You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Андрей Прицепов <p....@fort.crimea.com> on 2017/12/28 14:35:55 UTC
Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For
beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is
create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
/opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password
left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
/opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"
RE: Configure https on centos7
Posted by Андрей Прицепов <p....@fort.crimea.com>.
Ø in your case it seems file /opt/red5401/conf/keystore.jks exists and the password is wrong ....
file /opt/red5401/conf/keystore.jks not exist. I was thinking that I create it by command keytool
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Thursday, December 28, 2017 6:43 PM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
I guess this commands are for non-existent keystore
in your case it seems file /opt/red5401/conf/keystore.jks exists and the password is wrong ....
On Thu, Dec 28, 2017 at 9:35 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
I guess this commands are for non-existent keystore
in your case it seems file /opt/red5401/conf/keystore.jks exists and the
password is wrong ....
On Thu, Dec 28, 2017 at 9:35 PM, Андрей Прицепов <p....@fort.crimea.com>
wrote:
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> For beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step
> password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
--
WBR
Maxim aka solomax
RE: Configure https on centos7
Posted by "Yakovlev N." <ya...@krvostok.ru>.
Change it
You use another one
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Friday, December 29, 2017 9:25 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
Its standard, line "jmx.keystorepass=password"
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"
From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
Sent: Friday, December 29, 2017 7:51 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For
beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is
create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
/opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password
left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
/opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
All steps are required
keytool options might have been changed by Oracle
or you might use openjdk version (you need to check "--help", man for your
version)
https://www.google.ru/search?q=pull+request
one of the top links: https://help.github.com/articles/about-pull-requests/
.....
On Fri, Dec 29, 2017 at 7:55 PM, Андрей Прицепов <p....@fort.crimea.com>
wrote:
> I confused what shell I do on this step? Just erase this not-exist
> command, ignore it and move on by instruction?
>
>
>
> p.s. Pull requests re always welcome :)
>
> Please write some neutral text, I even don’t know how correctly translate
> this. I know English, but not so perfect to translate it free by myself.
> Even translate.google.com not help me understand what you mean
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 3:37 PM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> Pull requests re always welcome :)
>
>
>
> On Fri, Dec 29, 2017 at 7:32 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> I do all by this instruction http://openmeetings.apache.
> org/RTMPSAndHTTPS.html#Steps_for_OM_server except create in the beginning
> red5.key and red5.crt.
>
> In instruction error on this command:
> keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
> -keystorepass password -trustcacerts -file red5.crt
>
>
>
> Error:
> illegal option: -keystorepass
>
>
>
> In documentation https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html not exist that option so
> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is
> not can’t be used, not relevant.
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 11:12 AM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> Please read documentation [1] and use search before asking questions
>
>
>
> According to the steps from [2] "-srcstorepass changeit" this means "
> red5.p12" MUST have password "changeit"
>
>
>
> [1] https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
>
> [2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>
>
>
> On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Ø The idea here is…
>
> I can’t do this idea in practice, something doing not right. I create
> red5.crt and red5.p12 but keystore.jks can’t create. Not enough information
> in instruction to do this fast step-by-step. Later I will have ‘real’
> certificate.
>
>
>
> Ø At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
> What means #3?
>
> I renamed them, but *jks wasn’t there in the beginning was *jmx.
>
>
>
>
>
> Ø Finally you are renaming passwords, they MUST match
>
> So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> enter “jmx.keystorepass=password” when it ask me enter password. If like
> that I still have this error.
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 10:27 AM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> The idea here is
>
> 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>
> 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>
> 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>
>
>
> At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
>
>
> Finally you are renaming passwords, they MUST match
>
>
>
>
>
> On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Its standard, line “jmx.keystorepass=password”
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> *Sent:* Friday, December 29, 2017 7:51 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: Configure https on centos7
>
>
>
> which passwords do you use in red5/conf/red5.properties ?
>
>
>
> *From:* Андрей Прицепов [mailto:p.andrey@fort.crimea.com
> <p....@fort.crimea.com>]
> *Sent:* Thursday, December 28, 2017 5:36 PM
> *To:* user@openmeetings.apache.org
> *Subject:* Configure https on centos7
>
>
>
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> For beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step
> password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: Configure https on centos7
Posted by Андрей Прицепов <p....@fort.crimea.com>.
I confused what shell I do on this step? Just erase this not-exist command, ignore it and move on by instruction?
p.s. Pull requests re always welcome :)
Please write some neutral text, I even don’t know how correctly translate this. I know English, but not so perfect to translate it free by myself. Even translate.google.com not help me understand what you mean
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 3:37 PM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
Pull requests re always welcome :)
On Fri, Dec 29, 2017 at 7:32 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
I do all by this instruction <http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server except create in the beginning red5.key and red5.crt.
In instruction error on this command:
keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks -keystorepass password -trustcacerts -file red5.crt
Error:
illegal option: -keystorepass
In documentation https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html not exist that option so <http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is not can’t be used, not relevant.
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 11:12 AM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
Please read documentation [1] and use search before asking questions
According to the steps from [2] "-srcstorepass changeit" this means "red5.p12" MUST have password "changeit"
[1] https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
[2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Ø The idea here is…
I can’t do this idea in practice, something doing not right. I create red5.crt and red5.p12 but keystore.jks can’t create. Not enough information in instruction to do this fast step-by-step. Later I will have ‘real’ certificate.
Ø At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
What means #3?
I renamed them, but *jks wasn’t there in the beginning was *jmx.
Ø Finally you are renaming passwords, they MUST match
So when I do command “openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter “jmx.keystorepass=password” when it ask me enter password. If like that I still have this error.
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 10:27 AM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
The idea here is
1) you are creating self-signed certificate (prerequisite) -> red5.crt
2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
3) you are creating keystore based on signed red5.p12 -> keystore.jks
At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
Finally you are renaming passwords, they MUST match
On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Its standard, line “jmx.keystorepass=password”
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
Sent: Friday, December 29, 2017 7:51 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
Pull requests re always welcome :)
On Fri, Dec 29, 2017 at 7:32 PM, Андрей Прицепов <p....@fort.crimea.com>
wrote:
> I do all by this instruction http://openmeetings.apache.
> org/RTMPSAndHTTPS.html#Steps_for_OM_server except create in the beginning
> red5.key and red5.crt.
>
> In instruction error on this command:
> keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
> -keystorepass password -trustcacerts -file red5.crt
>
>
>
> Error:
> illegal option: -keystorepass
>
>
>
> In documentation https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html not exist that option so
> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is
> not can’t be used, not relevant.
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 11:12 AM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> Please read documentation [1] and use search before asking questions
>
>
>
> According to the steps from [2] "-srcstorepass changeit" this means "
> red5.p12" MUST have password "changeit"
>
>
>
> [1] https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
>
> [2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>
>
>
> On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Ø The idea here is…
>
> I can’t do this idea in practice, something doing not right. I create
> red5.crt and red5.p12 but keystore.jks can’t create. Not enough information
> in instruction to do this fast step-by-step. Later I will have ‘real’
> certificate.
>
>
>
> Ø At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
> What means #3?
>
> I renamed them, but *jks wasn’t there in the beginning was *jmx.
>
>
>
>
>
> Ø Finally you are renaming passwords, they MUST match
>
> So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> enter “jmx.keystorepass=password” when it ask me enter password. If like
> that I still have this error.
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 10:27 AM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> The idea here is
>
> 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>
> 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>
> 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>
>
>
> At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
>
>
> Finally you are renaming passwords, they MUST match
>
>
>
>
>
> On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Its standard, line “jmx.keystorepass=password”
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> *Sent:* Friday, December 29, 2017 7:51 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: Configure https on centos7
>
>
>
> which passwords do you use in red5/conf/red5.properties ?
>
>
>
> *From:* Андрей Прицепов [mailto:p.andrey@fort.crimea.com
> <p....@fort.crimea.com>]
> *Sent:* Thursday, December 28, 2017 5:36 PM
> *To:* user@openmeetings.apache.org
> *Subject:* Configure https on centos7
>
>
>
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> For beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step
> password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
yes, this was my point.
Unfortunately, I have no time to check all JVMs in all distros :(
This is why I'm not changing instructions right now
On Sat, Jan 6, 2018 at 12:39 AM, David Jentz <je...@gmail.com> wrote:
> Yes that is the same for me. Moreover, storepass seems to work just
> fine. Maybe keytool arguments vary from java to java.
>
> -Dave
>
> On Fri, Jan 5, 2018 at 3:29 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > I guess "keystorepass" should be "storepass" could you check on your
> system?
> >
> > keytool -import --help
> > keytool -importcert [OPTION]...
> >
> > Imports a certificate or a certificate chain
> >
> > Options:
> >
> > -noprompt do not prompt
> > -trustcacerts trust certificates from cacerts
> > -protected password through protected mechanism
> > -alias <alias> alias name of the entry to process
> > -file <filename> input file name
> > -keypass <arg> key password
> > -keystore <keystore> keystore name
> > -storepass <arg> keystore password
> > -storetype <storetype> keystore type
> > -providername <providername> provider name
> > -providerclass <providerclass> provider class name
> > -providerarg <arg> provider argument
> > -providerpath <pathlist> provider classpath
> > -v verbose output
> >
> >
> > On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> So I think I may have found the solution. May not have needed https
> >> all along. I know this is a bit off topic for the original thread, but
> >> I do not mean to create more work, so I will respond here.
> >>
> >> Still a bit preliminary here. Will post new details if I find them.
> >>
> >> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
> >>
> >> If I click the (i) in the address bar for my specific site, then click
> >> site settings, I can then switch microphone to "Allow" instead of
> >> "Ask(default)". I also do the same for flash.
> >>
> >>
> >> Anyhow, this appears to work just fine (or I'll get it soon).
> >>
> >> As for question about keystorepass srcstorepass and deststorepass, when
> I
> >> run
> >> keytool -importkeystore --help
> >> I get identical output to what you have listed (both srcstorepass and
> >> deststorepass)
> >>
> >> These items are on step 2 of the Steps for OM server guide. This step
> >> also seems to work just fine for me.
> >>
> >> I think, for me at least, the real problem is step 3
> >>
> >> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
> >> -keystorepass changeit -trustcacerts -file ca.crt
> >>
> >> Where keystorepass is not an option.
> >>
> >> Instead, if I just use -storepass it seems to work just fine :-)
> >>
> >> Thank you!
> >> -Dave
> >>
> >>
> >> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
> >> wrote:
> >> > All your steps sounds correct to me
> >> > It works for me
> >> > I got this "Allow Flash" message from browser only once
> >> >
> >> > then everything works flawlessly
> >> >
> >> > I can create recording with my steps after Jan, 9, if it will help
> ....
> >> > not
> >> > sure how :(
> >> >
> >> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> >> >>
> >> >> I will get back to you on these questions on Tuesday if that is OK.
> >> >>
> >> >> I did manage to get openmeetings to work via https, I do not have it
> >> >> fully scripted just yet, but close. This is using the self-signed CA
> >> >> and cert method described on the link.
> >> >>
> >> >> The reason I wen't this way in the first place was because when I
> >> >> enter an openmeetings room, I was not being presented a list of audio
> >> >> hardware to use. I was told that chrome needs https to access
> >> >> microphone.
> >> >>
> >> >> Well, even with the https, after enabling flash, after entering a
> room
> >> >> I click gear widget. It has choose webcam: Disabled, choose
> microphone
> >> >> disabled. On the right side it says: "Click to Enable Adobe Flash
> >> >> Player". I click, flash player seems to enable OK (keep in mind this
> >> >> is with PepperFlash). I can do recordings tests, etc.
> >> >>
> >> >> But still only option for microphone is Disabled. If I click widget
> >> >> again, setting is the same.
> >> >> If I restart chrome, and log back in, I do not have to enable flash
> >> >> this time, but still for microphone option is Disabled
> >> >>
> >> >> I know chromium can see my audio hardware, if I go to chromium ->
> >> >> settings -> content settings -> microphone, the correct device is
> >> >> listed there. My only option is "Ask before accessing (recommended)",
> >> >> otherwise mic is completely disabled. There are no sites listed in
> the
> >> >> blocked or allowed lists below.
> >> >>
> >> >> It would seem openmeetings is not asking to chromium to use
> >> >> microphone. Am I doing something wrong? Will the self signed cert
> >> >> method work to enable this?
> >> >>
> >> >> -Dave
> >> >>
> >> >>
> >> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > Do you have these options in your version?
> >> >> > What is the error?
> >> >> >
> >> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem
> >> >> >> to
> >> >> >> accept an argument despite what the help page said.
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
> >> >> >> <so...@gmail.com>
> >> >> >> wrote:
> >> >> >> > here is mine output: (src and dest keystore options are
> >> >> >> > highlighted)
> >> >> >> >
> >> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
> >> >> >> > --help
> >> >> >> >
> >> >> >> > keytool -importkeystore [OPTION]...
> >> >> >> >
> >> >> >> > Imports one or all entries from another keystore
> >> >> >> >
> >> >> >> > Options:
> >> >> >> >
> >> >> >> > -srckeystore <srckeystore> source keystore name
> >> >> >> > -destkeystore <destkeystore> destination keystore name
> >> >> >> > -srcstoretype <srcstoretype> source keystore type
> >> >> >> > -deststoretype <deststoretype> destination keystore type
> >> >> >> > -srcstorepass <arg> source keystore password
> >> >> >> > -deststorepass <arg> destination keystore
> >> >> >> > password
> >> >> >> > -srcprotected source keystore password
> >> >> >> > protected
> >> >> >> > -srcprovidername <srcprovidername> source keystore provider
> >> >> >> > name
> >> >> >> > -destprovidername <destprovidername> destination keystore
> >> >> >> > provider
> >> >> >> > name
> >> >> >> > -srcalias <srcalias> source alias
> >> >> >> > -destalias <destalias> destination alias
> >> >> >> > -srckeypass <arg> source key password
> >> >> >> > -destkeypass <arg> destination key password
> >> >> >> > -noprompt do not prompt
> >> >> >> > -providerclass <providerclass> provider class name
> >> >> >> > -providerarg <arg> provider argument
> >> >> >> > -providerpath <pathlist> provider classpath
> >> >> >> > -v verbose output
> >> >> >> >
> >> >> >> > Use "keytool -help" for all available commands
> >> >> >> >
> >> >> >> >
> >> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <jentzd@gmail.com
> >
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> keytool --help does not list -keystorepass as an option for me.
> >> >> >> >> here
> >> >> >> >> is what we have to work with:
> >> >> >> >>
> >> >> >> >> #which keytool
> >> >> >> >> /usr/bin/keytool
> >> >> >> >>
> >> >> >> >> #namei /usr/bin/keytool
> >> >> >> >> f: /usr/bin/keytool
> >> >> >> >> d /
> >> >> >> >> d usr
> >> >> >> >> d bin
> >> >> >> >> l keytool -> /etc/alternatives/keytool
> >> >> >> >> d /
> >> >> >> >> d etc
> >> >> >> >> d alternatives
> >> >> >> >> l keytool ->
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> >> d /
> >> >> >> >> d usr
> >> >> >> >> d lib
> >> >> >> >> d jvm
> >> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> >> d jre
> >> >> >> >> d bin
> >> >> >> >> - keytool
> >> >> >> >>
> >> >> >> >> #rpm -qf
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> >>
> >> >> >> >> #keytool -help
> >> >> >> >> Key and Certificate Management Tool
> >> >> >> >>
> >> >> >> >> Commands:
> >> >> >> >>
> >> >> >> >> -certreq Generates a certificate request
> >> >> >> >> -changealias Changes an entry's alias
> >> >> >> >> -delete Deletes an entry
> >> >> >> >> -exportcert Exports certificate
> >> >> >> >> -genkeypair Generates a key pair
> >> >> >> >> -genseckey Generates a secret key
> >> >> >> >> -gencert Generates certificate from a certificate
> >> >> >> >> request
> >> >> >> >> -importcert Imports a certificate or a certificate
> chain
> >> >> >> >> -importpass Imports a password
> >> >> >> >> -importkeystore Imports one or all entries from another
> >> >> >> >> keystore
> >> >> >> >> -keypasswd Changes the key password of an entry
> >> >> >> >> -list Lists entries in a keystore
> >> >> >> >> -printcert Prints the content of a certificate
> >> >> >> >> -printcertreq Prints the content of a certificate
> request
> >> >> >> >> -printcrl Prints the content of a CRL file
> >> >> >> >> -storepasswd Changes the store password of a keystore
> >> >> >> >>
> >> >> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> I think we have the openjdk on the linux (perhaps other
> platforms
> >> >> >> >> too)
> >> >> >> >> and not the Sun/oracle implementation so as to get around
> license
> >> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
> >> >> >> >> linux,
> >> >> >> >> it
> >> >> >> >> doesn't have keystorepass either.
