Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate

[vn...@lycos.com]

Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate 

Prerequisites:
Download Let's Encrypt portable client for Windows:
https://github.com/do-know/Crypt-LE/releases
OpenMeetings is installed in c:\red5401 

Review the official documentation:
https://openmeetings.apache.org/RTMPSAndHTTPS.html 

On the Router, enable the following rules in
/jffs/scripts/firewall-start
# Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP
192.168.0.135 (change it to your OM server's IP)
/usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443
/usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080 

cmd
mkdir c:\SSL
set OPENSSL_CONF=c:\SSL\openssl.cnf
cd c:\SSL
mkdir c:\red5401\webapps\root\.well-known\acme-challenge 

My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry. 

1. Create a keystore and key using the same password:
keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore
red5/keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: om.dynu.net -> change to your DNS entry.
What is the name of your organizational unit?
[Unknown]: Dev
What is the name of your organization?
[Unknown]: OM
What is the name of your City or Locality?
[Unknown]: Somecity
What is the name of your State or Province?
[Unknown]: NY
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct?
[no]: yes 

2. Create a CSR from the keystore:
keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr
-keystore red5/keystore.jks 

3. Add the CA root certificate to the keystore (answer yes on cert
already exist in system wide CA keystore):
keytool -import -alias root -keystore red5/keystore.jks -trustcacerts
-file C:\SSL\isrgrootx1.pem.txt 

4. Add the CA intermediate certificate to the keystore:
keytool -import -alias intermed -keystore red5/keystore.jks
-trustcacerts -file C:\SSL\intermediate-crt.txt 

5. Generate an account key and domain key for each domain. You only need
to generate the account key once.
Domain key is best to be created for every separate set of names you are
creating certificates for.
openssl genrsa -out account.key 4096
openssl genrsa -out red5/om.dynu.net-domain.key 2048 

6. Generate the SSL certificate for your domain:
le64 -key account.key -csr red5/om.dynu.net.csr -csr-key
red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains
"om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge
-unlink -live -legacy 

7. Import the certificate you received:
keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts
-file red5/om.dynu.net.crt 

8. Check the keystore certificates
keytool -list -keystore red5/keystore.jks 

9. Overwrite the following keystore files with the new keystore.jks
copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen
copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks
copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks 

10. Restart the Red5 Windows Service
net stop Red5 && sleep 10 && net start Red5 

11. Check the domain's SSL certificate:
https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest 

Note: To revoke a certificate execute:
le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains
"om.dynu.net" -live 

Bonus:
Windows batch script for renewal 20 days before expiration:
@echo off
c:\ssl\le64.exe --key c:\ssl\account.key --csr
c:\ssl\red5\om.dynu.net.csr --csr-key c:\ssl\red5\om.dynu.net-domain.key
--crt c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path
c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20
--issue-code 100 --live -legacy
if errorlevel 255 goto error
if errorlevel 100 goto renew
goto exit
:error
# add e-mail communication
goto exit
:renew
copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak
keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks
-storepass <pass>
sleep 2
keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks
-storepass <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt
sleep 2
net stop Red5
sleep 2
copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen
copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks
copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks
net start Red5
:exit

Re: Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate

[Anis Aliev <al...@gmail.com>]

Can you pls, share with as the same on ubuntu?  We will be greatfull

2018-02-07 8:46 GMT+05:00 Maxim Solodovnik <so...@gmail.com>:

