No probs. Maybe look at getting a wild card cert?
*.yourdomain.com Then you can issue the single cert to multiple sites (could be cheaper in the long run) I can confirm that OM plays nice with wild card certs too. Best Regards Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 592 8000 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com -----Original Message----- From: Dimitri Yioulos [mailto:dyiou...@onpointfc.com] Sent: 25 October 2012 17:17 To: openmeetings-user@incubator.apache.org Subject: Re: Struggling with SSL Stephen, I really appreciate the input. This is meant to be a production server, and I completely agree with you that it, and any sites that are published to the public WAN that require a logon, should be secure. So, I guess I'll have to consider buying a cert (already have some for other of our sites, so it's easy to get). Again, thanks. Dimitri On Thursday 25 October 2012 11:25:50 am Stephen Cottham wrote: > Just copy the first cert with a different name > > cp keystore keystore.screen > > and then you're good to go. > > If you don't want your end users to have to mess around with SSL certs > then you will probably have to purchase a legitimate one - as painful > as it is the security around SSL is there to protect SSL sites. > > If you are not authenticating against LDAP and happy for your local > password to be sent in clear-txt when logging into the Openmeetings > service then don't worry about SSL, personally, IMO any sites that are > published to the public WAN that requires a log on should be secure. > > Is this just a test server or a service you are supplying to "customers" > ? > > > -----Original Message----- > From: Dimitri Yioulos [mailto:dyiou...@onpointfc.com] > Sent: 25 October 2012 16:14 > To: openmeetings-user@incubator.apache.org > Subject: Re: Struggling with SSL > > Hmmm. If that's the case, then to heck with it. If users have to do > that, it'll be a huge pita. I can't imagine asking e.g. my > grandmother to do it :-0 . > > > The second part of the command is for the screen sharing component > > to work, it requires its only SSL certificate -> this one is called > > keystore.screen > > Trying to create this second part doesn't work, as I mentioned. I get > the following error: > > keytool error: java.lang.Exception: Key pair not generated, alias > <Red5> already exists > > Dimitri > > On Thursday 25 October 2012 11:02:00 am Stephen Cottham wrote: > > Hi Dimitri, > > > > Unfortunately you won't be able to get your end users to use SSL > > without them importing the root certificate, the reason RTMPS > > doesn't connect is because as far as the browser is concerned this > > is an invalid certificate, HTTPS will work fine just by simply > > accepting the > > > > certificate via the browser RTMPS will not work for you unless you > > have a "real" SSL cert with a trusted worldwide root certificate. > > (It's a security issue.. by adding your root cert in your telling > > your > > > > browser that you trust it regardless off its contents...) > > > > Maybe just do the steps I sent to you earlier to make sure that this > > is your only issue first? > > > > The second part of the command is for the screen sharing component > > to work, it requires its only SSL certificate -> this one is called > > keystore.screen > > > > Best Regards > > > > > > Stephen Cottham > > Group IT Manager (Associate) > > > > Robert Bird Group > > Level 5, 333 Ann St > > Brisbane, Queensland, 4000, Australia > > Phone: +6173 319 2777 (AUS) > > Phone: +44207 592 8000 (UK) > > Fax: +6173 319 2799 > > > > Mobile: +61400 756 963 (AUS) > > Mobile: +447900 918 616 (UK) > > Web: www.robertbird.com > > > > > > This email and any attachments are confidential and may contain > > legally privileged information or copyright material. Unless > > expressly > > > > stated, confidentiality and/or legal privilege is not intended to be > > waived by the sending of this email. The contents of this email, > > including any attachments, are intended solely for the use of the > > individual or entity to whom they are addressed. If you are not an > > intended recipient, please contact us immediately by return email > > and then delete both messages. You may not otherwise read, forward, > > copy, use or disclose this email or any attachments. Any views > > expressed in this email are those of the individual sender except > > where the sender expressly, and with authority, states otherwise. It > > is your responsibility to check any attachments for viruses or > > defects before opening or sending them on. None of the sender or its > > related entities > > > > accepts any liability for any consequential damage resulting from > > this > > email containing computer viruses. > > > Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com > > > > -----Original Message----- > > From: Dimitri Yioulos [mailto:dyiou...