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> -Dave
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> >> >> <so...@gmail.com>
> >> >> >> >> wrote:
> >> >> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >> >> >
> >> >> >> >> > For real server it might be better to set up "let's encrypt"
> >> >> >> >> > free
> >> >> >> >> > certificate (script was posted some time ago)
> >> >> >> >> >
> >> >> >> >> > WBR, Maxim
> >> >> >> >> > (from mobile, sorry for the typos)
> >> >> >> >> >
> >> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
> >> >> >> >> > wrote:
> >> >> >> >> >>
> >> >> >> >> >> I am working through these steps on rhel6 which is a close
> >> >> >> >> >> cousin
> >> >> >> >> >> to
> >> >> >> >> >> centos 6.
> >> >> >> >> >>
> >> >> >> >> >> I have the same issue, -keystorepass is not a valid argument
> >> >> >> >> >> to
> >> >> >> >> >> keytool.
> >> >> >> >> >>
> >> >> >> >> >> Instead, you can just leave that argument off (and the pass
> )
> >> >> >> >> >> since
> >> >> >> >> >> then keytool will just prompt.
> >> >> >> >> >>
> >> >> >> >> >> This still poses a problem for me because I am trying to
> have
> >> >> >> >> >> the
> >> >> >> >> >> entire setup in a script. Perhaps I can write an expect
> script
> >> >> >> >> >> just
> >> >> >> >> >> for this one line.
> >> >> >> >> >>
> >> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
> >> >> >> >> >> turns
> >> >> >> >> >> out
> >> >> >> >> >> my version of chrome requires it for sound.
> >> >> >> >> >>
> >> >> >> >> >> -Dave
> >> >> >> >> >>
> >> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> >> >> > I do all by this instruction
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> > except
> >> >> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >> >> >
> >> >> >> >> >> > In instruction error on this command:
> >> >> >> >> >> > keytool -import -alias root -keystore
> >> >> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Error:
> >> >> >> >> >> > illegal option: -keystorepass
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > In documentation
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >> > not exist that option so
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> > is
> >> >> >> >> >> > not
> >> >> >> >> >> > can’t be used, not relevant.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> >> >> > questions
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit"
> >> >> >> >> >> > this
> >> >> >> >> >> > means
> >> >> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > [1]
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >> >
> >> >> >> >> >> > [2]
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> >> > wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > Ø The idea here is…
> >> >> >> >> >> >
> >> >> >> >> >> > I can’t do this idea in practice, something doing not
> right.
> >> >> >> >> >> > I
> >> >> >> >> >> > create
> >> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
> >> >> >> >> >> > enough
> >> >> >> >> >> > information
> >> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
> >> >> >> >> >> > have
> >> >> >> >> >> > ‘real’
> >> >> >> >> >> > certificate.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Ø At the moment you are starting #3 above there should be
> >> >> >> >> >> > NO
> >> >> >> >> >> > keystore.jks,
> >> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >> >> >
> >> >> >> >> >> > What means #3?
> >> >> >> >> >> >
> >> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
> >> >> >> >> >> > *jmx.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >> >> >
> >> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> >> >> >> >> >> > -newkey
> >> >> >> >> >> > rsa:2048
> >> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
> >> >> >> >> >> > /opt/prytsepov/red5.crt” I
> >> >> >> >> >> > enter
> >> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password.
> >> >> >> >> >> > If
> >> >> >> >> >> > like
> >> >> >> >> >> > that
> >> >> >> >> >> > I
> >> >> >> >> >> > still have this error.
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > The idea here is
> >> >> >> >> >> >
> >> >> >> >> >> > 1) you are creating self-signed certificate
> (prerequisite)
> >> >> >> >> >> > ->
> >> >> >> >> >> > red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> >> >> > red5.p12
> >> >> >> >> >> >
> >> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> >> >> > keystore.jks
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> >> >> > keystore.jks,
> >> >> >> >> >> > you
> >> >> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> >> > wrote:
> >> >> >> >> >> >
> >> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> >> > Subject: Configure https on centos7
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Use this instruction
> >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> >> >> > For
> >> >> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >> >> >
> >> >> >> >> >> > Not all in instruction was wrote, so what I do first
> before
> >> >> >> >> >> > instruction
> >> >> >> >> >> > is
> >> >> >> >> >> > create self-signed sertificate:
> >> >> >> >> >> >
> >> >> >> >> >> > su -
> >> >> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >> >> >
> >> >> >> >> >> > cd /opt/prytsepov
> >> >> >> >> >> >
> >> >> >> >> >> > yum install mod_ssl
> >> >> >> >> >> >
> >> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048
> >> >> >> >> >> > -keyout
> >> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Then I do by instruction:
> >> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On
> >> >> >> >> >> > this
> >> >> >> >> >> > step
> >> >> >> >> >> > password
> >> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
> >> >> >> >> >> > red5.key
> >> >> >> >> >> > -out
> >> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >> >> >
> >> >> >> >> >> > keytool -importkeystore -srcstorepass changeit
> -srckeystore
> >> >> >> >> >> > red5.p12
> >> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > Here I see errors:
> >> >> >> >> >> >
> >> >> >> >> >> > keytool error:java.io.IOException:keystore password was
> >> >> >> >> >> > incorrect
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > -------------------
> >> >> >> >> >> >
> >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > --
> >> >> >> >> >> >
> >> >> >> >> >> > WBR
> >> >> >> >> >> > Maxim aka solomax
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >> > --
> >> >> >> >> >> >
> >> >> >> >> >> > WBR
> >> >> >> >> >> > Maxim aka solomax
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > WBR
> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
Yes that is the same for me. Moreover, storepass seems to work just
fine. Maybe keytool arguments vary from java to java.
-Dave
On Fri, Jan 5, 2018 at 3:29 AM, Maxim Solodovnik <so...@gmail.com> wrote:
> I guess "keystorepass" should be "storepass" could you check on your system?
>
> keytool -import --help
> keytool -importcert [OPTION]...
>
> Imports a certificate or a certificate chain
>
> Options:
>
> -noprompt do not prompt
> -trustcacerts trust certificates from cacerts
> -protected password through protected mechanism
> -alias <alias> alias name of the entry to process
> -file <filename> input file name
> -keypass <arg> key password
> -keystore <keystore> keystore name
> -storepass <arg> keystore password
> -storetype <storetype> keystore type
> -providername <providername> provider name
> -providerclass <providerclass> provider class name
> -providerarg <arg> provider argument
> -providerpath <pathlist> provider classpath
> -v verbose output
>
>
> On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
>>
>> So I think I may have found the solution. May not have needed https
>> all along. I know this is a bit off topic for the original thread, but
>> I do not mean to create more work, so I will respond here.
>>
>> Still a bit preliminary here. Will post new details if I find them.
>>
>> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
>>
>> If I click the (i) in the address bar for my specific site, then click
>> site settings, I can then switch microphone to "Allow" instead of
>> "Ask(default)". I also do the same for flash.
>>
>>
>> Anyhow, this appears to work just fine (or I'll get it soon).
>>
>> As for question about keystorepass srcstorepass and deststorepass, when I
>> run
>> keytool -importkeystore --help
>> I get identical output to what you have listed (both srcstorepass and
>> deststorepass)
>>
>> These items are on step 2 of the Steps for OM server guide. This step
>> also seems to work just fine for me.
>>
>> I think, for me at least, the real problem is step 3
>>
>> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
>> -keystorepass changeit -trustcacerts -file ca.crt
>>
>> Where keystorepass is not an option.
>>
>> Instead, if I just use -storepass it seems to work just fine :-)
>>
>> Thank you!
>> -Dave
>>
>>
>> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > All your steps sounds correct to me
>> > It works for me
>> > I got this "Allow Flash" message from browser only once
>> >
>> > then everything works flawlessly
>> >
>> > I can create recording with my steps after Jan, 9, if it will help ....
>> > not
>> > sure how :(
>> >
>> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
>> >>
>> >> I will get back to you on these questions on Tuesday if that is OK.
>> >>
>> >> I did manage to get openmeetings to work via https, I do not have it
>> >> fully scripted just yet, but close. This is using the self-signed CA
>> >> and cert method described on the link.
>> >>
>> >> The reason I wen't this way in the first place was because when I
>> >> enter an openmeetings room, I was not being presented a list of audio
>> >> hardware to use. I was told that chrome needs https to access
>> >> microphone.
>> >>
>> >> Well, even with the https, after enabling flash, after entering a room
>> >> I click gear widget. It has choose webcam: Disabled, choose microphone
>> >> disabled. On the right side it says: "Click to Enable Adobe Flash
>> >> Player". I click, flash player seems to enable OK (keep in mind this
>> >> is with PepperFlash). I can do recordings tests, etc.
>> >>
>> >> But still only option for microphone is Disabled. If I click widget
>> >> again, setting is the same.
>> >> If I restart chrome, and log back in, I do not have to enable flash
>> >> this time, but still for microphone option is Disabled
>> >>
>> >> I know chromium can see my audio hardware, if I go to chromium ->
>> >> settings -> content settings -> microphone, the correct device is
>> >> listed there. My only option is "Ask before accessing (recommended)",
>> >> otherwise mic is completely disabled. There are no sites listed in the
>> >> blocked or allowed lists below.
>> >>
>> >> It would seem openmeetings is not asking to chromium to use
>> >> microphone. Am I doing something wrong? Will the self signed cert
>> >> method work to enable this?
>> >>
>> >> -Dave
>> >>
>> >>
>> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik
>> >> <so...@gmail.com>
>> >> wrote:
>> >> > Do you have these options in your version?
>> >> > What is the error?
>> >> >
>> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem
>> >> >> to
>> >> >> accept an argument despite what the help page said.
>> >> >>
>> >> >> -Dave
>> >> >>
>> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
>> >> >> <so...@gmail.com>
>> >> >> wrote:
>> >> >> > here is mine output: (src and dest keystore options are
>> >> >> > highlighted)
>> >> >> >
>> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
>> >> >> > --help
>> >> >> >
>> >> >> > keytool -importkeystore [OPTION]...
>> >> >> >
>> >> >> > Imports one or all entries from another keystore
>> >> >> >
>> >> >> > Options:
>> >> >> >
>> >> >> > -srckeystore <srckeystore> source keystore name
>> >> >> > -destkeystore <destkeystore> destination keystore name
>> >> >> > -srcstoretype <srcstoretype> source keystore type
>> >> >> > -deststoretype <deststoretype> destination keystore type
>> >> >> > -srcstorepass <arg> source keystore password
>> >> >> > -deststorepass <arg> destination keystore
>> >> >> > password
>> >> >> > -srcprotected source keystore password
>> >> >> > protected
>> >> >> > -srcprovidername <srcprovidername> source keystore provider
>> >> >> > name
>> >> >> > -destprovidername <destprovidername> destination keystore
>> >> >> > provider
>> >> >> > name
>> >> >> > -srcalias <srcalias> source alias
>> >> >> > -destalias <destalias> destination alias
>> >> >> > -srckeypass <arg> source key password
>> >> >> > -destkeypass <arg> destination key password
>> >> >> > -noprompt do not prompt
>> >> >> > -providerclass <providerclass> provider class name
>> >> >> > -providerarg <arg> provider argument
>> >> >> > -providerpath <pathlist> provider classpath
>> >> >> > -v verbose output
>> >> >> >
>> >> >> > Use "keytool -help" for all available commands
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> keytool --help does not list -keystorepass as an option for me.
>> >> >> >> here
>> >> >> >> is what we have to work with:
>> >> >> >>
>> >> >> >> #which keytool
>> >> >> >> /usr/bin/keytool
>> >> >> >>
>> >> >> >> #namei /usr/bin/keytool
>> >> >> >> f: /usr/bin/keytool
>> >> >> >> d /
>> >> >> >> d usr
>> >> >> >> d bin
>> >> >> >> l keytool -> /etc/alternatives/keytool
>> >> >> >> d /
>> >> >> >> d etc
>> >> >> >> d alternatives
>> >> >> >> l keytool ->
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> >> d /
>> >> >> >> d usr
>> >> >> >> d lib
>> >> >> >> d jvm
>> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> >> d jre
>> >> >> >> d bin
>> >> >> >> - keytool
>> >> >> >>
>> >> >> >> #rpm -qf
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> >>
>> >> >> >> #keytool -help
>> >> >> >> Key and Certificate Management Tool
>> >> >> >>
>> >> >> >> Commands:
>> >> >> >>
>> >> >> >> -certreq Generates a certificate request
>> >> >> >> -changealias Changes an entry's alias
>> >> >> >> -delete Deletes an entry
>> >> >> >> -exportcert Exports certificate
>> >> >> >> -genkeypair Generates a key pair
>> >> >> >> -genseckey Generates a secret key
>> >> >> >> -gencert Generates certificate from a certificate
>> >> >> >> request
>> >> >> >> -importcert Imports a certificate or a certificate chain
>> >> >> >> -importpass Imports a password
>> >> >> >> -importkeystore Imports one or all entries from another
>> >> >> >> keystore
>> >> >> >> -keypasswd Changes the key password of an entry
>> >> >> >> -list Lists entries in a keystore
>> >> >> >> -printcert Prints the content of a certificate
>> >> >> >> -printcertreq Prints the content of a certificate request
>> >> >> >> -printcrl Prints the content of a CRL file
>> >> >> >> -storepasswd Changes the store password of a keystore
>> >> >> >>
>> >> >> >> Use "keytool -command_name -help" for usage of command_name
>> >> >> >>
>> >> >> >>
>> >> >> >> I think we have the openjdk on the linux (perhaps other platforms
>> >> >> >> too)
>> >> >> >> and not the Sun/oracle implementation so as to get around license
>> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
>> >> >> >> linux,
>> >> >> >> it
>> >> >> >> doesn't have keystorepass either.
>> >> >> >>
>> >> >> >>
>> >> >> >> -Dave
>> >> >> >>
>> >> >> >>
>> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
>> >> >> >> <so...@gmail.com>
>> >> >> >> wrote:
>> >> >> >> > Can you run "keytool --help" and check possible options?
>> >> >> >> >
>> >> >> >> > For real server it might be better to set up "let's encrypt"
>> >> >> >> > free
>> >> >> >> > certificate (script was posted some time ago)
>> >> >> >> >
>> >> >> >> > WBR, Maxim
>> >> >> >> > (from mobile, sorry for the typos)
>> >> >> >> >
>> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> I am working through these steps on rhel6 which is a close
>> >> >> >> >> cousin
>> >> >> >> >> to
>> >> >> >> >> centos 6.
>> >> >> >> >>
>> >> >> >> >> I have the same issue, -keystorepass is not a valid argument
>> >> >> >> >> to
>> >> >> >> >> keytool.