> Thanks for sharing!
>
> On Wed, Feb 7, 2018 at 6:03 AM, <vn...@lycos.com> wrote:
>
>> Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate
>>
>> Prerequisites:
>> Download Let's Encrypt portable client for Windows:
>> https://github.com/do-know/Crypt-LE/releases
>> OpenMeetings is installed in c:\red5401
>>
>> Review the official documentation: https://openmeetings.apache.or
>> g/RTMPSAndHTTPS.html
>>
>> On the Router, enable the following rules in /jffs/scripts/firewall-start
>> # Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP
>> 192.168.0.135 (change it to your OM server's IP)
>> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
>> wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443
>> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
>> wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080
>>
>> cmd
>> mkdir c:\SSL
>> set OPENSSL_CONF=c:\SSL\openssl.cnf
>> cd c:\SSL
>> mkdir c:\red5401\webapps\root\.well-known\acme-challenge
>>
>> My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry.
>>
>> 1. Create a keystore and key using the same password:
>> keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore
>> red5/keystore.jks
>> Enter keystore password:
>> Re-enter new password:
>> What is your first and last name?
>> [Unknown]: om.dynu.net -> change to your DNS entry.
>> What is the name of your organizational unit?
>> [Unknown]: Dev
>> What is the name of your organization?
>> [Unknown]: OM
>> What is the name of your City or Locality?
>> [Unknown]: Somecity
>> What is the name of your State or Province?
>> [Unknown]: NY
>> What is the two-letter country code for this unit?
>> [Unknown]: US
>> Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct?
>> [no]: yes
>>
>> 2. Create a CSR from the keystore:
>> keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr
>> -keystore red5/keystore.jks
>>
>> 3. Add the CA root certificate to the keystore (answer yes on cert
>> already exist in system wide CA keystore):
>> keytool -import -alias root -keystore red5/keystore.jks -trustcacerts
>> -file C:\SSL\isrgrootx1.pem.txt
>>
>> 4. Add the CA intermediate certificate to the keystore:
>> keytool -import -alias intermed -keystore red5/keystore.jks -trustcacerts
>> -file C:\SSL\intermediate-crt.txt
>>
>> 5. Generate an account key and domain key for each domain. You only need
>> to generate the account key once.
>> Domain key is best to be created for every separate set of names you are
>> creating certificates for.
>> openssl genrsa -out account.key 4096
>> openssl genrsa -out red5/om.dynu.net-domain.key 2048
>>
>> 6. Generate the SSL certificate for your domain:
>> le64 -key account.key -csr red5/om.dynu.net.csr -csr-key
>> red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains "
>> om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge
>> -unlink -live -legacy
>>
>> 7. Import the certificate you received:
>> keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts
>> -file red5/om.dynu.net.crt
>>
>> 8. Check the keystore certificates
>> keytool -list -keystore red5/keystore.jks
>>
>> 9. Overwrite the following keystore files with the new keystore.jks
>> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen
>> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks
>> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks
>>
>> 10. Restart the Red5 Windows Service
>> net stop Red5 && sleep 10 && net start Red5
>>
>> 11. Check the domain's SSL certificate:
>> https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest
>>
>> Note: To revoke a certificate execute:
>> le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains "
>> om.dynu.net" -live
>>
>> Bonus:
>> Windows batch script for renewal 20 days before expiration:
>> @echo off
>> c:\ssl\le64.exe --key c:\ssl\account.key --csr
>> c:\ssl\red5\om.dynu.net.csr --csr-key c:\ssl\red5\om.dynu.net-domain.key
>> --crt c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path
>> c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20
>> --issue-code 100 --live -legacy
>> if errorlevel 255 goto error
>> if errorlevel 100 goto renew
>> goto exit
>> :error
>> # add e-mail communication
>> goto exit
>> :renew
>> copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak
>> keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass
>> <pass>
>> sleep 2
>> keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass
>> <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt
>> sleep 2
>> net stop Red5
>> sleep 2
>> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen
>> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks
>> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks
>> net start Red5
>> :exit
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>



-- 

IT Manager,e-learning specialist
Skype:aliev_anis
www.facebook.com/anis.aliev
Тел:989010012

Re: Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate

[Maxim Solodovnik <so...@gmail.com>]

Thanks for sharing!

On Wed, Feb 7, 2018 at 6:03 AM, <vn...@lycos.com> wrote:

> Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate
>
> Prerequisites:
> Download Let's Encrypt portable client for Windows:
> https://github.com/do-know/Crypt-LE/releases
> OpenMeetings is installed in c:\red5401
>
> Review the official documentation: https://openmeetings.apache.
> org/RTMPSAndHTTPS.html
>
> On the Router, enable the following rules in /jffs/scripts/firewall-start
> # Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP
> 192.168.0.135 (change it to your OM server's IP)
> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
> wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443
> /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get
> wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080
>
> cmd
> mkdir c:\SSL
> set OPENSSL_CONF=c:\SSL\openssl.cnf
> cd c:\SSL
> mkdir c:\red5401\webapps\root\.well-known\acme-challenge
>
> My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry.
>
> 1. Create a keystore and key using the same password:
> keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore
> red5/keystore.jks
> Enter keystore password:
> Re-enter new password:
> What is your first and last name?
> [Unknown]: om.dynu.net -> change to your DNS entry.
> What is the name of your organizational unit?
> [Unknown]: Dev
> What is the name of your organization?
> [Unknown]: OM
> What is the name of your City or Locality?
> [Unknown]: Somecity
> What is the name of your State or Province?
> [Unknown]: NY
> What is the two-letter country code for this unit?
> [Unknown]: US
> Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct?
> [no]: yes
>
> 2. Create a CSR from the keystore:
> keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr
> -keystore red5/keystore.jks
>
> 3. Add the CA root certificate to the keystore (answer yes on cert already
> exist in system wide CA keystore):
> keytool -import -alias root -keystore red5/keystore.jks -trustcacerts
> -file C:\SSL\isrgrootx1.pem.txt
>
> 4. Add the CA intermediate certificate to the keystore:
> keytool -import -alias intermed -keystore red5/keystore.jks -trustcacerts
> -file C:\SSL\intermediate-crt.txt
>
> 5. Generate an account key and domain key for each domain. You only need
> to generate the account key once.
> Domain key is best to be created for every separate set of names you are
> creating certificates for.
> openssl genrsa -out account.key 4096
> openssl genrsa -out red5/om.dynu.net-domain.key 2048
>
> 6. Generate the SSL certificate for your domain:
> le64 -key account.key -csr red5/om.dynu.net.csr -csr-key
> red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains "
> om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge
> -unlink -live -legacy
>
> 7. Import the certificate you received:
> keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts
> -file red5/om.dynu.net.crt
>
> 8. Check the keystore certificates
> keytool -list -keystore red5/keystore.jks
>
> 9. Overwrite the following keystore files with the new keystore.jks
> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen
> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks
> copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks
>
> 10. Restart the Red5 Windows Service
> net stop Red5 && sleep 10 && net start Red5
>
> 11. Check the domain's SSL certificate:
> https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest
>
> Note: To revoke a certificate execute:
> le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains "
> om.dynu.net" -live
>
> Bonus:
> Windows batch script for renewal 20 days before expiration:
> @echo off
> c:\ssl\le64.exe --key c:\ssl\account.key --csr c:\ssl\red5\om.dynu.net.csr
> --csr-key c:\ssl\red5\om.dynu.net-domain.key --crt
> c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path
> c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20
> --issue-code 100 --live -legacy
> if errorlevel 255 goto error
> if errorlevel 100 goto renew
> goto exit
> :error
> # add e-mail communication
> goto exit
> :renew
> copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak
> keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass
> <pass>
> sleep 2
> keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass
> <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt
> sleep 2
> net stop Red5
> sleep 2
> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen
> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks
> copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks
> net start Red5
> :exit
>



-- 
WBR
Maxim aka solomax

Re: Steps to upgrade OpenMeetings 4.0.1 on Windows to the latest snapshot

[Maxim Solodovnik <so...@gmail.com>]

Thanks again

It is great to see answers and instructions in mailing list :)

On Wed, Feb 7, 2018 at 7:57 PM, <vn...@lycos.com> wrote:

