VOIP implementation. Hopefully, there will be
>>> time for in the near future as it was feature that was really appreciated
>>> and used.
>>> On a different note. I am using LetsEncrypt for ssl certificates. The
>>> wiki at https://openmeetings.apache.org/HTTPS.html does not seem to
>>> apply as you can not submit a .csr file to lets encrypt and it only works
>>> on port 443. I have changed /conf/server.conf to 443 but the server still
>>> refuses to connect. Are there any instructions for how to make OM 5.0.0.M2
>>> OR M3 work with LetEncrypt and Certbot? Thanks for all your help Maxim.
>>>
>>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> Yes, sure
>>>> unfortunately my time is very limited
>>>> not sure i can provide any estimates
>>>>
>>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>>>> wrote:
>>>>
>>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>>
>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>
> --
> WBR
> Maxim aka solomax
>
Re: VOIP for 5.0.0.M
Posted by Maxim Solodovnik <so...@gmail.com>.
With this config import is redundant
you can use your keys as-is :)
On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom <ya...@gmail.com>
wrote:
> Thanks for the information, if I might ask which of these keys did you
> import into your keystore for openmeetings?
>
> On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <
> rene.scholz@abakus-edv-systems.de> wrote:
>
>> Hello,
>>
>> this is the part in my server.xml in the conf-dir of my openmeeting I use
>> without problems:
>>
>> <Connector port="5443"
>> SSLEnabled="true">
>> <SSLHostConfig>
>> <Certificate certificateFile="/etc/letsencrypt/live/
>> subdomain.domain.de/cert.pem"
>> certificateKeyFile="/etc/letsencrypt/live/
>> subdomain.domain.de/privkey.pem"
>> certificateChainFile="/etc/letsencrypt/live/
>> subdomain.domain.de/fullchain.pem" />
>> </SSLHostConfig>
>> </Connector>
>>
>> With best regards,
>>
>> René
>>
>>
>>
>> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>>
>> Ok understood for the VOIP implementation. Hopefully, there will be time
>> for in the near future as it was feature that was really appreciated and
>> used.
>> On a different note. I am using LetsEncrypt for ssl certificates. The
>> wiki at https://openmeetings.apache.org/HTTPS.html does not seem to
>> apply as you can not submit a .csr file to lets encrypt and it only works
>> on port 443. I have changed /conf/server.conf to 443 but the server still
>> refuses to connect. Are there any instructions for how to make OM 5.0.0.M2
>> OR M3 work with LetEncrypt and Certbot? Thanks for all your help Maxim.
>>
>> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> Yes, sure
>>> unfortunately my time is very limited
>>> not sure i can provide any estimates
>>>
>>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>>> wrote:
>>>
>>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
--
WBR
Maxim aka solomax
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Thanks for the information, if I might ask which of these keys did you
import into your keystore for openmeetings?
On Sat, Oct 12, 2019 at 1:36 PM R. Scholz <re...@abakus-edv-systems.de>
wrote:
> Hello,
>
> this is the part in my server.xml in the conf-dir of my openmeeting I use
> without problems:
>
> <Connector port="5443"
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateFile="/etc/letsencrypt/live/
> subdomain.domain.de/cert.pem"
> certificateKeyFile="/etc/letsencrypt/live/
> subdomain.domain.de/privkey.pem"
> certificateChainFile="/etc/letsencrypt/live/
> subdomain.domain.de/fullchain.pem" />
> </SSLHostConfig>
> </Connector>
>
> With best regards,
>
> René
>
>
>
> Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
>
> Ok understood for the VOIP implementation. Hopefully, there will be time
> for in the near future as it was feature that was really appreciated and
> used.
> On a different note. I am using LetsEncrypt for ssl certificates. The
> wiki at https://openmeetings.apache.org/HTTPS.html does not seem to apply
> as you can not submit a .csr file to lets encrypt and it only works on port
> 443. I have changed /conf/server.conf to 443 but the server still refuses
> to connect. Are there any instructions for how to make OM 5.0.0.M2 OR M3
> work with LetEncrypt and Certbot? Thanks for all your help Maxim.
>
> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Yes, sure
>> unfortunately my time is very limited
>> not sure i can provide any estimates
>>
>> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
>> wrote:
>>
>>> Is there a plan to implement VOIP for this version of Openmeetings?
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: VOIP for 5.0.0.M
Posted by "R. Scholz" <re...@abakus-edv-systems.de>.
Hello,
this is the part in my server.xml in the conf-dir of my openmeeting I
use without problems:
<Connector port="5443"
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/etc/letsencrypt/live/subdomain.domain.de/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.de/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/subdomain.domain.de/fullchain.pem"
/>
</SSLHostConfig>
</Connector>
With best regards,
René
Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
> Ok understood for the VOIP implementation. Hopefully, there will be
> time for in the near future as it was feature that was really
> appreciated and used.
> On a different note. I am using LetsEncrypt for ssl certificates.
> The wiki at https://openmeetings.apache.org/HTTPS.html does not seem
> to apply as you can not submit a .csr file to lets encrypt and it only
> works on port 443. I have changed /conf/server.conf to 443 but the
> server still refuses to connect. Are there any instructions for how
> to make OM 5.0.0.M2 OR M3 work with LetEncrypt and Certbot? Thanks
> for all your help Maxim.
>
> On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik
> <solomax666@gmail.com <ma...@gmail.com>> wrote:
>
> Yes, sure
> unfortunately my time is very limited
> not sure i can provide any estimates
>
> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom
> <yahsgkm@gmail.com <ma...@gmail.com>> wrote:
>
> Is there a plan to implement VOIP for this version of
> Openmeetings?
>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: VOIP for 5.0.0.M
Posted by Yah's Global Kingdom <ya...@gmail.com>.
Ok understood for the VOIP implementation. Hopefully, there will be time
for in the near future as it was feature that was really appreciated and
used.
On a different note. I am using LetsEncrypt for ssl certificates. The
wiki at https://openmeetings.apache.org/HTTPS.html does not seem to apply
as you can not submit a .csr file to lets encrypt and it only works on port
443. I have changed /conf/server.conf to 443 but the server still refuses
to connect. Are there any instructions for how to make OM 5.0.0.M2 OR M3
work with LetEncrypt and Certbot? Thanks for all your help Maxim.
On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik <so...@gmail.com>
wrote:
> Yes, sure
> unfortunately my time is very limited
> not sure i can provide any estimates
>
> On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
> wrote:
>
>> Is there a plan to implement VOIP for this version of Openmeetings?
>>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: VOIP for 5.0.0.M
Posted by Maxim Solodovnik <so...@gmail.com>.
Yes, sure
unfortunately my time is very limited
not sure i can provide any estimates
On Thu, 10 Oct 2019 at 09:16, Yah's Global Kingdom <ya...@gmail.com>
wrote:
> Is there a plan to implement VOIP for this version of Openmeetings?
>
--
WBR
Maxim aka solomax