>> >> >> >> >>
>> >> >> >> >> Instead, you can just leave that argument off (and the pass )
>> >> >> >> >> since
>> >> >> >> >> then keytool will just prompt.
>> >> >> >> >>
>> >> >> >> >> This still poses a problem for me because I am trying to have
>> >> >> >> >> the
>> >> >> >> >> entire setup in a script. Perhaps I can write an expect script
>> >> >> >> >> just
>> >> >> >> >> for this one line.
>> >> >> >> >>
>> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
>> >> >> >> >> turns
>> >> >> >> >> out
>> >> >> >> >> my version of chrome requires it for sound.
>> >> >> >> >>
>> >> >> >> >> -Dave
>> >> >> >> >>
>> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> >> >> >> <p....@fort.crimea.com> wrote:
>> >> >> >> >> > I do all by this instruction
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> > except
>> >> >> >> >> > create in the beginning red5.key and red5.crt.
>> >> >> >> >> >
>> >> >> >> >> > In instruction error on this command:
>> >> >> >> >> > keytool -import -alias root -keystore
>> >> >> >> >> > /opt/red5401/conf/keystore.jks
>> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Error:
>> >> >> >> >> > illegal option: -keystorepass
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > In documentation
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >> > not exist that option so
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> > is
>> >> >> >> >> > not
>> >> >> >> >> > can’t be used, not relevant.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > To: Openmeetings user-list
>> >> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Please read documentation [1] and use search before asking
>> >> >> >> >> > questions
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit"
>> >> >> >> >> > this
>> >> >> >> >> > means
>> >> >> >> >> > "red5.p12" MUST have password "changeit"
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > [1]
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >> >
>> >> >> >> >> > [2]
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> >> > wrote:
>> >> >> >> >> >
>> >> >> >> >> > Ø The idea here is…
>> >> >> >> >> >
>> >> >> >> >> > I can’t do this idea in practice, something doing not right.
>> >> >> >> >> > I
>> >> >> >> >> > create
>> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
>> >> >> >> >> > enough
>> >> >> >> >> > information
>> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
>> >> >> >> >> > have
>> >> >> >> >> > ‘real’
>> >> >> >> >> > certificate.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Ø At the moment you are starting #3 above there should be
>> >> >> >> >> > NO
>> >> >> >> >> > keystore.jks,
>> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
>> >> >> >> >> >
>> >> >> >> >> > What means #3?
>> >> >> >> >> >
>> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
>> >> >> >> >> > *jmx.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >> >> >> >
>> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
>> >> >> >> >> > -newkey
>> >> >> >> >> > rsa:2048
>> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
>> >> >> >> >> > /opt/prytsepov/red5.crt” I
>> >> >> >> >> > enter
>> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password.
>> >> >> >> >> > If
>> >> >> >> >> > like
>> >> >> >> >> > that
>> >> >> >> >> > I
>> >> >> >> >> > still have this error.
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> >> >> >> > To: Openmeetings user-list
>> >> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > The idea here is
>> >> >> >> >> >
>> >> >> >> >> > 1) you are creating self-signed certificate (prerequisite)
>> >> >> >> >> > ->
>> >> >> >> >> > red5.crt
>> >> >> >> >> >
>> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
>> >> >> >> >> > red5.p12
>> >> >> >> >> >
>> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
>> >> >> >> >> > keystore.jks
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > At the moment you are starting #3 above there should be NO
>> >> >> >> >> > keystore.jks,
>> >> >> >> >> > you
>> >> >> >> >> > already have renamed it to *.bak (prerequisite)
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Finally you are renaming passwords, they MUST match
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> >> > wrote:
>> >> >> >> >> >
>> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> >> > Subject: RE: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> >> > Subject: Configure https on centos7
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Use this instruction
>> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> >> >> >> > For
>> >> >> >> >> > beginning I configure self-signed certificate.
>> >> >> >> >> >
>> >> >> >> >> > Not all in instruction was wrote, so what I do first before
>> >> >> >> >> > instruction
>> >> >> >> >> > is
>> >> >> >> >> > create self-signed sertificate:
>> >> >> >> >> >
>> >> >> >> >> > su -
>> >> >> >> >> > mkdir /opt/prytsepov
>> >> >> >> >> >
>> >> >> >> >> > cd /opt/prytsepov
>> >> >> >> >> >
>> >> >> >> >> > yum install mod_ssl
>> >> >> >> >> >
>> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048
>> >> >> >> >> > -keyout
>> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Then I do by instruction:
>> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On
>> >> >> >> >> > this
>> >> >> >> >> > step
>> >> >> >> >> > password
>> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
>> >> >> >> >> > red5.key
>> >> >> >> >> > -out
>> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >> >> >> >
>> >> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
>> >> >> >> >> > red5.p12
>> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > Here I see errors:
>> >> >> >> >> >
>> >> >> >> >> > keytool error:java.io.IOException:keystore password was
>> >> >> >> >> > incorrect
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > -------------------
>> >> >> >> >> >
>> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > --
>> >> >> >> >> >
>> >> >> >> >> > WBR
>> >> >> >> >> > Maxim aka solomax
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > --
>> >> >> >> >> >
>> >> >> >> >> > WBR
>> >> >> >> >> > Maxim aka solomax
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > WBR
>> >> >> > Maxim aka solomax
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > WBR
>> >> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
I guess "keystorepass" should be "storepass" could you check on your system?
*keytool -import --help*
keytool -importcert [OPTION]...
Imports a certificate or a certificate chain
Options:
-noprompt do not prompt
-trustcacerts trust certificates from cacerts
-protected password through protected mechanism
-alias <alias> alias name of the entry to process
-file <filename> input file name
-keypass <arg> key password
-keystore <keystore> keystore name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <je...@gmail.com> wrote:
> So I think I may have found the solution. May not have needed https
> all along. I know this is a bit off topic for the original thread, but
> I do not mean to create more work, so I will respond here.
>
> Still a bit preliminary here. Will post new details if I find them.
>
> have chromium-browser-63.0.3239.84-1.el6_9.x86_64
>
> If I click the (i) in the address bar for my specific site, then click
> site settings, I can then switch microphone to "Allow" instead of
> "Ask(default)". I also do the same for flash.
>
>
> Anyhow, this appears to work just fine (or I'll get it soon).
>
> As for question about keystorepass srcstorepass and deststorepass, when I
> run
> keytool -importkeystore --help
> I get identical output to what you have listed (both srcstorepass and
> deststorepass)
>
> These items are on step 2 of the Steps for OM server guide. This step
> also seems to work just fine for me.
>
> I think, for me at least, the real problem is step 3
>
> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
> -keystorepass changeit -trustcacerts -file ca.crt
>
> Where keystorepass is not an option.
>
> Instead, if I just use -storepass it seems to work just fine :-)
>
> Thank you!
> -Dave
>
>
> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > All your steps sounds correct to me
> > It works for me
> > I got this "Allow Flash" message from browser only once
> >
> > then everything works flawlessly
> >
> > I can create recording with my steps after Jan, 9, if it will help ....
> not
> > sure how :(
> >
> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> I will get back to you on these questions on Tuesday if that is OK.
> >>
> >> I did manage to get openmeetings to work via https, I do not have it
> >> fully scripted just yet, but close. This is using the self-signed CA
> >> and cert method described on the link.
> >>
> >> The reason I wen't this way in the first place was because when I
> >> enter an openmeetings room, I was not being presented a list of audio
> >> hardware to use. I was told that chrome needs https to access
> >> microphone.
> >>
> >> Well, even with the https, after enabling flash, after entering a room
> >> I click gear widget. It has choose webcam: Disabled, choose microphone
> >> disabled. On the right side it says: "Click to Enable Adobe Flash
> >> Player". I click, flash player seems to enable OK (keep in mind this
> >> is with PepperFlash). I can do recordings tests, etc.
> >>
> >> But still only option for microphone is Disabled. If I click widget
> >> again, setting is the same.
> >> If I restart chrome, and log back in, I do not have to enable flash
> >> this time, but still for microphone option is Disabled
> >>
> >> I know chromium can see my audio hardware, if I go to chromium ->
> >> settings -> content settings -> microphone, the correct device is
> >> listed there. My only option is "Ask before accessing (recommended)",
> >> otherwise mic is completely disabled. There are no sites listed in the
> >> blocked or allowed lists below.
> >>
> >> It would seem openmeetings is not asking to chromium to use
> >> microphone. Am I doing something wrong? Will the self signed cert
> >> method work to enable this?
> >>
> >> -Dave
> >>
> >>
> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <solomax666@gmail.com
> >
> >> wrote:
> >> > Do you have these options in your version?
> >> > What is the error?
> >> >
> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com>
> wrote:
> >> >>
> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
> >> >> accept an argument despite what the help page said.
> >> >>
> >> >> -Dave
> >> >>
> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > here is mine output: (src and dest keystore options are
> highlighted)
> >> >> >
> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore
> --help
> >> >> >
> >> >> > keytool -importkeystore [OPTION]...
> >> >> >
> >> >> > Imports one or all entries from another keystore
> >> >> >
> >> >> > Options:
> >> >> >
> >> >> > -srckeystore <srckeystore> source keystore name
> >> >> > -destkeystore <destkeystore> destination keystore name
> >> >> > -srcstoretype <srcstoretype> source keystore type
> >> >> > -deststoretype <deststoretype> destination keystore type
> >> >> > -srcstorepass <arg> source keystore password
> >> >> > -deststorepass <arg> destination keystore
> password
> >> >> > -srcprotected source keystore password
> >> >> > protected
> >> >> > -srcprovidername <srcprovidername> source keystore provider
> name
> >> >> > -destprovidername <destprovidername> destination keystore
> provider
> >> >> > name
> >> >> > -srcalias <srcalias> source alias
> >> >> > -destalias <destalias> destination alias
> >> >> > -srckeypass <arg> source key password
> >> >> > -destkeypass <arg> destination key password
> >> >> > -noprompt do not prompt
> >> >> > -providerclass <providerclass> provider class name
> >> >> > -providerarg <arg> provider argument
> >> >> > -providerpath <pathlist> provider classpath
> >> >> > -v verbose output
> >> >> >
> >> >> > Use "keytool -help" for all available commands
> >> >> >
> >> >> >
> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> keytool --help does not list -keystorepass as an option for me.
> here
> >> >> >> is what we have to work with:
> >> >> >>
> >> >> >> #which keytool
> >> >> >> /usr/bin/keytool
> >> >> >>
> >> >> >> #namei /usr/bin/keytool
> >> >> >> f: /usr/bin/keytool
> >> >> >> d /
> >> >> >> d usr
> >> >> >> d bin
> >> >> >> l keytool -> /etc/alternatives/keytool
> >> >> >> d /
> >> >> >> d etc
> >> >> >> d alternatives
> >> >> >> l keytool ->
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> d /
> >> >> >> d usr
> >> >> >> d lib
> >> >> >> d jvm
> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >> d jre
> >> >> >> d bin
> >> >> >> - keytool
> >> >> >>
> >> >> >> #rpm -qf
> >> >> >>
> >> >> >>
> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >> >>
> >> >> >> #keytool -help
> >> >> >> Key and Certificate Management Tool
> >> >> >>
> >> >> >> Commands:
> >> >> >>
> >> >> >> -certreq Generates a certificate request
> >> >> >> -changealias Changes an entry's alias
> >> >> >> -delete Deletes an entry
> >> >> >> -exportcert Exports certificate
> >> >> >> -genkeypair Generates a key pair
> >> >> >> -genseckey Generates a secret key
> >> >> >> -gencert Generates certificate from a certificate
> >> >> >> request
> >> >> >> -importcert Imports a certificate or a certificate chain
> >> >> >> -importpass Imports a password
> >> >> >> -importkeystore Imports one or all entries from another
> >> >> >> keystore
> >> >> >> -keypasswd Changes the key password of an entry
> >> >> >> -list Lists entries in a keystore
> >> >> >> -printcert Prints the content of a certificate
> >> >> >> -printcertreq Prints the content of a certificate request
> >> >> >> -printcrl Prints the content of a CRL file
> >> >> >> -storepasswd Changes the store password of a keystore
> >> >> >>
> >> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >> >>
> >> >> >>
> >> >> >> I think we have the openjdk on the linux (perhaps other platforms
> >> >> >> too)
> >> >> >> and not the Sun/oracle implementation so as to get around license
> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on
> linux,
> >> >> >> it
> >> >> >> doesn't have keystorepass either.
> >> >> >>
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >>
> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> >> <so...@gmail.com>
> >> >> >> wrote:
> >> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >> >
> >> >> >> > For real server it might be better to set up "let's encrypt"
> free
> >> >> >> > certificate (script was posted some time ago)
> >> >> >> >
> >> >> >> > WBR, Maxim
> >> >> >> > (from mobile, sorry for the typos)
> >> >> >> >
> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com>
> wrote:
> >> >> >> >>
> >> >> >> >> I am working through these steps on rhel6 which is a close
> cousin
> >> >> >> >> to
> >> >> >> >> centos 6.
> >> >> >> >>
> >> >> >> >> I have the same issue, -keystorepass is not a valid argument to
> >> >> >> >> keytool.
> >> >> >> >>
> >> >> >> >> Instead, you can just leave that argument off (and the pass )
> >> >> >> >> since
> >> >> >> >> then keytool will just prompt.
> >> >> >> >>
> >> >> >> >> This still poses a problem for me because I am trying to have
> the
> >> >> >> >> entire setup in a script. Perhaps I can write an expect script
> >> >> >> >> just
> >> >> >> >> for this one line.
> >> >> >> >>
> >> >> >> >> Anyhow, I will work to further get SSL working next year. It
> >> >> >> >> turns
> >> >> >> >> out
> >> >> >> >> my version of chrome requires it for sound.
> >> >> >> >>
> >> >> >> >> -Dave
> >> >> >> >>
> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> >> > I do all by this instruction
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> > except
> >> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >> >
> >> >> >> >> > In instruction error on this command:
> >> >> >> >> > keytool -import -alias root -keystore
> >> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Error:
> >> >> >> >> > illegal option: -keystorepass
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > In documentation
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> > not exist that option so
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> > is
> >> >> >> >> > not
> >> >> >> >> > can’t be used, not relevant.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> >> > questions
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
> >> >> >> >> > means
> >> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > [1]
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >> >
> >> >> >> >> > [2]
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> > wrote:
> >> >> >> >> >
> >> >> >> >> > Ø The idea here is…
> >> >> >> >> >
> >> >> >> >> > I can’t do this idea in practice, something doing not right.
> I
> >> >> >> >> > create
> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not
> enough
> >> >> >> >> > information
> >> >> >> >> > in instruction to do this fast step-by-step. Later I will
> have
> >> >> >> >> > ‘real’
> >> >> >> >> > certificate.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Ø At the moment you are starting #3 above there should be NO
> >> >> >> >> > keystore.jks,
> >> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >> >
> >> >> >> >> > What means #3?
> >> >> >> >> >
> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
> >> >> >> >> > *jmx.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >> >
> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> >> >> >> >> > -newkey
> >> >> >> >> > rsa:2048
> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out
> /opt/prytsepov/red5.crt” I
> >> >> >> >> > enter
> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
> >> >> >> >> > like
> >> >> >> >> > that
> >> >> >> >> > I
> >> >> >> >> > still have this error.
