You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Jacob Wenzel <jw...@energiakademiet.dk> on 2017/10/18 11:38:39 UTC
How to use letsencrypt with OpenMeetings for RTMPS/HTTPS connection
Hi all!
I had a few problems with translating the RTMPS/HTTPS guide
<https://openmeetings.apache.org/RTMPSAndHTTPS.html#Create_Keystore_using_existing_key-pair>
for use with letsencrypt certificates due to different file names, so I
documented the process for my own memory and anyone interested can see
or follow the steps below to get a working RTMPS/HTTPS setup for
OpenMeetings.
*But what happens when my certificates are renewed?* Will I have to
repeat steps 1 - 5 every time? If yes then I with try to create a bash
script that automates the process.
--------------------------------------
RTMPS/HTTPS in OpenMeetings with letsencrypt
(Replace [OM server FQDN] with your actual OpenMeetings FQDN)
1. cd to your red5 install dir
2.
Export existing keys into PKCS12 format:
|openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server
FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server
FQDN]/privkey.pem -out red5.p12 -name red5 -certfile
/etc/letsencrypt/live/[OM server FQDN]/chain.pem Enter Export
Password: password Verifying - Enter Export Password: password|
3.
Import resulting red5.p12 into keystore:
|keytool -importkeystore -srcstorepass password -srckeystore
red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore
keystore.jks -alias red5|
4.
Import your letsencrypt certificate into the keystore
|keytool -import -alias root -keystore keystore.jks -trustcacerts
-file /etc/letsencrypt/live/[OM server FQDN]/chain.pem|
5.
Copy keystore to truststore
|cp keystore.jks trustscore.jks|
SSL for the web interface and Tunneling RTMPS
6. Edit |./jee-container.xml| file
- Comment Tomcat without SSL enabled section
- UNComment Tomcat with SSL enabled section
7.
Edit |../webapps/openmeetings/public/config.xml| and set
|<protocol>https</protocol> <red5httpport>5443</red5httpport>
<rtmpsslport>5443</rtmpsslport> <useSSL>yes</useSSL>
<proxyType>none</proxyType>|
8.
Restart red5 service (or reboot)
9. Visit |https://[OM server FQDN]:5443| in your browser and sign in.
- Go to |Administration > Configuration| and set
|application.base.url| to |https://https://[OM server
FQDN]:5443/openmeetings/|
--
*Med venlig hilsen/Best regards*
*JACOB WENZEL
Projektleder*
*ENERGIAKADEMIET*
Strandengen 1
8305 SAMSØ
+45 60 61 15 97
jw@energiakademiet.dk <ma...@energiakademiet.dk>
www.energiakademiet.dk <http://energiakademiet.dk>
Re: How to use letsencrypt with OpenMeetings for RTMPS/HTTPS connection
Posted by Maxim Solodovnik <so...@gmail.com>.
Thanks again :)
I've added user@ list so others can use your script :)
On Wed, Oct 18, 2017 at 10:17 PM, Jacob Wenzel <jw...@energiakademiet.dk>
wrote:
> Fixed a few typos and added a script, that can repeat the process on
> renewal :)
>
> ------------------------------------
> RTMPS/HTTPS in OpenMeetings with letsencrypt (Replace [OM server FQDN]
> with your actual OpenMeetings FQDN)
>
> 1. cd to your red5/conf dir
> 2.
>
> Export existing keys into PKCS12 format:
>
> openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out red5.p12 -name red5 -certfile /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>
> Enter Export Password: password
> Verifying - Enter Export Password: password
>
> 3.
>
> Import resulting red5.p12 into keystore:
>
> keytool -importkeystore -srcstorepass password -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass password -destkeystore keystore.jks
> -alias red5
> 4.
>
> Import your letsencrypt certificate into the keystore
>
> keytool -import -alias root -keystore keystore.jks -trustcacerts -file
> /etc/letsencrypt/live/[OM server FQDN]/chain.pem
> 5.
>
> Copy keystore to truststore
>
> cp keystore.jks trustscore.jks
> SSL for the web interface and Tunneling RTMPS
> 6. Edit ./jee-container.xml file
> - Comment Tomcat without SSL enabled section
> - UNComment Tomcat with SSL enabled section
> 7.