@onpointfc.com] > > Sent: 25 October 2012 15:54 > > To: openmeetings-user@incubator.apache.org > > Subject: Re: Struggling with SSL > > > > Stephen, > > > > Thanks for that, but I really don't care about importing the cert > > into > > > > my Windows client, and don't want my end users to do that, either. > > Once I accept the cert via my browser, I should be good-to-go. > > > > Going back to an earlier post of yours, I did this part just fine: > > > > keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore > > red5/conf/keystore -storepass "mypassword" -validity 15000 > > > > However, this part failed with "keytool error: java.lang.Exception: > > Key pair not generated, alias <Red5> already exists": > > > > keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore > > red5/conf/keystore.screen -storepass "mypassword" -validity 15000 > > > > Is the second part necessary? > > > > I'm still the Error Missing stuff. > > > > Dimitri > > > > On Thursday 25 October 2012 10:15:25 am Stephen Cottham wrote: > > > Example like here: > > > > > > http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-sel > > > f- si gn ed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx > > > > > > This is for a webmail site but the principal l is exactly the same > > > for any SSL site you want to import the cert from. > > > > > > (Oh im assuming you are using a Windows client?) > > > > > > > > > > > > -----Original Message----- > > > From: Stephen Cottham [mailto:stephen.cott...@robertbird.com.au] > > > Sent: 25 October 2012 15:13 > > > To: openmeetings-user@incubator.apache.org > > > Subject: RE: Struggling with SSL > > > > > > Looks fine, id just import the cert as a trusted root certificate > > > and test it again. > > > > > > > > > -----Original Message----- > > > From: Dimitri Yioulos [mailto:dyiou...@onpointfc.com] > > > Sent: 25 October 2012 15:08 > > > To: openmeetings-user@incubator.apache.org > > > Subject: Re: Struggling with SSL > > > > > > Stephen, > > > > > > Here's the command I used to create the self-signed cert: > > > > > > keytool -genkey -keyalg RSA -alias > > > Red5 -keystore /usr/local/openmeetings/conf/keystore -storepass > > > password -validity 3650 -keysize 2048 > > > > > > Dimitri > > > > > > On Thursday 25 October 2012 9:38:33 am Stephen Cottham wrote: > > > > Are you using a self-signed certificate? > > > > > > > > Stephen Cottham > > > > Group IT Manager (Associate) > > > > > > > > Robert Bird Group > > > > Level 5, 333 Ann St > > > > Brisbane, Queensland, 4000, Australia > > > > Phone: +6173 319 2777 (AUS) > > > > Phone: +44207 592 8000 (UK) > > > > Fax: +6173 319 2799 > > > > > > > > Mobile: +61400 756 963 (AUS) > > > > Mobile: +447900 918 616 (UK) > > > > Web: www.robertbird.com > > > > > > > > > > > > This email and any attachments are confidential and may contain > > > > legally privileged information or copyright material. Unless > > > > expressly > > > > > > > > stated, confidentiality and/or legal privilege is not intended > > > > to be waived by the sending of this email. The contents of this > > > > email, including any attachments, are intended solely for the > > > > use of the individual or entity to whom they are addressed. If > > > > you are > > > > > > > > not an intended recipient, please contact us immediately by > > > > return > > > > > > > > email and then delete both messages. You may not otherwise read, > > > > forward, copy, use or disclose this email or any attachments. > > > > Any views expressed in this email are those of the individual > > > > sender except where the sender expressly, and with authority, > > > > states otherwise. It is your responsibility to check any > > > > attachments for viruses or defects before opening or sending > > > > them on. None of the sender or its related entities > > > > > > > > accepts any liability for any consequential damage resulting > > > > from this > > > > > > email containing computer viruses. > > > > > > > Disclaimer added by CodeTwo Exchange Rules > > > > http://www.codetwo.com > > > > > > > > -----Original Message----- > > > > From: Dimitri Yioulos [mailto:dyiou...@onpointfc.com] > > > > Sent: 25 October 2012 14:18 > > > > To: openmeetings-user@incubator.apache.org > > > > Subject: Struggling with SSL > > > > > > > > Greetz, all. > > > > > > > > Over the past couple of days, I've tried to make openmeetings > > > > over > > > > > > > > ssl > > > > > > > > work using the directions found on the Web, but have failed. I > > > > don't see any obvious errors when starting red5, but get the > > > > dreaded "Error Missing [204] --> Error Missing [556] --> Error > > > > Missing [642]" when I go to https://myserver. > > > > Help would be much appreciated. > > > > > > > > Dimitri > > > > > > > > -- > > > > This message has been scanned for viruses and dangerous content > > > > by > > > > > > > > MailScanner, and is believed to be clean. > > > > > > -- > > > This message has been scanned for viruses and dangerous content by > > > MailScanner, and is believed to be clean. > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > -- > This message has been scanned for viruses and dangerous content by > MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