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> >> > To: Openmeetings user-list
> >> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > The idea here is
> >> >> >> >> >
> >> >> >> >> > 1) you are creating self-signed certificate (prerequisite)
> ->
> >> >> >> >> > red5.crt
> >> >> >> >> >
> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> >> > red5.p12
> >> >> >> >> >
> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> >> > keystore.jks
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> >> > keystore.jks,
> >> >> >> >> > you
> >> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> >> > <p....@fort.crimea.com>
> >> >> >> >> > wrote:
> >> >> >> >> >
> >> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> >> > Subject: Configure https on centos7
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Use this instruction
> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> >> > For
> >> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >> >
> >> >> >> >> > Not all in instruction was wrote, so what I do first before
> >> >> >> >> > instruction
> >> >> >> >> > is
> >> >> >> >> > create self-signed sertificate:
> >> >> >> >> >
> >> >> >> >> > su -
> >> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >> >
> >> >> >> >> > cd /opt/prytsepov
> >> >> >> >> >
> >> >> >> >> > yum install mod_ssl
> >> >> >> >> >
> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Then I do by instruction:
> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
> >> >> >> >> > step
> >> >> >> >> > password
> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey
> red5.key
> >> >> >> >> > -out
> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >> >
> >> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
> >> >> >> >> > red5.p12
> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > Here I see errors:
> >> >> >> >> >
> >> >> >> >> > keytool error:java.io.IOException:keystore password was
> >> >> >> >> > incorrect
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > -------------------
> >> >> >> >> >
> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --
> >> >> >> >> >
> >> >> >> >> > WBR
> >> >> >> >> > Maxim aka solomax
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > --
> >> >> >> >> >
> >> >> >> >> > WBR
> >> >> >> >> > Maxim aka solomax
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > WBR
> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
So I think I may have found the solution. May not have needed https
all along. I know this is a bit off topic for the original thread, but
I do not mean to create more work, so I will respond here.
Still a bit preliminary here. Will post new details if I find them.
have chromium-browser-63.0.3239.84-1.el6_9.x86_64
If I click the (i) in the address bar for my specific site, then click
site settings, I can then switch microphone to "Allow" instead of
"Ask(default)". I also do the same for flash.
Anyhow, this appears to work just fine (or I'll get it soon).
As for question about keystorepass srcstorepass and deststorepass, when I run
keytool -importkeystore --help
I get identical output to what you have listed (both srcstorepass and
deststorepass)
These items are on step 2 of the Steps for OM server guide. This step
also seems to work just fine for me.
I think, for me at least, the real problem is step 3
keytool -import -alias root -keystore /opt/red5/conf/keystore.jks
-keystorepass changeit -trustcacerts -file ca.crt
Where keystorepass is not an option.
Instead, if I just use -storepass it seems to work just fine :-)
Thank you!
-Dave
On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <so...@gmail.com> wrote:
> All your steps sounds correct to me
> It works for me
> I got this "Allow Flash" message from browser only once
>
> then everything works flawlessly
>
> I can create recording with my steps after Jan, 9, if it will help .... not
> sure how :(
>
> On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
>>
>> I will get back to you on these questions on Tuesday if that is OK.
>>
>> I did manage to get openmeetings to work via https, I do not have it
>> fully scripted just yet, but close. This is using the self-signed CA
>> and cert method described on the link.
>>
>> The reason I wen't this way in the first place was because when I
>> enter an openmeetings room, I was not being presented a list of audio
>> hardware to use. I was told that chrome needs https to access
>> microphone.
>>
>> Well, even with the https, after enabling flash, after entering a room
>> I click gear widget. It has choose webcam: Disabled, choose microphone
>> disabled. On the right side it says: "Click to Enable Adobe Flash
>> Player". I click, flash player seems to enable OK (keep in mind this
>> is with PepperFlash). I can do recordings tests, etc.
>>
>> But still only option for microphone is Disabled. If I click widget
>> again, setting is the same.
>> If I restart chrome, and log back in, I do not have to enable flash
>> this time, but still for microphone option is Disabled
>>
>> I know chromium can see my audio hardware, if I go to chromium ->
>> settings -> content settings -> microphone, the correct device is
>> listed there. My only option is "Ask before accessing (recommended)",
>> otherwise mic is completely disabled. There are no sites listed in the
>> blocked or allowed lists below.
>>
>> It would seem openmeetings is not asking to chromium to use
>> microphone. Am I doing something wrong? Will the self signed cert
>> method work to enable this?
>>
>> -Dave
>>
>>
>> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > Do you have these options in your version?
>> > What is the error?
>> >
>> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
>> >>
>> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
>> >> accept an argument despite what the help page said.
>> >>
>> >> -Dave
>> >>
>> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik
>> >> <so...@gmail.com>
>> >> wrote:
>> >> > here is mine output: (src and dest keystore options are highlighted)
>> >> >
>> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
>> >> >
>> >> > keytool -importkeystore [OPTION]...
>> >> >
>> >> > Imports one or all entries from another keystore
>> >> >
>> >> > Options:
>> >> >
>> >> > -srckeystore <srckeystore> source keystore name
>> >> > -destkeystore <destkeystore> destination keystore name
>> >> > -srcstoretype <srcstoretype> source keystore type
>> >> > -deststoretype <deststoretype> destination keystore type
>> >> > -srcstorepass <arg> source keystore password
>> >> > -deststorepass <arg> destination keystore password
>> >> > -srcprotected source keystore password
>> >> > protected
>> >> > -srcprovidername <srcprovidername> source keystore provider name
>> >> > -destprovidername <destprovidername> destination keystore provider
>> >> > name
>> >> > -srcalias <srcalias> source alias
>> >> > -destalias <destalias> destination alias
>> >> > -srckeypass <arg> source key password
>> >> > -destkeypass <arg> destination key password
>> >> > -noprompt do not prompt
>> >> > -providerclass <providerclass> provider class name
>> >> > -providerarg <arg> provider argument
>> >> > -providerpath <pathlist> provider classpath
>> >> > -v verbose output
>> >> >
>> >> > Use "keytool -help" for all available commands
>> >> >
>> >> >
>> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> keytool --help does not list -keystorepass as an option for me. here
>> >> >> is what we have to work with:
>> >> >>
>> >> >> #which keytool
>> >> >> /usr/bin/keytool
>> >> >>
>> >> >> #namei /usr/bin/keytool
>> >> >> f: /usr/bin/keytool
>> >> >> d /
>> >> >> d usr
>> >> >> d bin
>> >> >> l keytool -> /etc/alternatives/keytool
>> >> >> d /
>> >> >> d etc
>> >> >> d alternatives
>> >> >> l keytool ->
>> >> >>
>> >> >>
>> >> >>
>> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> d /
>> >> >> d usr
>> >> >> d lib
>> >> >> d jvm
>> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> >> >> d jre
>> >> >> d bin
>> >> >> - keytool
>> >> >>
>> >> >> #rpm -qf
>> >> >>
>> >> >>
>> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>> >> >>
>> >> >> #keytool -help
>> >> >> Key and Certificate Management Tool
>> >> >>
>> >> >> Commands:
>> >> >>
>> >> >> -certreq Generates a certificate request
>> >> >> -changealias Changes an entry's alias
>> >> >> -delete Deletes an entry
>> >> >> -exportcert Exports certificate
>> >> >> -genkeypair Generates a key pair
>> >> >> -genseckey Generates a secret key
>> >> >> -gencert Generates certificate from a certificate
>> >> >> request
>> >> >> -importcert Imports a certificate or a certificate chain
>> >> >> -importpass Imports a password
>> >> >> -importkeystore Imports one or all entries from another
>> >> >> keystore
>> >> >> -keypasswd Changes the key password of an entry
>> >> >> -list Lists entries in a keystore
>> >> >> -printcert Prints the content of a certificate
>> >> >> -printcertreq Prints the content of a certificate request
>> >> >> -printcrl Prints the content of a CRL file
>> >> >> -storepasswd Changes the store password of a keystore
>> >> >>
>> >> >> Use "keytool -command_name -help" for usage of command_name
>> >> >>
>> >> >>
>> >> >> I think we have the openjdk on the linux (perhaps other platforms
>> >> >> too)
>> >> >> and not the Sun/oracle implementation so as to get around license
>> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux,
>> >> >> it
>> >> >> doesn't have keystorepass either.
>> >> >>
>> >> >>
>> >> >> -Dave
>> >> >>
>> >> >>
>> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
>> >> >> <so...@gmail.com>
>> >> >> wrote:
>> >> >> > Can you run "keytool --help" and check possible options?
>> >> >> >
>> >> >> > For real server it might be better to set up "let's encrypt" free
>> >> >> > certificate (script was posted some time ago)
>> >> >> >
>> >> >> > WBR, Maxim
>> >> >> > (from mobile, sorry for the typos)
>> >> >> >
>> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
>> >> >> >>
>> >> >> >> I am working through these steps on rhel6 which is a close cousin
>> >> >> >> to
>> >> >> >> centos 6.
>> >> >> >>
>> >> >> >> I have the same issue, -keystorepass is not a valid argument to
>> >> >> >> keytool.
>> >> >> >>
>> >> >> >> Instead, you can just leave that argument off (and the pass )
>> >> >> >> since
>> >> >> >> then keytool will just prompt.
>> >> >> >>
>> >> >> >> This still poses a problem for me because I am trying to have the
>> >> >> >> entire setup in a script. Perhaps I can write an expect script
>> >> >> >> just
>> >> >> >> for this one line.
>> >> >> >>
>> >> >> >> Anyhow, I will work to further get SSL working next year. It
>> >> >> >> turns
>> >> >> >> out
>> >> >> >> my version of chrome requires it for sound.
>> >> >> >>
>> >> >> >> -Dave
>> >> >> >>
>> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> >> >> <p....@fort.crimea.com> wrote:
>> >> >> >> > I do all by this instruction
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> > except
>> >> >> >> > create in the beginning red5.key and red5.crt.
>> >> >> >> >
>> >> >> >> > In instruction error on this command:
>> >> >> >> > keytool -import -alias root -keystore
>> >> >> >> > /opt/red5401/conf/keystore.jks
>> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Error:
>> >> >> >> > illegal option: -keystorepass
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > In documentation
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> > not exist that option so
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> > is
>> >> >> >> > not
>> >> >> >> > can’t be used, not relevant.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > To: Openmeetings user-list
>> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Please read documentation [1] and use search before asking
>> >> >> >> > questions
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
>> >> >> >> > means
>> >> >> >> > "red5.p12" MUST have password "changeit"
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > [1]
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >> >
>> >> >> >> > [2]
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> > wrote:
>> >> >> >> >
>> >> >> >> > Ø The idea here is…
>> >> >> >> >
>> >> >> >> > I can’t do this idea in practice, something doing not right. I
>> >> >> >> > create
>> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> >> >> >> > information
>> >> >> >> > in instruction to do this fast step-by-step. Later I will have
>> >> >> >> > ‘real’
>> >> >> >> > certificate.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Ø At the moment you are starting #3 above there should be NO
>> >> >> >> > keystore.jks,
>> >> >> >> > you already have renamed it to *.bak (prerequisite)
>> >> >> >> >
>> >> >> >> > What means #3?
>> >> >> >> >
>> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was
>> >> >> >> > *jmx.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >> >> >
>> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
>> >> >> >> > -newkey
>> >> >> >> > rsa:2048
>> >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
>> >> >> >> > enter
>> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
>> >> >> >> > like
>> >> >> >> > that
>> >> >> >> > I
>> >> >> >> > still have this error.
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> >> >> > To: Openmeetings user-list
>> >> >> >> > Subject: Re: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > The idea here is
>> >> >> >> >
>> >> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
>> >> >> >> > red5.crt
>> >> >> >> >
>> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
>> >> >> >> > red5.p12
>> >> >> >> >
>> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
>> >> >> >> > keystore.jks
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > At the moment you are starting #3 above there should be NO
>> >> >> >> > keystore.jks,
>> >> >> >> > you
>> >> >> >> > already have renamed it to *.bak (prerequisite)
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Finally you are renaming passwords, they MUST match
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> >> >> > <p....@fort.crimea.com>
>> >> >> >> > wrote:
>> >> >> >> >
>> >> >> >> > Its standard, line “jmx.keystorepass=password”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> > Subject: RE: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> >> >> > To: user@openmeetings.apache.org
>> >> >> >> > Subject: Configure https on centos7
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Use this instruction
>> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> >> >> > For
>> >> >> >> > beginning I configure self-signed certificate.
>> >> >> >> >
>> >> >> >> > Not all in instruction was wrote, so what I do first before
>> >> >> >> > instruction
>> >> >> >> > is
>> >> >> >> > create self-signed sertificate:
>> >> >> >> >
>> >> >> >> > su -
>> >> >> >> > mkdir /opt/prytsepov
>> >> >> >> >
>> >> >> >> > cd /opt/prytsepov
>> >> >> >> >
>> >> >> >> > yum install mod_ssl
>> >> >> >> >
>> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Then I do by instruction:
>> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
>> >> >> >> > step
>> >> >> >> > password
>> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
>> >> >> >> > -out
>> >> >> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >> >> >
>> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
>> >> >> >> > red5.p12
>> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > Here I see errors:
>> >> >> >> >
>> >> >> >> > keytool error:java.io.IOException:keystore password was
>> >> >> >> > incorrect
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > -------------------
>> >> >> >> >
>> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> >
>> >> >> >> > WBR
>> >> >> >> > Maxim aka solomax
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> >
>> >> >> >> > WBR
>> >> >> >> > Maxim aka solomax
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > WBR
>> >> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
All your steps sounds correct to me
It works for me
I got this "Allow Flash" message from browser only once
then everything works flawlessly
I can create recording with my steps after Jan, 9, if it will help .... not
sure how :(
On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <je...@gmail.com> wrote:
> I will get back to you on these questions on Tuesday if that is OK.
>
> I did manage to get openmeetings to work via https, I do not have it
> fully scripted just yet, but close. This is using the self-signed CA
> and cert method described on the link.
>
> The reason I wen't this way in the first place was because when I
> enter an openmeetings room, I was not being presented a list of audio
> hardware to use. I was told that chrome needs https to access
> microphone.
>
> Well, even with the https, after enabling flash, after entering a room
> I click gear widget. It has choose webcam: Disabled, choose microphone
> disabled. On the right side it says: "Click to Enable Adobe Flash
> Player". I click, flash player seems to enable OK (keep in mind this
> is with PepperFlash). I can do recordings tests, etc.
>
> But still only option for microphone is Disabled. If I click widget
> again, setting is the same.
> If I restart chrome, and log back in, I do not have to enable flash
> this time, but still for microphone option is Disabled
>
> I know chromium can see my audio hardware, if I go to chromium ->
> settings -> content settings -> microphone, the correct device is
> listed there. My only option is "Ask before accessing (recommended)",
> otherwise mic is completely disabled. There are no sites listed in the
> blocked or allowed lists below.
>
> It would seem openmeetings is not asking to chromium to use
> microphone. Am I doing something wrong? Will the self signed cert
> method work to enable this?
>
> -Dave
>
>
> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > Do you have these options in your version?
> > What is the error?
> >
> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> I just tried srcstorepass, deststorepass, and storepass, none seem to
> >> accept an argument despite what the help page said.
> >>
> >> -Dave
> >>
> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <solomax666@gmail.com
> >
> >> wrote:
> >> > here is mine output: (src and dest keystore options are highlighted)
> >> >
> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
> >> >
> >> > keytool -importkeystore [OPTION]...