>
> Edit ../webapps/openmeetings/public/config.xml and set
>
> <protocol>https</protocol>
> <red5httpport>5443</red5httpport>
> <rtmpsslport>5443</rtmpsslport>
> <useSSL>yes</useSSL>
> <proxyType>none</proxyType>
>
> 8.
>
> Restart red5 service (or reboot)
> 9. Visit https://[OM server FQDN]:5443 in your browser and sign in.
> - Go to Administration > Configuration and set application.base.url to
> https://[OM server FQDN]:5443/openmeetings/
>
> Script to run when letsencrypt certs are renewed
>
> 1.
>
> Create /root/renew-red5-cert.sh with (check red5 install dir and
> service name):
>
> #!/bin/bash
>
> mv /opt/red5/conf/keystore.jks /opt/red5/conf/keystore.bak
>
> openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out /opt/red5/conf/red5.p12 -name red5 -passout pass:password -certfile /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>
> keytool -importkeystore -srcstorepass password -srckeystore /opt/red5/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore /opt/red5/conf/keystore.jks -alias red5
>
> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks -trustcacerts -storepass password -file /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>
> cp -f /opt/red5/conf/keystore.jks /opt/red5/conf/trustscore.jks
>
> /etc/init.d/red5-ubdeb2 restart
>
> 2.
>
> Make it executable
>
> chmod +x renew-red5-cert.sh
> 3. Enter crontab with crontab -e
> - Add --renew-hook "/root/renew-red5-cert.sh" after certbot renew
>
>
> On 2017-10-18 14:22, Maxim Solodovnik wrote:
>
> Thanks for sharing!
>
> steps 1-5 need to be repeated, BUT they are simple and you can create
> script for this :)))
>
> On Wed, Oct 18, 2017 at 6:38 PM, Jacob Wenzel <jw...@energiakademiet.dk>
> wrote:
>
>> Hi all!
>>
>> I had a few problems with translating the RTMPS/HTTPS guide
>> <https://openmeetings.apache.org/RTMPSAndHTTPS.html#Create_Keystore_using_existing_key-pair>
>> for use with letsencrypt certificates due to different file names, so I
>> documented the process for my own memory and anyone interested can see or
>> follow the steps below to get a working RTMPS/HTTPS setup for OpenMeetings.
>>
>> *But what happens when my certificates are renewed?* Will I have to
>> repeat steps 1 - 5 every time? If yes then I with try to create a bash
>> script that automates the process.
>>
>> --------------------------------------
>> RTMPS/HTTPS in OpenMeetings with letsencrypt (Replace [OM server FQDN]
>> with your actual OpenMeetings FQDN)
>>
>> 1. cd to your red5 install dir
>> 2.
>>
>> Export existing keys into PKCS12 format:
>>
>> openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out red5.p12 -name red5 -certfile /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>>
>> Enter Export Password: password
>> Verifying - Enter Export Password: password
>>
>> 3.
>>
>> Import resulting red5.p12 into keystore:
>>
>> keytool -importkeystore -srcstorepass password -srckeystore red5.p12
>> -srcstoretype PKCS12 -deststorepass password -destkeystore keystore.jks
>> -alias red5
>> 4.
>>
>> Import your letsencrypt certificate into the keystore
>>
>> keytool -import -alias root -keystore keystore.jks -trustcacerts
>> -file /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>> 5.
>>
>> Copy keystore to truststore
>>
>> cp keystore.jks trustscore.jks
>> SSL for the web interface and Tunneling RTMPS
>> 6. Edit ./jee-container.xml file
>> - Comment Tomcat without SSL enabled section
>> - UNComment Tomcat with SSL enabled section
>> 7.
>>
>> Edit ../webapps/openmeetings/public/config.xml and set
>>
>> <protocol>https</protocol>
>> <red5httpport>5443</red5httpport>
>> <rtmpsslport>5443</rtmpsslport>
>> <useSSL>yes</useSSL>
>> <proxyType>none</proxyType>
>>
>> 8.