> Steps to upgrade OpenMeetings 4.0.1 on Windows to the latest snapshot
> version:
>
> Based on the following link, but with more details: https://openmeetings.
> apache.org/Upgrade.html
>
> 1) Stop Openmeetings service
> cmd
> cd C:\red5401
> net stop Red5
>
> 2) Backup the folder with existing installation
> jar -cMf C:\OpenMeetings\red5_backup.zip C:\red5401
>
> 3) Perform DB backup using tools available for your database
> mariabackup --backup --target-dir C:\OpenMeetings\MariaDB_Backup --user
> root --password <password>
>
> Note: to restore the backup, empty the data folder, stop the MariaDB
> server and use the following commands:
> (to normalize the datafiles) mariabackup --prepare --target-dir
> C:\OpenMeetings\MariaDB_Backup --user root --password <password>
> (to restore) mariabackup --copy-back --target-dir
> C:\OpenMeetings\MariaDB_Backup --user root --password <password>
>
> 4) Create an OS backup of OM or use Administration > Backup section
> admin -v -b -file C:\OpenMeetings\backup_last.zip
>
> 5) Delete folder with existing installation
> cd \
> RMDIR /S /Q C:\red5401
>
> 6) Unzip new version of OM into the same folder
> mkdir C:\red5401
> cd C:\red5401
> powershell -command "& {[Net.ServicePointManager]::SecurityProtocol =
> [Net.SecurityProtocolType]::Tls12; (new-object System.Net.WebClient).
> DownloadFile('https://builds.apache.org/view/M-R/view/
> OpenMeetings/job/OpenMeetings%204.0.x/lastSuccessfulBuild/
> artifact/openmeetings-server/target/apache-openmeetings-4.0.2-SNAPSHOT.zip
> ','C:\OpenMeetings\apache-openmeetings-4.0.2-SNAPSHOT.zip');}"
> jar -xvf C:\OpenMeetings\apache-openmeetings-4.0.2-SNAPSHOT.zip
>
> 7) Download and install the connector between MariaDB and OpenMeetings:
> powershell -command "(new-object System.Net.WebClient).DownloadFile('
> http://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.45/mysql-
> connector-java-5.1.45.jar','C:\red5401\webapps\openmeetings\
> WEB-INF\lib\mysql-connector-java-5.1.45.jar')"
>
> 8) Install OM with backup import
> admin -v -i -file C:\OpenMeetings\backup_last.zip --drop
> --skip-default-objects --db-type mysql --db-name open401 --db-user root
> --db-pass <password>
>
> 9) Extract the modified files for SSL support from the red5 backup to the
> new OM installation conf folder
> Rename the existing keystore files
> cd conf
> rename truststore.jmx truststore.bak
> rename keystore.jmx keystore.bak
>
> cd /
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/keystore.jks
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/truststore.jks
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/keystore.screen
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/jee-container.xml
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/red5.properties
> jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/red5-core.xml
>
> Alternatively to the above task if the files have changed, manually modify
> the files as per: https://openmeetings.apache.org/RTMPSAndHTTPS.html
>
> As per the following link configure Tomcat for http to https redirects
>
> https://www.journaldev.com/160/steps-to-configure-ssl-on-
> tomcat-and-setup-auto-redirect-from-http-to-https
>
> "C:\Program Files (x86)\Notepad++\notepad++.exe"
> C:\red5401\webapps\root\WEB-INF\web.xml
> Add the following lines to force http -> https redirect by Tomcat after
> the servlet mappings before forbids constraints section:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Entire Application</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> "C:\Program Files (x86)\Notepad++\notepad++.exe" C:\red5401\webapps\
> openmeetings\WEB-INF\web.xml
> Add the following lines to force http -> https redirect by Tomcat in the
> Allowed methods constraint section:
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> <!-- no auth-constraint tag here -->
>
> 10) Download and extract the commons-daemon files for Windows (needed to
> install the Red5 Windows service)
>
> powershell -command "& {[Net.ServicePointManager]::SecurityProtocol =
> [Net.SecurityProtocolType]::Tls12; (new-object System.Net.WebClient).
> DownloadFile('https://archive.apache.org/dist/commons/
> daemon/binaries/windows/commons-daemon-1.0.15-bin-windows.zip
> ','C:\OpenMeetings\commons-daemon-1.0.15-bin-windows.zip');}"
>
> cd C:\red5401
> jar -xvf C:\OpenMeetings\commons-daemon-1.0.15-bin-windows.zip
>
> install-service.bat
>
> 11) Start Openmeetings
> net start Red5
>
> 12) Navigate to Windows Firewall -> Allowed Apps. Switch to Change Mode
> and add the following app:
> Commons Daemon Service Runner
> C:\red5401\amd64\prunsrv.exe
>
>
>


-- 
WBR
Maxim aka solomax

Steps to upgrade OpenMeetings 4.0.1 on Windows to the latest snapshot

[vn...@lycos.com]

Steps to upgrade OpenMeetings 4.0.1 on Windows to the latest snapshot
version: 

Based on the following link, but with more details:
https://openmeetings.apache.org/Upgrade.html 