> >> >
> >> > Imports one or all entries from another keystore
> >> >
> >> > Options:
> >> >
> >> > -srckeystore <srckeystore> source keystore name
> >> > -destkeystore <destkeystore> destination keystore name
> >> > -srcstoretype <srcstoretype> source keystore type
> >> > -deststoretype <deststoretype> destination keystore type
> >> > -srcstorepass <arg> source keystore password
> >> > -deststorepass <arg> destination keystore password
> >> > -srcprotected source keystore password
> >> > protected
> >> > -srcprovidername <srcprovidername> source keystore provider name
> >> > -destprovidername <destprovidername> destination keystore provider
> >> > name
> >> > -srcalias <srcalias> source alias
> >> > -destalias <destalias> destination alias
> >> > -srckeypass <arg> source key password
> >> > -destkeypass <arg> destination key password
> >> > -noprompt do not prompt
> >> > -providerclass <providerclass> provider class name
> >> > -providerarg <arg> provider argument
> >> > -providerpath <pathlist> provider classpath
> >> > -v verbose output
> >> >
> >> > Use "keytool -help" for all available commands
> >> >
> >> >
> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com>
> wrote:
> >> >>
> >> >> keytool --help does not list -keystorepass as an option for me. here
> >> >> is what we have to work with:
> >> >>
> >> >> #which keytool
> >> >> /usr/bin/keytool
> >> >>
> >> >> #namei /usr/bin/keytool
> >> >> f: /usr/bin/keytool
> >> >> d /
> >> >> d usr
> >> >> d bin
> >> >> l keytool -> /etc/alternatives/keytool
> >> >> d /
> >> >> d etc
> >> >> d alternatives
> >> >> l keytool ->
> >> >>
> >> >>
> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> d /
> >> >> d usr
> >> >> d lib
> >> >> d jvm
> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> >> d jre
> >> >> d bin
> >> >> - keytool
> >> >>
> >> >> #rpm -qf
> >> >>
> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >> >>
> >> >> #keytool -help
> >> >> Key and Certificate Management Tool
> >> >>
> >> >> Commands:
> >> >>
> >> >> -certreq Generates a certificate request
> >> >> -changealias Changes an entry's alias
> >> >> -delete Deletes an entry
> >> >> -exportcert Exports certificate
> >> >> -genkeypair Generates a key pair
> >> >> -genseckey Generates a secret key
> >> >> -gencert Generates certificate from a certificate request
> >> >> -importcert Imports a certificate or a certificate chain
> >> >> -importpass Imports a password
> >> >> -importkeystore Imports one or all entries from another keystore
> >> >> -keypasswd Changes the key password of an entry
> >> >> -list Lists entries in a keystore
> >> >> -printcert Prints the content of a certificate
> >> >> -printcertreq Prints the content of a certificate request
> >> >> -printcrl Prints the content of a CRL file
> >> >> -storepasswd Changes the store password of a keystore
> >> >>
> >> >> Use "keytool -command_name -help" for usage of command_name
> >> >>
> >> >>
> >> >> I think we have the openjdk on the linux (perhaps other platforms
> too)
> >> >> and not the Sun/oracle implementation so as to get around license
> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux,
> it
> >> >> doesn't have keystorepass either.
> >> >>
> >> >>
> >> >> -Dave
> >> >>
> >> >>
> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
> >> >> <so...@gmail.com>
> >> >> wrote:
> >> >> > Can you run "keytool --help" and check possible options?
> >> >> >
> >> >> > For real server it might be better to set up "let's encrypt" free
> >> >> > certificate (script was posted some time ago)
> >> >> >
> >> >> > WBR, Maxim
> >> >> > (from mobile, sorry for the typos)
> >> >> >
> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
> >> >> >>
> >> >> >> I am working through these steps on rhel6 which is a close cousin
> to
> >> >> >> centos 6.
> >> >> >>
> >> >> >> I have the same issue, -keystorepass is not a valid argument to
> >> >> >> keytool.
> >> >> >>
> >> >> >> Instead, you can just leave that argument off (and the pass )
> since
> >> >> >> then keytool will just prompt.
> >> >> >>
> >> >> >> This still poses a problem for me because I am trying to have the
> >> >> >> entire setup in a script. Perhaps I can write an expect script
> just
> >> >> >> for this one line.
> >> >> >>
> >> >> >> Anyhow, I will work to further get SSL working next year. It turns
> >> >> >> out
> >> >> >> my version of chrome requires it for sound.
> >> >> >>
> >> >> >> -Dave
> >> >> >>
> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> >> <p....@fort.crimea.com> wrote:
> >> >> >> > I do all by this instruction
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> > except
> >> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >> >
> >> >> >> > In instruction error on this command:
> >> >> >> > keytool -import -alias root -keystore
> >> >> >> > /opt/red5401/conf/keystore.jks
> >> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Error:
> >> >> >> > illegal option: -keystorepass
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > In documentation
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> > not exist that option so
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> > is
> >> >> >> > not
> >> >> >> > can’t be used, not relevant.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >> >
> >> >> >> >
> >> >> >> > To: Openmeetings user-list
> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Please read documentation [1] and use search before asking
> >> >> >> > questions
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > According to the steps from [2] "-srcstorepass changeit" this
> >> >> >> > means
> >> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > [1]
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >> >
> >> >> >> > [2]
> >> >> >> >
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> >> > <p....@fort.crimea.com>
> >> >> >> > wrote:
> >> >> >> >
> >> >> >> > Ø The idea here is…
> >> >> >> >
> >> >> >> > I can’t do this idea in practice, something doing not right. I
> >> >> >> > create
> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
> >> >> >> > information
> >> >> >> > in instruction to do this fast step-by-step. Later I will have
> >> >> >> > ‘real’
> >> >> >> > certificate.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Ø At the moment you are starting #3 above there should be NO
> >> >> >> > keystore.jks,
> >> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >> >
> >> >> >> > What means #3?
> >> >> >> >
> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >> >
> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999
> -newkey
> >> >> >> > rsa:2048
> >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> >> >> >> > enter
> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If
> like
> >> >> >> > that
> >> >> >> > I
> >> >> >> > still have this error.
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> >> > To: Openmeetings user-list
> >> >> >> > Subject: Re: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > The idea here is
> >> >> >> >
> >> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
> >> >> >> > red5.crt
> >> >> >> >
> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
> >> >> >> > red5.p12
> >> >> >> >
> >> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> >> >> >> > keystore.jks
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > At the moment you are starting #3 above there should be NO
> >> >> >> > keystore.jks,
> >> >> >> > you
> >> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> >> > <p....@fort.crimea.com>
> >> >> >> > wrote:
> >> >> >> >
> >> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> > Subject: RE: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> >> > To: user@openmeetings.apache.org
> >> >> >> > Subject: Configure https on centos7
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Use this instruction
> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> >> > For
> >> >> >> > beginning I configure self-signed certificate.
> >> >> >> >
> >> >> >> > Not all in instruction was wrote, so what I do first before
> >> >> >> > instruction
> >> >> >> > is
> >> >> >> > create self-signed sertificate:
> >> >> >> >
> >> >> >> > su -
> >> >> >> > mkdir /opt/prytsepov
> >> >> >> >
> >> >> >> > cd /opt/prytsepov
> >> >> >> >
> >> >> >> > yum install mod_ssl
> >> >> >> >
> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Then I do by instruction:
> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this
> step
> >> >> >> > password
> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> >> >> >> > -out
> >> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >> >
> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
> >> >> >> > red5.p12
> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > Here I see errors:
> >> >> >> >
> >> >> >> > keytool error:java.io.IOException:keystore password was
> incorrect
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > -------------------
> >> >> >> >
> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> >
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >> > --
> >> >> >> >
> >> >> >> > WBR
> >> >> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > WBR
> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
I will get back to you on these questions on Tuesday if that is OK.
I did manage to get openmeetings to work via https, I do not have it
fully scripted just yet, but close. This is using the self-signed CA
and cert method described on the link.
The reason I wen't this way in the first place was because when I
enter an openmeetings room, I was not being presented a list of audio
hardware to use. I was told that chrome needs https to access
microphone.
Well, even with the https, after enabling flash, after entering a room
I click gear widget. It has choose webcam: Disabled, choose microphone
disabled. On the right side it says: "Click to Enable Adobe Flash
Player". I click, flash player seems to enable OK (keep in mind this
is with PepperFlash). I can do recordings tests, etc.
But still only option for microphone is Disabled. If I click widget
again, setting is the same.
If I restart chrome, and log back in, I do not have to enable flash
this time, but still for microphone option is Disabled
I know chromium can see my audio hardware, if I go to chromium ->
settings -> content settings -> microphone, the correct device is
listed there. My only option is "Ask before accessing (recommended)",
otherwise mic is completely disabled. There are no sites listed in the
blocked or allowed lists below.
It would seem openmeetings is not asking to chromium to use
microphone. Am I doing something wrong? Will the self signed cert
method work to enable this?
-Dave
On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <so...@gmail.com> wrote:
> Do you have these options in your version?
> What is the error?
>
> On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
>>
>> I just tried srcstorepass, deststorepass, and storepass, none seem to
>> accept an argument despite what the help page said.
>>
>> -Dave
>>
>> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > here is mine output: (src and dest keystore options are highlighted)
>> >
>> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
>> >
>> > keytool -importkeystore [OPTION]...
>> >
>> > Imports one or all entries from another keystore
>> >
>> > Options:
>> >
>> > -srckeystore <srckeystore> source keystore name
>> > -destkeystore <destkeystore> destination keystore name
>> > -srcstoretype <srcstoretype> source keystore type
>> > -deststoretype <deststoretype> destination keystore type
>> > -srcstorepass <arg> source keystore password
>> > -deststorepass <arg> destination keystore password
>> > -srcprotected source keystore password
>> > protected
>> > -srcprovidername <srcprovidername> source keystore provider name
>> > -destprovidername <destprovidername> destination keystore provider
>> > name
>> > -srcalias <srcalias> source alias
>> > -destalias <destalias> destination alias
>> > -srckeypass <arg> source key password
>> > -destkeypass <arg> destination key password
>> > -noprompt do not prompt
>> > -providerclass <providerclass> provider class name
>> > -providerarg <arg> provider argument
>> > -providerpath <pathlist> provider classpath
>> > -v verbose output
>> >
>> > Use "keytool -help" for all available commands
>> >
>> >
>> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com> wrote:
>> >>
>> >> keytool --help does not list -keystorepass as an option for me. here
>> >> is what we have to work with:
>> >>
>> >> #which keytool
>> >> /usr/bin/keytool
>> >>
>> >> #namei /usr/bin/keytool
>> >> f: /usr/bin/keytool
>> >> d /
>> >> d usr
>> >> d bin
>> >> l keytool -> /etc/alternatives/keytool
>> >> d /
>> >> d etc
>> >> d alternatives
>> >> l keytool ->
>> >>
>> >>
>> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> d /
>> >> d usr
>> >> d lib
>> >> d jvm
>> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> >> d jre
>> >> d bin
>> >> - keytool
>> >>
>> >> #rpm -qf
>> >>
>> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>> >>
>> >> #keytool -help
>> >> Key and Certificate Management Tool
>> >>
>> >> Commands:
>> >>
>> >> -certreq Generates a certificate request
>> >> -changealias Changes an entry's alias
>> >> -delete Deletes an entry
>> >> -exportcert Exports certificate
>> >> -genkeypair Generates a key pair
>> >> -genseckey Generates a secret key
>> >> -gencert Generates certificate from a certificate request
>> >> -importcert Imports a certificate or a certificate chain
>> >> -importpass Imports a password
>> >> -importkeystore Imports one or all entries from another keystore
>> >> -keypasswd Changes the key password of an entry
>> >> -list Lists entries in a keystore
>> >> -printcert Prints the content of a certificate
>> >> -printcertreq Prints the content of a certificate request
>> >> -printcrl Prints the content of a CRL file
>> >> -storepasswd Changes the store password of a keystore
>> >>
>> >> Use "keytool -command_name -help" for usage of command_name
>> >>
>> >>
>> >> I think we have the openjdk on the linux (perhaps other platforms too)
>> >> and not the Sun/oracle implementation so as to get around license
>> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
>> >> doesn't have keystorepass either.
>> >>
>> >>
>> >> -Dave
>> >>
>> >>
>> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik
>> >> <so...@gmail.com>
>> >> wrote:
>> >> > Can you run "keytool --help" and check possible options?
>> >> >
>> >> > For real server it might be better to set up "let's encrypt" free
>> >> > certificate (script was posted some time ago)
>> >> >
>> >> > WBR, Maxim
>> >> > (from mobile, sorry for the typos)
>> >> >
>> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
>> >> >>
>> >> >> I am working through these steps on rhel6 which is a close cousin to
>> >> >> centos 6.
>> >> >>
>> >> >> I have the same issue, -keystorepass is not a valid argument to
>> >> >> keytool.
>> >> >>
>> >> >> Instead, you can just leave that argument off (and the pass ) since
>> >> >> then keytool will just prompt.
>> >> >>
>> >> >> This still poses a problem for me because I am trying to have the
>> >> >> entire setup in a script. Perhaps I can write an expect script just
>> >> >> for this one line.
>> >> >>
>> >> >> Anyhow, I will work to further get SSL working next year. It turns
>> >> >> out
>> >> >> my version of chrome requires it for sound.
>> >> >>
>> >> >> -Dave
>> >> >>
>> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> >> <p....@fort.crimea.com> wrote:
>> >> >> > I do all by this instruction
>> >> >> >
>> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> > except
>> >> >> > create in the beginning red5.key and red5.crt.
>> >> >> >
>> >> >> > In instruction error on this command:
>> >> >> > keytool -import -alias root -keystore
>> >> >> > /opt/red5401/conf/keystore.jks
>> >> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Error:
>> >> >> > illegal option: -keystorepass
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > In documentation
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> > not exist that option so
>> >> >> >
>> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> > is
>> >> >> > not
>> >> >> > can’t be used, not relevant.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > -------------------
>> >> >> >
>> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >> >
>> >> >> >
>> >> >> > To: Openmeetings user-list
>> >> >> > Subject: Re: Configure https on centos7
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Please read documentation [1] and use search before asking
>> >> >> > questions
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > According to the steps from [2] "-srcstorepass changeit" this
>> >> >> > means
>> >> >> > "red5.p12" MUST have password "changeit"
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > [1]
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >> >
>> >> >> > [2]
>> >> >> >
>> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> >> > <p....@fort.crimea.com>
>> >> >> > wrote:
>> >> >> >
>> >> >> > Ø The idea here is…
>> >> >> >
>> >> >> > I can’t do this idea in practice, something doing not right. I
>> >> >> > create
>> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> >> >> > information
>> >> >> > in instruction to do this fast step-by-step. Later I will have
>> >> >> > ‘real’
>> >> >> > certificate.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Ø At the moment you are starting #3 above there should be NO
>> >> >> > keystore.jks,
>> >> >> > you already have renamed it to *.bak (prerequisite)
>> >> >> >
>> >> >> > What means #3?
>> >> >> >
>> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >> >
>> >> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
>> >> >> > rsa:2048
>> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
>> >> >> > enter
>> >> >> > “jmx.keystorepass=password” when it ask me enter password. If like
>> >> >> > that
>> >> >> > I
>> >> >> > still have this error.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > -------------------
>> >> >> >
>> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> >> > To: Openmeetings user-list
>> >> >> > Subject: Re: Configure https on centos7
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > The idea here is
>> >> >> >
>> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
>> >> >> > red5.crt
>> >> >> >
>> >> >> > 2) you are signing red5.crt with your fake CA (step 1) ->
>> >> >> > red5.p12
>> >> >> >
>> >> >> > 3) you are creating keystore based on signed red5.p12 ->
>> >> >> > keystore.jks
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > At the moment you are starting #3 above there should be NO
>> >> >> > keystore.jks,
>> >> >> > you
>> >> >> > already have renamed it to *.bak (prerequisite)
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Finally you are renaming passwords, they MUST match
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> >> > <p....@fort.crimea.com>
>> >> >> > wrote:
>> >> >> >
>> >> >> > Its standard, line “jmx.keystorepass=password”
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > -------------------
>> >> >> >
>> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> >> > To: user@openmeetings.apache.org
>> >> >> > Subject: RE: Configure https on centos7
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> >> > To: user@openmeetings.apache.org
>> >> >> > Subject: Configure https on centos7
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Use this instruction
>> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> >> > For
>> >> >> > beginning I configure self-signed certificate.