>>
>> Restart red5 service (or reboot)
>> 9. Visit https://[OM server FQDN]:5443 in your browser and sign in.
>> - Go to Administration > Configuration and set application.base.url
>> to https://https://[OM server FQDN]:5443/openmeetings/
>>
>> --
>>
>> *Med venlig hilsen/Best regards*
>>
>>
>> *JACOB WENZEL Projektleder*
>>
>> *ENERGIAKADEMIET*
>> Strandengen 1
>> <https://maps.google.com/?q=Strandengen+1+%0D+8305+SAMS%C3%98&entry=gmail&source=g>
>> 8305 SAMSØ
>> +45 60 61 15 97
>> jw@energiakademiet.dk
>> www.energiakademiet.dk <http://energiakademiet.dk>
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
--
WBR
Maxim aka solomax
Re: How to use letsencrypt with OpenMeetings for RTMPS/HTTPS connection
Posted by Maxim Solodovnik <so...@gmail.com>.
Thanks for sharing!
steps 1-5 need to be repeated, BUT they are simple and you can create
script for this :)))
On Wed, Oct 18, 2017 at 6:38 PM, Jacob Wenzel <jw...@energiakademiet.dk> wrote:
> Hi all!
>
> I had a few problems with translating the RTMPS/HTTPS guide
> <https://openmeetings.apache.org/RTMPSAndHTTPS.html#Create_Keystore_using_existing_key-pair>
> for use with letsencrypt certificates due to different file names, so I
> documented the process for my own memory and anyone interested can see or
> follow the steps below to get a working RTMPS/HTTPS setup for OpenMeetings.
>
> *But what happens when my certificates are renewed?* Will I have to
> repeat steps 1 - 5 every time? If yes then I with try to create a bash
> script that automates the process.
>
> --------------------------------------
> RTMPS/HTTPS in OpenMeetings with letsencrypt (Replace [OM server FQDN]
> with your actual OpenMeetings FQDN)
>
> 1. cd to your red5 install dir
> 2.
>
> Export existing keys into PKCS12 format:
>
> openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out red5.p12 -name red5 -certfile /etc/letsencrypt/live/[OM server FQDN]/chain.pem
>
> Enter Export Password: password
> Verifying - Enter Export Password: password
>
> 3.
>
> Import resulting red5.p12 into keystore:
>
> keytool -importkeystore -srcstorepass password -srckeystore red5.p12
> -srcstoretype PKCS12 -deststorepass password -destkeystore keystore.jks
> -alias red5
> 4.
>
> Import your letsencrypt certificate into the keystore
>
> keytool -import -alias root -keystore keystore.jks -trustcacerts -file
> /etc/letsencrypt/live/[OM server FQDN]/chain.pem
> 5.
>
> Copy keystore to truststore
>
> cp keystore.jks trustscore.jks
> SSL for the web interface and Tunneling RTMPS
> 6. Edit ./jee-container.xml file
> - Comment Tomcat without SSL enabled section
> - UNComment Tomcat with SSL enabled section
> 7.
>
> Edit ../webapps/openmeetings/public/config.xml and set
>
> <protocol>https</protocol>
> <red5httpport>5443</red5httpport>
> <rtmpsslport>5443</rtmpsslport>
> <useSSL>yes</useSSL>
> <proxyType>none</proxyType>
>
> 8.
>
> Restart red5 service (or reboot)
> 9. Visit https://[OM server FQDN]:5443 in your browser and sign in.
> - Go to Administration > Configuration and set application.base.url to
> https://https://[OM server FQDN]:5443/openmeetings/
>
> --
>
> *Med venlig hilsen/Best regards*
>
>
> *JACOB WENZEL Projektleder*
>
> *ENERGIAKADEMIET*
> Strandengen 1
> <https://maps.google.com/?q=Strandengen+1+%0D+8305+SAMS%C3%98&entry=gmail&source=g>
> 8305 SAMSØ
> +45 60 61 15 97
> jw@energiakademiet.dk
> www.energiakademiet.dk <http://energiakademiet.dk>
>
--
WBR
Maxim aka solomax