1) Stop Openmeetings service
cmd
cd C:\red5401
net stop Red5 

2) Backup the folder with existing installation
jar -cMf C:\OpenMeetings\red5_backup.zip C:\red5401 

3) Perform DB backup using tools available for your database
mariabackup --backup --target-dir C:\OpenMeetings\MariaDB_Backup --user
root --password <password> 

Note: to restore the backup, empty the data folder, stop the MariaDB
server and use the following commands:
(to normalize the datafiles) mariabackup --prepare --target-dir
C:\OpenMeetings\MariaDB_Backup --user root --password <password>
(to restore) mariabackup --copy-back --target-dir
C:\OpenMeetings\MariaDB_Backup --user root --password <password> 

4) Create an OS backup of OM or use Administration > Backup section
admin -v -b -file C:\OpenMeetings\backup_last.zip 

5) Delete folder with existing installation
cd \
RMDIR /S /Q C:\red5401 

6) Unzip new version of OM into the same folder
mkdir C:\red5401
cd C:\red5401
powershell -command "& {[Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12; (new-object
System.Net.WebClient).DownloadFile('https://builds.apache.org/view/M-R/view/OpenMeetings/job/OpenMeetings%204.0.x/lastSuccessfulBuild/artifact/openmeetings-server/target/apache-openmeetings-4.0.2-SNAPSHOT.zip','C:\OpenMeetings\apache-openmeetings-4.0.2-SNAPSHOT.zip');}"
jar -xvf C:\OpenMeetings\apache-openmeetings-4.0.2-SNAPSHOT.zip 

7) Download and install the connector between MariaDB and OpenMeetings:
powershell -command "(new-object
System.Net.WebClient).DownloadFile('http://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.45/mysql-connector-java-5.1.45.jar','C:\red5401\webapps\openmeetings\WEB-INF\lib\mysql-connector-java-5.1.45.jar')"


8) Install OM with backup import
admin -v -i -file C:\OpenMeetings\backup_last.zip --drop
--skip-default-objects --db-type mysql --db-name open401 --db-user root
--db-pass <password> 

9) Extract the modified files for SSL support from the red5 backup to
the new OM installation conf folder
Rename the existing keystore files
cd conf
rename truststore.jmx truststore.bak
rename keystore.jmx keystore.bak 

cd /
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/keystore.jks
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/truststore.jks
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/keystore.screen
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/jee-container.xml
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/red5.properties
jar -xvf C:\OpenMeetings\red5_backup.zip red5401/conf/red5-core.xml 

Alternatively to the above task if the files have changed, manually
modify the files as per:
https://openmeetings.apache.org/RTMPSAndHTTPS.html 

As per the following link configure Tomcat for http to https redirects 

https://www.journaldev.com/160/steps-to-configure-ssl-on-tomcat-and-setup-auto-redirect-from-http-to-https


"C:\Program Files (x86)\Notepad++\notepad++.exe"
C:\red5401\webapps\root\WEB-INF\web.xml
Add the following lines to force http -> https redirect by Tomcat after
the servlet mappings before forbids constraints section:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint> 

"C:\Program Files (x86)\Notepad++\notepad++.exe"
C:\red5401\webapps\openmeetings\WEB-INF\web.xml
Add the following lines to force http -> https redirect by Tomcat in the
Allowed methods constraint section:
</web-resource-collection> 
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
<!-- no auth-constraint tag here --> 

10) Download and extract the commons-daemon files for Windows (needed to
install the Red5 Windows service) 

powershell -command "& {[Net.ServicePointManager]::SecurityProtocol =
[Net.SecurityProtocolType]::Tls12; (new-object
System.Net.WebClient).DownloadFile('https://archive.apache.org/dist/commons/daemon/binaries/windows/commons-daemon-1.0.15-bin-windows.zip','C:\OpenMeetings\commons-daemon-1.0.15-bin-windows.zip');}"


cd C:\red5401
jar -xvf C:\OpenMeetings\commons-daemon-1.0.15-bin-windows.zip 

install-service.bat 

11) Start Openmeetings
net start Red5 

12) Navigate to Windows Firewall -> Allowed Apps. Switch to Change Mode
and add the following app:
Commons Daemon Service Runner
C:\red5401\amd64\prunsrv.exe