>> >> >> >
>> >> >> > Not all in instruction was wrote, so what I do first before
>> >> >> > instruction
>> >> >> > is
>> >> >> > create self-signed sertificate:
>> >> >> >
>> >> >> > su -
>> >> >> > mkdir /opt/prytsepov
>> >> >> >
>> >> >> > cd /opt/prytsepov
>> >> >> >
>> >> >> > yum install mod_ssl
>> >> >> >
>> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Then I do by instruction:
>> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this step
>> >> >> > password
>> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
>> >> >> > -out
>> >> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >> >
>> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
>> >> >> > red5.p12
>> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > Here I see errors:
>> >> >> >
>> >> >> > keytool error:java.io.IOException:keystore password was incorrect
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > -------------------
>> >> >> >
>> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> >
>> >> >> > WBR
>> >> >> > Maxim aka solomax
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> >
>> >> >> > WBR
>> >> >> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> > --
>> > WBR
>> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
Do you have these options in your version?
What is the error?
On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <je...@gmail.com> wrote:
> I just tried srcstorepass, deststorepass, and storepass, none seem to
> accept an argument despite what the help page said.
>
> -Dave
>
> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > here is mine output: (src and dest keystore options are highlighted)
> >
> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
> >
> > keytool -importkeystore [OPTION]...
> >
> > Imports one or all entries from another keystore
> >
> > Options:
> >
> > -srckeystore <srckeystore> source keystore name
> > -destkeystore <destkeystore> destination keystore name
> > -srcstoretype <srcstoretype> source keystore type
> > -deststoretype <deststoretype> destination keystore type
> > -srcstorepass <arg> source keystore password
> > -deststorepass <arg> destination keystore password
> > -srcprotected source keystore password protected
> > -srcprovidername <srcprovidername> source keystore provider name
> > -destprovidername <destprovidername> destination keystore provider name
> > -srcalias <srcalias> source alias
> > -destalias <destalias> destination alias
> > -srckeypass <arg> source key password
> > -destkeypass <arg> destination key password
> > -noprompt do not prompt
> > -providerclass <providerclass> provider class name
> > -providerarg <arg> provider argument
> > -providerpath <pathlist> provider classpath
> > -v verbose output
> >
> > Use "keytool -help" for all available commands
> >
> >
> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com> wrote:
> >>
> >> keytool --help does not list -keystorepass as an option for me. here
> >> is what we have to work with:
> >>
> >> #which keytool
> >> /usr/bin/keytool
> >>
> >> #namei /usr/bin/keytool
> >> f: /usr/bin/keytool
> >> d /
> >> d usr
> >> d bin
> >> l keytool -> /etc/alternatives/keytool
> >> d /
> >> d etc
> >> d alternatives
> >> l keytool ->
> >>
> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> d /
> >> d usr
> >> d lib
> >> d jvm
> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> >> d jre
> >> d bin
> >> - keytool
> >>
> >> #rpm -qf
> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
> >>
> >> #keytool -help
> >> Key and Certificate Management Tool
> >>
> >> Commands:
> >>
> >> -certreq Generates a certificate request
> >> -changealias Changes an entry's alias
> >> -delete Deletes an entry
> >> -exportcert Exports certificate
> >> -genkeypair Generates a key pair
> >> -genseckey Generates a secret key
> >> -gencert Generates certificate from a certificate request
> >> -importcert Imports a certificate or a certificate chain
> >> -importpass Imports a password
> >> -importkeystore Imports one or all entries from another keystore
> >> -keypasswd Changes the key password of an entry
> >> -list Lists entries in a keystore
> >> -printcert Prints the content of a certificate
> >> -printcertreq Prints the content of a certificate request
> >> -printcrl Prints the content of a CRL file
> >> -storepasswd Changes the store password of a keystore
> >>
> >> Use "keytool -command_name -help" for usage of command_name
> >>
> >>
> >> I think we have the openjdk on the linux (perhaps other platforms too)
> >> and not the Sun/oracle implementation so as to get around license
> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
> >> doesn't have keystorepass either.
> >>
> >>
> >> -Dave
> >>
> >>
> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <solomax666@gmail.com
> >
> >> wrote:
> >> > Can you run "keytool --help" and check possible options?
> >> >
> >> > For real server it might be better to set up "let's encrypt" free
> >> > certificate (script was posted some time ago)
> >> >
> >> > WBR, Maxim
> >> > (from mobile, sorry for the typos)
> >> >
> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
> >> >>
> >> >> I am working through these steps on rhel6 which is a close cousin to
> >> >> centos 6.
> >> >>
> >> >> I have the same issue, -keystorepass is not a valid argument to
> >> >> keytool.
> >> >>
> >> >> Instead, you can just leave that argument off (and the pass ) since
> >> >> then keytool will just prompt.
> >> >>
> >> >> This still poses a problem for me because I am trying to have the
> >> >> entire setup in a script. Perhaps I can write an expect script just
> >> >> for this one line.
> >> >>
> >> >> Anyhow, I will work to further get SSL working next year. It turns
> out
> >> >> my version of chrome requires it for sound.
> >> >>
> >> >> -Dave
> >> >>
> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> >> <p....@fort.crimea.com> wrote:
> >> >> > I do all by this instruction
> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> > except
> >> >> > create in the beginning red5.key and red5.crt.
> >> >> >
> >> >> > In instruction error on this command:
> >> >> > keytool -import -alias root -keystore
> /opt/red5401/conf/keystore.jks
> >> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >> >
> >> >> >
> >> >> >
> >> >> > Error:
> >> >> > illegal option: -keystorepass
> >> >> >
> >> >> >
> >> >> >
> >> >> > In documentation
> >> >> >
> >> >> >
> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> > not exist that option so
> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> > is
> >> >> > not
> >> >> > can’t be used, not relevant.
> >> >> >
> >> >> >
> >> >> >
> >> >> > -------------------
> >> >> >
> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >
> >> >> >
> >> >> >
> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >> >
> >> >> >
> >> >> > To: Openmeetings user-list
> >> >> > Subject: Re: Configure https on centos7
> >> >> >
> >> >> >
> >> >> >
> >> >> > Please read documentation [1] and use search before asking
> questions
> >> >> >
> >> >> >
> >> >> >
> >> >> > According to the steps from [2] "-srcstorepass changeit" this means
> >> >> > "red5.p12" MUST have password "changeit"
> >> >> >
> >> >> >
> >> >> >
> >> >> > [1]
> >> >> >
> >> >> >
> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >> >
> >> >> > [2]
> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_
> for_OM_server
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> >> > <p....@fort.crimea.com>
> >> >> > wrote:
> >> >> >
> >> >> > Ø The idea here is…
> >> >> >
> >> >> > I can’t do this idea in practice, something doing not right. I
> create
> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
> >> >> > information
> >> >> > in instruction to do this fast step-by-step. Later I will have
> ‘real’
> >> >> > certificate.
> >> >> >
> >> >> >
> >> >> >
> >> >> > Ø At the moment you are starting #3 above there should be NO
> >> >> > keystore.jks,
> >> >> > you already have renamed it to *.bak (prerequisite)
> >> >> >
> >> >> > What means #3?
> >> >> >
> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > Ø Finally you are renaming passwords, they MUST match
> >> >> >
> >> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> >> >> > rsa:2048
> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> enter
> >> >> > “jmx.keystorepass=password” when it ask me enter password. If like
> >> >> > that
> >> >> > I
> >> >> > still have this error.
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > -------------------
> >> >> >
> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >
> >> >> >
> >> >> >
> >> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> >> > To: Openmeetings user-list
> >> >> > Subject: Re: Configure https on centos7
> >> >> >
> >> >> >
> >> >> >
> >> >> > The idea here is
> >> >> >
> >> >> > 1) you are creating self-signed certificate (prerequisite) ->
> >> >> > red5.crt
> >> >> >
> >> >> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
> >> >> >
> >> >> > 3) you are creating keystore based on signed red5.p12 ->
> keystore.jks
> >> >> >
> >> >> >
> >> >> >
> >> >> > At the moment you are starting #3 above there should be NO
> >> >> > keystore.jks,
> >> >> > you
> >> >> > already have renamed it to *.bak (prerequisite)
> >> >> >
> >> >> >
> >> >> >
> >> >> > Finally you are renaming passwords, they MUST match
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> >> > <p....@fort.crimea.com>
> >> >> > wrote:
> >> >> >
> >> >> > Its standard, line “jmx.keystorepass=password”
> >> >> >
> >> >> >
> >> >> >
> >> >> > -------------------
> >> >> >
> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >
> >> >> >
> >> >> >
> >> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> >> > To: user@openmeetings.apache.org
> >> >> > Subject: RE: Configure https on centos7
> >> >> >
> >> >> >
> >> >> >
> >> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >> >
> >> >> >
> >> >> >
> >> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> >> > To: user@openmeetings.apache.org
> >> >> > Subject: Configure https on centos7
> >> >> >
> >> >> >
> >> >> >
> >> >> > Use this instruction
> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> >> >> > For
> >> >> > beginning I configure self-signed certificate.
> >> >> >
> >> >> > Not all in instruction was wrote, so what I do first before
> >> >> > instruction
> >> >> > is
> >> >> > create self-signed sertificate:
> >> >> >
> >> >> > su -
> >> >> > mkdir /opt/prytsepov
> >> >> >
> >> >> > cd /opt/prytsepov
> >> >> >
> >> >> > yum install mod_ssl
> >> >> >
> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >> >
> >> >> >
> >> >> >
> >> >> > Then I do by instruction:
> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this step
> >> >> > password
> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out
> >> >> > red5.p12 -name red5 -certfile red5.crt
> >> >> >
> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore
> red5.p12
> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >> >
> >> >> >
> >> >> >
> >> >> > Here I see errors:
> >> >> >
> >> >> > keytool error:java.io.IOException:keystore password was incorrect
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > -------------------
> >> >> >
> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> >
> >> >> > WBR
> >> >> > Maxim aka solomax
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> >
> >> >> > WBR
> >> >> > Maxim aka solomax
> >
> >
> >
> >
> > --
> > WBR
> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
I just tried srcstorepass, deststorepass, and storepass, none seem to
accept an argument despite what the help page said.
-Dave
On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <so...@gmail.com> wrote:
> here is mine output: (src and dest keystore options are highlighted)
>
> /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help
>
> keytool -importkeystore [OPTION]...
>
> Imports one or all entries from another keystore
>
> Options:
>
> -srckeystore <srckeystore> source keystore name
> -destkeystore <destkeystore> destination keystore name
> -srcstoretype <srcstoretype> source keystore type
> -deststoretype <deststoretype> destination keystore type
> -srcstorepass <arg> source keystore password
> -deststorepass <arg> destination keystore password
> -srcprotected source keystore password protected
> -srcprovidername <srcprovidername> source keystore provider name
> -destprovidername <destprovidername> destination keystore provider name
> -srcalias <srcalias> source alias
> -destalias <destalias> destination alias
> -srckeypass <arg> source key password
> -destkeypass <arg> destination key password
> -noprompt do not prompt
> -providerclass <providerclass> provider class name
> -providerarg <arg> provider argument
> -providerpath <pathlist> provider classpath
> -v verbose output
>
> Use "keytool -help" for all available commands
>
>
> On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com> wrote:
>>
>> keytool --help does not list -keystorepass as an option for me. here
>> is what we have to work with:
>>
>> #which keytool
>> /usr/bin/keytool
>>
>> #namei /usr/bin/keytool
>> f: /usr/bin/keytool
>> d /
>> d usr
>> d bin
>> l keytool -> /etc/alternatives/keytool
>> d /
>> d etc
>> d alternatives
>> l keytool ->
>>
>> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> d /
>> d usr
>> d lib
>> d jvm
>> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
>> d jre
>> d bin
>> - keytool
>>
>> #rpm -qf
>> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
>> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>>
>> #keytool -help
>> Key and Certificate Management Tool
>>
>> Commands:
>>
>> -certreq Generates a certificate request
>> -changealias Changes an entry's alias
>> -delete Deletes an entry
>> -exportcert Exports certificate
>> -genkeypair Generates a key pair
>> -genseckey Generates a secret key
>> -gencert Generates certificate from a certificate request
>> -importcert Imports a certificate or a certificate chain
>> -importpass Imports a password
>> -importkeystore Imports one or all entries from another keystore
>> -keypasswd Changes the key password of an entry
>> -list Lists entries in a keystore
>> -printcert Prints the content of a certificate
>> -printcertreq Prints the content of a certificate request
>> -printcrl Prints the content of a CRL file
>> -storepasswd Changes the store password of a keystore
>>
>> Use "keytool -command_name -help" for usage of command_name
>>
>>
>> I think we have the openjdk on the linux (perhaps other platforms too)
>> and not the Sun/oracle implementation so as to get around license
>> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
>> doesn't have keystorepass either.
>>
>>
>> -Dave
>>
>>
>> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>> > Can you run "keytool --help" and check possible options?
>> >
>> > For real server it might be better to set up "let's encrypt" free
>> > certificate (script was posted some time ago)
>> >
>> > WBR, Maxim
>> > (from mobile, sorry for the typos)
>> >
>> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
>> >>
>> >> I am working through these steps on rhel6 which is a close cousin to
>> >> centos 6.
>> >>
>> >> I have the same issue, -keystorepass is not a valid argument to
>> >> keytool.
>> >>
>> >> Instead, you can just leave that argument off (and the pass ) since
>> >> then keytool will just prompt.
>> >>
>> >> This still poses a problem for me because I am trying to have the
>> >> entire setup in a script. Perhaps I can write an expect script just
>> >> for this one line.
>> >>
>> >> Anyhow, I will work to further get SSL working next year. It turns out
>> >> my version of chrome requires it for sound.
>> >>
>> >> -Dave
>> >>
>> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> >> <p....@fort.crimea.com> wrote:
>> >> > I do all by this instruction
>> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> > except
>> >> > create in the beginning red5.key and red5.crt.
>> >> >
>> >> > In instruction error on this command:
>> >> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
>> >> > -keystorepass password -trustcacerts -file red5.crt
>> >> >
>> >> >
>> >> >
>> >> > Error:
>> >> > illegal option: -keystorepass
>> >> >
>> >> >
>> >> >
>> >> > In documentation
>> >> >
>> >> >
>> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> > not exist that option so
>> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> > is
>> >> > not
>> >> > can’t be used, not relevant.
>> >> >
>> >> >
>> >> >
>> >> > -------------------
>> >> >
>> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >
>> >> >
>> >> >
>> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> > Sent: Friday, December 29, 2017 11:12 AM
>> >> >
>> >> >
>> >> > To: Openmeetings user-list
>> >> > Subject: Re: Configure https on centos7
>> >> >
>> >> >
>> >> >
>> >> > Please read documentation [1] and use search before asking questions
>> >> >
>> >> >
>> >> >
>> >> > According to the steps from [2] "-srcstorepass changeit" this means
>> >> > "red5.p12" MUST have password "changeit"
>> >> >
>> >> >
>> >> >
>> >> > [1]
>> >> >
>> >> >
>> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >> >
>> >> > [2]
>> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> >> > <p....@fort.crimea.com>
>> >> > wrote:
>> >> >
>> >> > Ø The idea here is…
>> >> >
>> >> > I can’t do this idea in practice, something doing not right. I create
>> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> >> > information
>> >> > in instruction to do this fast step-by-step. Later I will have ‘real’
>> >> > certificate.
>> >> >
>> >> >
>> >> >
>> >> > Ø At the moment you are starting #3 above there should be NO
>> >> > keystore.jks,
>> >> > you already have renamed it to *.bak (prerequisite)
>> >> >
>> >> > What means #3?
>> >> >
>> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Ø Finally you are renaming passwords, they MUST match
>> >> >
>> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
>> >> > rsa:2048
>> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
>> >> > “jmx.keystorepass=password” when it ask me enter password. If like
>> >> > that
>> >> > I
>> >> > still have this error.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > -------------------
>> >> >
>> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >
>> >> >
>> >> >
>> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> >> > Sent: Friday, December 29, 2017 10:27 AM
>> >> > To: Openmeetings user-list
>> >> > Subject: Re: Configure https on centos7
>> >> >
>> >> >
>> >> >
>> >> > The idea here is
>> >> >
>> >> > 1) you are creating self-signed certificate (prerequisite) ->
>> >> > red5.crt
>> >> >
>> >> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>> >> >
>> >> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>> >> >
>> >> >
>> >> >
>> >> > At the moment you are starting #3 above there should be NO
>> >> > keystore.jks,
>> >> > you
>> >> > already have renamed it to *.bak (prerequisite)
>> >> >
>> >> >
>> >> >
>> >> > Finally you are renaming passwords, they MUST match
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> >> > <p....@fort.crimea.com>
>> >> > wrote:
>> >> >
>> >> > Its standard, line “jmx.keystorepass=password”
>> >> >
>> >> >
>> >> >
>> >> > -------------------
>> >> >
>> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >
>> >> >
>> >> >
>> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> >> > Sent: Friday, December 29, 2017 7:51 AM
>> >> > To: user@openmeetings.apache.org
>> >> > Subject: RE: Configure https on centos7
>> >> >
>> >> >
>> >> >
>> >> > which passwords do you use in red5/conf/red5.properties ?
>> >> >
>> >> >
>> >> >
>> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> >> > Sent: Thursday, December 28, 2017 5:36 PM
>> >> > To: user@openmeetings.apache.org
>> >> > Subject: Configure https on centos7
>> >> >
>> >> >
>> >> >
>> >> > Use this instruction
>> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> >> > For
>> >> > beginning I configure self-signed certificate.
>> >> >
>> >> > Not all in instruction was wrote, so what I do first before
>> >> > instruction
>> >> > is
>> >> > create self-signed sertificate:
>> >> >
>> >> > su -
>> >> > mkdir /opt/prytsepov
>> >> >
>> >> > cd /opt/prytsepov
>> >> >
>> >> > yum install mod_ssl
>> >> >
>> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >> >
>> >> >
>> >> >
>> >> > Then I do by instruction:
>> >> > this step edit sa.crt to red5.crt or it gives errors. On this step
>> >> > password
>> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>> >> > red5.p12 -name red5 -certfile red5.crt
>> >> >
>> >> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
>> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> >> > /opt/red5401/conf/keystore.jks -alias red5
>> >> >
>> >> >
>> >> >
>> >> > Here I see errors:
>> >> >
>> >> > keytool error:java.io.IOException:keystore password was incorrect
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > -------------------
>> >> >
>> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > WBR
>> >> > Maxim aka solomax
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> >
>> >> > WBR
>> >> > Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
here is mine output: (src and dest keystore options are highlighted)
*/usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help*
keytool -importkeystore [OPTION]...
Imports one or all entries from another keystore
Options:
* -srckeystore* <srckeystore> source keystore name
* -destkeystore* <destkeystore> destination keystore name
* -srcstoretype* <srcstoretype> source keystore type
* -deststoretype* <deststoretype> destination keystore type
* -srcstorepass* <arg> source keystore password
* -deststorepass* <arg> destination keystore password
-srcprotected source keystore password protected
-srcprovidername <srcprovidername> source keystore provider name
-destprovidername <destprovidername> destination keystore provider name
-srcalias <srcalias> source alias
-destalias <destalias> destination alias
-srckeypass <arg> source key password
-destkeypass <arg> destination key password
-noprompt do not prompt
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
Use "keytool -help" for all available commands
On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <je...@gmail.com> wrote:
> keytool --help does not list -keystorepass as an option for me. here
> is what we have to work with:
>
> #which keytool
> /usr/bin/keytool
>
> #namei /usr/bin/keytool
> f: /usr/bin/keytool
> d /
> d usr
> d bin
> l keytool -> /etc/alternatives/keytool
> d /
> d etc
> d alternatives
> l keytool ->
> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> d /
> d usr
> d lib
> d jvm
> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
> d jre
> d bin
> - keytool
>
> #rpm -qf /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.
> x86_64/jre/bin/keytool
> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
>
> #keytool -help
> Key and Certificate Management Tool
>
> Commands:
>
> -certreq Generates a certificate request
> -changealias Changes an entry's alias
> -delete Deletes an entry
> -exportcert Exports certificate
> -genkeypair Generates a key pair
> -genseckey Generates a secret key
> -gencert Generates certificate from a certificate request
> -importcert Imports a certificate or a certificate chain
> -importpass Imports a password
> -importkeystore Imports one or all entries from another keystore
> -keypasswd Changes the key password of an entry
> -list Lists entries in a keystore
> -printcert Prints the content of a certificate
> -printcertreq Prints the content of a certificate request
> -printcrl Prints the content of a CRL file
> -storepasswd Changes the store password of a keystore
>
> Use "keytool -command_name -help" for usage of command_name
>
>
> I think we have the openjdk on the linux (perhaps other platforms too)
> and not the Sun/oracle implementation so as to get around license
> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
> doesn't have keystorepass either.
>
>
> -Dave
>
>
> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
> > Can you run "keytool --help" and check possible options?
> >
> > For real server it might be better to set up "let's encrypt" free
> > certificate (script was posted some time ago)
> >
> > WBR, Maxim
> > (from mobile, sorry for the typos)
> >
> > On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
> >>
> >> I am working through these steps on rhel6 which is a close cousin to
> >> centos 6.
> >>
> >> I have the same issue, -keystorepass is not a valid argument to keytool.
> >>
> >> Instead, you can just leave that argument off (and the pass ) since
> >> then keytool will just prompt.
> >>
> >> This still poses a problem for me because I am trying to have the
> >> entire setup in a script. Perhaps I can write an expect script just
> >> for this one line.
> >>
> >> Anyhow, I will work to further get SSL working next year. It turns out
> >> my version of chrome requires it for sound.
> >>
> >> -Dave
> >>
> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> >> <p....@fort.crimea.com> wrote:
> >> > I do all by this instruction
> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> >> > except
> >> > create in the beginning red5.key and red5.crt.
> >> >
> >> > In instruction error on this command:
> >> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
> >> > -keystorepass password -trustcacerts -file red5.crt
> >> >
> >> >
> >> >
> >> > Error:
> >> > illegal option: -keystorepass
> >> >
> >> >
> >> >
> >> > In documentation
> >> >
> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> > not exist that option so
> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> is
> >> > not
> >> > can’t be used, not relevant.
> >> >
> >> >
> >> >
> >> > -------------------
> >> >
> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >
> >> >
> >> >
> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> > Sent: Friday, December 29, 2017 11:12 AM
> >> >
> >> >
> >> > To: Openmeetings user-list
> >> > Subject: Re: Configure https on centos7
> >> >
> >> >
> >> >
> >> > Please read documentation [1] and use search before asking questions
> >> >
> >> >
> >> >
> >> > According to the steps from [2] "-srcstorepass changeit" this means
> >> > "red5.p12" MUST have password "changeit"
> >> >
> >> >
> >> >
> >> > [1]
> >> >
> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/
> windows/keytool.html
> >> >
> >> > [2]
> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> >> >
> >> >
> >> >
> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
> >> > <p....@fort.crimea.com>
> >> > wrote:
> >> >
> >> > Ø The idea here is…
> >> >
> >> > I can’t do this idea in practice, something doing not right. I create
> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
> >> > information
> >> > in instruction to do this fast step-by-step. Later I will have ‘real’
> >> > certificate.
> >> >
> >> >
> >> >
> >> > Ø At the moment you are starting #3 above there should be NO
> >> > keystore.jks,
> >> > you already have renamed it to *.bak (prerequisite)
> >> >
> >> > What means #3?
> >> >
> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Ø Finally you are renaming passwords, they MUST match
> >> >
> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> >> > rsa:2048
> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
> >> > “jmx.keystorepass=password” when it ask me enter password. If like
> that
> >> > I
> >> > still have this error.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > -------------------
> >> >
> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >
> >> >
> >> >
> >> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> >> > Sent: Friday, December 29, 2017 10:27 AM
> >> > To: Openmeetings user-list
> >> > Subject: Re: Configure https on centos7
> >> >
> >> >
> >> >
> >> > The idea here is
> >> >
> >> > 1) you are creating self-signed certificate (prerequisite) ->
> red5.crt
> >> >
> >> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
> >> >
> >> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks
> >> >
> >> >
> >> >
> >> > At the moment you are starting #3 above there should be NO
> keystore.jks,
> >> > you
> >> > already have renamed it to *.bak (prerequisite)
> >> >
> >> >
> >> >
> >> > Finally you are renaming passwords, they MUST match
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
> >> > <p....@fort.crimea.com>
> >> > wrote:
> >> >
> >> > Its standard, line “jmx.keystorepass=password”
> >> >
> >> >
> >> >
> >> > -------------------
> >> >
> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >
> >> >
> >> >
> >> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> >> > Sent: Friday, December 29, 2017 7:51 AM
> >> > To: user@openmeetings.apache.org
> >> > Subject: RE: Configure https on centos7
> >> >
> >> >
> >> >
> >> > which passwords do you use in red5/conf/red5.properties ?
> >> >
> >> >
> >> >
> >> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> >> > Sent: Thursday, December 28, 2017 5:36 PM
> >> > To: user@openmeetings.apache.org
> >> > Subject: Configure https on centos7
> >> >
> >> >
> >> >
> >> > Use this instruction http://openmeetings.apache.
> org/RTMPSAndHTTPS.html .
> >> > For
> >> > beginning I configure self-signed certificate.
> >> >
> >> > Not all in instruction was wrote, so what I do first before
> instruction
> >> > is
> >> > create self-signed sertificate:
> >> >
> >> > su -
> >> > mkdir /opt/prytsepov
> >> >
> >> > cd /opt/prytsepov
> >> >
> >> > yum install mod_ssl
> >> >
> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >> >
> >> >
> >> >
> >> > Then I do by instruction:
> >> > this step edit sa.crt to red5.crt or it gives errors. On this step
> >> > password
> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
> >> > red5.p12 -name red5 -certfile red5.crt
> >> >
> >> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> >> > /opt/red5401/conf/keystore.jks -alias red5
> >> >
> >> >
> >> >
> >> > Here I see errors:
> >> >
> >> > keytool error:java.io.IOException:keystore password was incorrect
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > -------------------
> >> >
> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > WBR
> >> > Maxim aka solomax
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> >
> >> > WBR
> >> > Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
keytool --help does not list -keystorepass as an option for me. here
is what we have to work with:
#which keytool
/usr/bin/keytool
#namei /usr/bin/keytool
f: /usr/bin/keytool
d /
d usr
d bin
l keytool -> /etc/alternatives/keytool
d /
d etc
d alternatives
l keytool ->
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
d /
d usr
d lib
d jvm
d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
d jre
d bin
- keytool
#rpm -qf /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
#keytool -help
Key and Certificate Management Tool
Commands:
-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importpass Imports a password
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore
Use "keytool -command_name -help" for usage of command_name
I think we have the openjdk on the linux (perhaps other platforms too)
and not the Sun/oracle implementation so as to get around license
issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
doesn't have keystorepass either.
-Dave
On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <so...@gmail.com> wrote:
> Can you run "keytool --help" and check possible options?
>
> For real server it might be better to set up "let's encrypt" free
> certificate (script was posted some time ago)
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
>>
>> I am working through these steps on rhel6 which is a close cousin to
>> centos 6.
>>
>> I have the same issue, -keystorepass is not a valid argument to keytool.
>>
>> Instead, you can just leave that argument off (and the pass ) since
>> then keytool will just prompt.
>>
>> This still poses a problem for me because I am trying to have the
>> entire setup in a script. Perhaps I can write an expect script just
>> for this one line.
>>
>> Anyhow, I will work to further get SSL working next year. It turns out
>> my version of chrome requires it for sound.
>>
>> -Dave
>>
>> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> <p....@fort.crimea.com> wrote:
>> > I do all by this instruction
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> > except
>> > create in the beginning red5.key and red5.crt.
>> >
>> > In instruction error on this command:
>> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
>> > -keystorepass password -trustcacerts -file red5.crt
>> >
>> >
>> >
>> > Error:
>> > illegal option: -keystorepass
>> >
>> >
>> >
>> > In documentation
>> >
>> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> > not exist that option so
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is
>> > not
>> > can’t be used, not relevant.
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> > Sent: Friday, December 29, 2017 11:12 AM
>> >
>> >
>> > To: Openmeetings user-list
>> > Subject: Re: Configure https on centos7
>> >
>> >
>> >
>> > Please read documentation [1] and use search before asking questions
>> >
>> >
>> >
>> > According to the steps from [2] "-srcstorepass changeit" this means
>> > "red5.p12" MUST have password "changeit"
>> >
>> >
>> >
>> > [1]
>> >
>> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >
>> > [2]
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >
>> >
>> >
>> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> > <p....@fort.crimea.com>
>> > wrote:
>> >
>> > Ø The idea here is…
>> >
>> > I can’t do this idea in practice, something doing not right. I create
>> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> > information
>> > in instruction to do this fast step-by-step. Later I will have ‘real’
>> > certificate.
>> >
>> >
>> >
>> > Ø At the moment you are starting #3 above there should be NO
>> > keystore.jks,
>> > you already have renamed it to *.bak (prerequisite)
>> >
>> > What means #3?
>> >
>> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
>> >
>> >
>> >
>> >
>> >
>> > Ø Finally you are renaming passwords, they MUST match
>> >
>> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
>> > rsa:2048
>> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
>> > “jmx.keystorepass=password” when it ask me enter password. If like that
>> > I
>> > still have this error.
>> >
>> >
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
>> > Sent: Friday, December 29, 2017 10:27 AM
>> > To: Openmeetings user-list
>> > Subject: Re: Configure https on centos7
>> >
>> >
>> >
>> > The idea here is
>> >
>> > 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>> >
>> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>> >
>> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>> >
>> >
>> >
>> > At the moment you are starting #3 above there should be NO keystore.jks,
>> > you
>> > already have renamed it to *.bak (prerequisite)
>> >
>> >
>> >
>> > Finally you are renaming passwords, they MUST match
>> >
>> >
>> >
>> >
>> >
>> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> > <p....@fort.crimea.com>
>> > wrote:
>> >
>> > Its standard, line “jmx.keystorepass=password”
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
>> > Sent: Friday, December 29, 2017 7:51 AM
>> > To: user@openmeetings.apache.org
>> > Subject: RE: Configure https on centos7
>> >
>> >
>> >
>> > which passwords do you use in red5/conf/red5.properties ?
>> >
>> >
>> >
>> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
>> > Sent: Thursday, December 28, 2017 5:36 PM
>> > To: user@openmeetings.apache.org
>> > Subject: Configure https on centos7
>> >
>> >
>> >
>> > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> > For
>> > beginning I configure self-signed certificate.
>> >
>> > Not all in instruction was wrote, so what I do first before instruction
>> > is
>> > create self-signed sertificate:
>> >
>> > su -
>> > mkdir /opt/prytsepov
>> >
>> > cd /opt/prytsepov
>> >
>> > yum install mod_ssl
>> >
>> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >
>> >
>> >
>> > Then I do by instruction:
>> > this step edit sa.crt to red5.crt or it gives errors. On this step
>> > password
>> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>> > red5.p12 -name red5 -certfile red5.crt
>> >
>> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
>> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> > /opt/red5401/conf/keystore.jks -alias red5
>> >
>> >
>> >
>> > Here I see errors:
>> >
>> > keytool error:java.io.IOException:keystore password was incorrect
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > WBR
>> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > WBR
>> > Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
Can you run "keytool --help" and check possible options?
For real server it might be better to set up "let's encrypt" free
certificate (script was posted some time ago)
WBR, Maxim
(from mobile, sorry for the typos)
On Sat, Dec 30, 2017, 08:06 David Jentz <je...@gmail.com> wrote:
> I am working through these steps on rhel6 which is a close cousin to
> centos 6.
>
> I have the same issue, -keystorepass is not a valid argument to keytool.
>
> Instead, you can just leave that argument off (and the pass ) since
> then keytool will just prompt.
>
> This still poses a problem for me because I am trying to have the
> entire setup in a script. Perhaps I can write an expect script just
> for this one line.
>
> Anyhow, I will work to further get SSL working next year. It turns out
> my version of chrome requires it for sound.
>
> -Dave
>
> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
> <p....@fort.crimea.com> wrote:
> > I do all by this instruction
> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> except
> > create in the beginning red5.key and red5.crt.
> >
> > In instruction error on this command:
> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
> > -keystorepass password -trustcacerts -file red5.crt
> >
> >
> >
> > Error:
> > illegal option: -keystorepass
> >
> >
> >
> > In documentation
> >
> https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
> > not exist that option so
> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> is not
> > can’t be used, not relevant.
> >
> >
> >
> > -------------------
> >
> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >
> >
> >
> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> > Sent: Friday, December 29, 2017 11:12 AM
> >
> >
> > To: Openmeetings user-list
> > Subject: Re: Configure https on centos7
> >
> >
> >
> > Please read documentation [1] and use search before asking questions
> >
> >
> >
> > According to the steps from [2] "-srcstorepass changeit" this means
> > "red5.p12" MUST have password "changeit"
> >
> >
> >
> > [1]
> >
> https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
> >
> > [2]
> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
> >
> >
> >
> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <
> p.andrey@fort.crimea.com>
> > wrote:
> >
> > Ø The idea here is…
> >
> > I can’t do this idea in practice, something doing not right. I create
> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
> information
> > in instruction to do this fast step-by-step. Later I will have ‘real’
> > certificate.
> >
> >
> >
> > Ø At the moment you are starting #3 above there should be NO
> keystore.jks,
> > you already have renamed it to *.bak (prerequisite)
> >
> > What means #3?
> >
> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
> >
> >
> >
> >
> >
> > Ø Finally you are renaming passwords, they MUST match
> >
> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> rsa:2048
> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
> > “jmx.keystorepass=password” when it ask me enter password. If like that I
> > still have this error.
> >
> >
> >
> >
> >
> > -------------------
> >
> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >
> >
> >
> > From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> > Sent: Friday, December 29, 2017 10:27 AM
> > To: Openmeetings user-list
> > Subject: Re: Configure https on centos7
> >
> >
> >
> > The idea here is
> >
> > 1) you are creating self-signed certificate (prerequisite) -> red5.crt
> >
> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
> >
> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks
> >
> >
> >
> > At the moment you are starting #3 above there should be NO keystore.jks,
> you
> > already have renamed it to *.bak (prerequisite)
> >
> >
> >
> > Finally you are renaming passwords, they MUST match
> >
> >
> >
> >
> >
> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <
> p.andrey@fort.crimea.com>
> > wrote:
> >
> > Its standard, line “jmx.keystorepass=password”
> >
> >
> >
> > -------------------
> >
> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >
> >
> >
> > From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> > Sent: Friday, December 29, 2017 7:51 AM
> > To: user@openmeetings.apache.org
> > Subject: RE: Configure https on centos7
> >
> >
> >
> > which passwords do you use in red5/conf/red5.properties ?
> >
> >
> >
> > From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> > Sent: Thursday, December 28, 2017 5:36 PM
> > To: user@openmeetings.apache.org
> > Subject: Configure https on centos7
> >
> >
> >
> > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html
> . For
> > beginning I configure self-signed certificate.
> >
> > Not all in instruction was wrote, so what I do first before instruction
> is
> > create self-signed sertificate:
> >
> > su -
> > mkdir /opt/prytsepov
> >
> > cd /opt/prytsepov
> >
> > yum install mod_ssl
> >
> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
> >
> >
> >
> > Then I do by instruction:
> > this step edit sa.crt to red5.crt or it gives errors. On this step
> password
> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
> > red5.p12 -name red5 -certfile red5.crt
> >
> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> > /opt/red5401/conf/keystore.jks -alias red5
> >
> >
> >
> > Here I see errors:
> >
> > keytool error:java.io.IOException:keystore password was incorrect
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -------------------
> >
> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> > WBR
> > Maxim aka solomax
> >
> >
> >
> >
> >
> > --
> >
> > WBR
> > Maxim aka solomax
>
Re: Configure https on centos7
Posted by David Jentz <je...@gmail.com>.
I am working through these steps on rhel6 which is a close cousin to centos 6.
I have the same issue, -keystorepass is not a valid argument to keytool.
Instead, you can just leave that argument off (and the pass ) since
then keytool will just prompt.
This still poses a problem for me because I am trying to have the
entire setup in a script. Perhaps I can write an expect script just
for this one line.
Anyhow, I will work to further get SSL working next year. It turns out
my version of chrome requires it for sound.
-Dave
On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
<p....@fort.crimea.com> wrote:
> I do all by this instruction
> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server except
> create in the beginning red5.key and red5.crt.
>
> In instruction error on this command:
> keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
> -keystorepass password -trustcacerts -file red5.crt
>
>
>
> Error:
> illegal option: -keystorepass
>
>
>
> In documentation
> https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
> not exist that option so
> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is not
> can’t be used, not relevant.
>
>
>
> -------------------
>
> С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Friday, December 29, 2017 11:12 AM
>
>
> To: Openmeetings user-list
> Subject: Re: Configure https on centos7
>
>
>
> Please read documentation [1] and use search before asking questions
>
>
>
> According to the steps from [2] "-srcstorepass changeit" this means
> "red5.p12" MUST have password "changeit"
>
>
>
> [1]
> https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>
> [2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>
>
>
> On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Ø The idea here is…
>
> I can’t do this idea in practice, something doing not right. I create
> red5.crt and red5.p12 but keystore.jks can’t create. Not enough information
> in instruction to do this fast step-by-step. Later I will have ‘real’
> certificate.
>
>
>
> Ø At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
> What means #3?
>
> I renamed them, but *jks wasn’t there in the beginning was *jmx.
>
>
>
>
>
> Ø Finally you are renaming passwords, they MUST match
>
> So when I do command “openssl req -x509 -nodes -days 99999 -newkey rsa:2048
> -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
> “jmx.keystorepass=password” when it ask me enter password. If like that I
> still have this error.
>
>
>
>
>
> -------------------
>
> С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Friday, December 29, 2017 10:27 AM
> To: Openmeetings user-list
> Subject: Re: Configure https on centos7
>
>
>
> The idea here is
>
> 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>
> 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>
> 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>
>
>
> At the moment you are starting #3 above there should be NO keystore.jks, you
> already have renamed it to *.bak (prerequisite)
>
>
>
> Finally you are renaming passwords, they MUST match
>
>
>
>
>
> On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Its standard, line “jmx.keystorepass=password”
>
>
>
> -------------------
>
> С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>
>
>
> From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> Sent: Friday, December 29, 2017 7:51 AM
> To: user@openmeetings.apache.org
> Subject: RE: Configure https on centos7
>
>
>
> which passwords do you use in red5/conf/red5.properties ?
>
>
>
> From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
> Sent: Thursday, December 28, 2017 5:36 PM
> To: user@openmeetings.apache.org
> Subject: Configure https on centos7
>
>
>
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For
> beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step password
> left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
> red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> -------------------
>
> С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
RE: Configure https on centos7
Posted by Андрей Прицепов <p....@fort.crimea.com>.
I do all by this instruction <http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server except create in the beginning red5.key and red5.crt.
In instruction error on this command:
keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks -keystorepass password -trustcacerts -file red5.crt
Error:
illegal option: -keystorepass
In documentation https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html not exist that option so <http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server> http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is not can’t be used, not relevant.
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 11:12 AM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
Please read documentation [1] and use search before asking questions
According to the steps from [2] "-srcstorepass changeit" this means "red5.p12" MUST have password "changeit"
[1] https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
[2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Ø The idea here is…
I can’t do this idea in practice, something doing not right. I create red5.crt and red5.p12 but keystore.jks can’t create. Not enough information in instruction to do this fast step-by-step. Later I will have ‘real’ certificate.
Ø At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
What means #3?
I renamed them, but *jks wasn’t there in the beginning was *jmx.
Ø Finally you are renaming passwords, they MUST match
So when I do command “openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter “jmx.keystorepass=password” when it ask me enter password. If like that I still have this error.
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 10:27 AM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
The idea here is
1) you are creating self-signed certificate (prerequisite) -> red5.crt
2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
3) you are creating keystore based on signed red5.p12 -> keystore.jks
At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
Finally you are renaming passwords, they MUST match
On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Its standard, line “jmx.keystorepass=password”
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
Sent: Friday, December 29, 2017 7:51 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
Please read documentation [1] and use search before asking questions
According to the steps from [2] "-srcstorepass changeit" this means "
red5.p12" MUST have password "changeit"
[1]
https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
[2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p....@fort.crimea.com>
wrote:
> Ø The idea here is…
>
> I can’t do this idea in practice, something doing not right. I create
> red5.crt and red5.p12 but keystore.jks can’t create. Not enough information
> in instruction to do this fast step-by-step. Later I will have ‘real’
> certificate.
>
>
>
> Ø At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
> What means #3?
>
> I renamed them, but *jks wasn’t there in the beginning was *jmx.
>
>
>
>
>
> Ø Finally you are renaming passwords, they MUST match
>
> So when I do command “openssl req -x509 -nodes -days 99999 -newkey
> rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I
> enter “jmx.keystorepass=password” when it ask me enter password. If like
> that I still have this error.
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, December 29, 2017 10:27 AM
> *To:* Openmeetings user-list
> *Subject:* Re: Configure https on centos7
>
>
>
> The idea here is
>
> 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>
> 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>
> 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>
>
>
> At the moment you are starting #3 above there should be NO keystore.jks,
> you already have renamed it to *.bak (prerequisite)
>
>
>
> Finally you are renaming passwords, they MUST match
>
>
>
>
>
> On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com>
> wrote:
>
> Its standard, line “jmx.keystorepass=password”
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> *Sent:* Friday, December 29, 2017 7:51 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: Configure https on centos7
>
>
>
> which passwords do you use in red5/conf/red5.properties ?
>
>
>
> *From:* Андрей Прицепов [mailto:p.andrey@fort.crimea.com
> <p....@fort.crimea.com>]
> *Sent:* Thursday, December 28, 2017 5:36 PM
> *To:* user@openmeetings.apache.org
> *Subject:* Configure https on centos7
>
>
>
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> For beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step
> password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: Configure https on centos7
Posted by Андрей Прицепов <p....@fort.crimea.com>.
Ø The idea here is…
I can’t do this idea in practice, something doing not right. I create red5.crt and red5.p12 but keystore.jks can’t create. Not enough information in instruction to do this fast step-by-step. Later I will have ‘real’ certificate.
Ø At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
What means #3?
I renamed them, but *jks wasn’t there in the beginning was *jmx.
Ø Finally you are renaming passwords, they MUST match
So when I do command “openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter “jmx.keystorepass=password” when it ask me enter password. If like that I still have this error.
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, December 29, 2017 10:27 AM
To: Openmeetings user-list
Subject: Re: Configure https on centos7
The idea here is
1) you are creating self-signed certificate (prerequisite) -> red5.crt
2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
3) you are creating keystore based on signed red5.p12 -> keystore.jks
At the moment you are starting #3 above there should be NO keystore.jks, you already have renamed it to *.bak (prerequisite)
Finally you are renaming passwords, they MUST match
On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com> wrote:
Its standard, line “jmx.keystorepass=password”
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
Sent: Friday, December 29, 2017 7:51 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 -srcstoretype PKCS12 -deststorepass changeit -destkeystore /opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов “Лаборатория Форт Крым”
--
WBR
Maxim aka solomax
Re: Configure https on centos7
Posted by Maxim Solodovnik <so...@gmail.com>.
The idea here is
1) you are creating self-signed certificate (prerequisite) -> red5.crt
2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
3) you are creating keystore based on signed red5.p12 -> keystore.jks
At the moment you are starting #3 above there should be NO keystore.jks,
you already have renamed it to *.bak (prerequisite)
Finally you are renaming passwords, they MUST match
On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p....@fort.crimea.com>
wrote:
> Its standard, line “jmx.keystorepass=password”
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
> *From:* Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
> *Sent:* Friday, December 29, 2017 7:51 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: Configure https on centos7
>
>
>
> which passwords do you use in red5/conf/red5.properties ?
>
>
>
> *From:* Андрей Прицепов [mailto:p.andrey@fort.crimea.com
> <p....@fort.crimea.com>]
> *Sent:* Thursday, December 28, 2017 5:36 PM
> *To:* user@openmeetings.apache.org
> *Subject:* Configure https on centos7
>
>
>
> Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
> For beginning I configure self-signed certificate.
>
> Not all in instruction was wrote, so what I do first before instruction is
> create self-signed sertificate:
>
> su -
> mkdir /opt/prytsepov
>
> cd /opt/prytsepov
>
> yum install mod_ssl
>
> openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
> /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>
>
>
> Then I do by instruction:
> this step edit sa.crt to red5.crt or it gives errors. On this step
> password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key
> -out red5.p12 -name red5 -certfile red5.crt
>
> keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass changeit -destkeystore
> /opt/red5401/conf/keystore.jks -alias red5
>
>
>
> Here I see errors:
>
> keytool error:java.io.IOException:keystore password was incorrect
>
>
>
>
>
>
>
>
>
> *------------------- *
>
> *С уважением, Андрей Прицепов “Лаборатория Форт Крым”*
>
>
>
--
WBR
Maxim aka solomax
RE: Configure https on centos7
Posted by Андрей Прицепов <p....@fort.crimea.com>.
Its standard, line "jmx.keystorepass=password"
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"
From: Yakovlev N. [mailto:yakovlev_nd@krvostok.ru]
Sent: Friday, December 29, 2017 7:51 AM
To: user@openmeetings.apache.org
Subject: RE: Configure https on centos7
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For
beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is
create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
/opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password
left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
/opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"
RE: Configure https on centos7
Posted by "Yakovlev N." <ya...@krvostok.ru>.
which passwords do you use in red5/conf/red5.properties ?
From: Андрей Прицепов [mailto:p.andrey@fort.crimea.com]
Sent: Thursday, December 28, 2017 5:36 PM
To: user@openmeetings.apache.org
Subject: Configure https on centos7
Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For
beginning I configure self-signed certificate.
Not all in instruction was wrote, so what I do first before instruction is
create self-signed sertificate:
su -
mkdir /opt/prytsepov
cd /opt/prytsepov
yum install mod_ssl
openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
/opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
Then I do by instruction:
this step edit sa.crt to red5.crt or it gives errors. On this step password
left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
red5.p12 -name red5 -certfile red5.crt
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
/opt/red5401/conf/keystore.jks -alias red5
Here I see errors:
keytool error:java.io.IOException:keystore password was incorrect
-------------------
С уважением, Андрей Прицепов "Лаборатория Форт Крым"