Hi Maxim, Sorry but I still don't get it. I've got the keystore/truststore in conf directory (directory created when unzipping apache-openmeetings-3.0.4.zip) and configured in red5.properties. Where can I find the JVM own keystore/truststore? Do you mean the cacerts found in java/lib/security?
Thanks, On Wed, Feb 25, 2015 at 1:02 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > your server JVM has its own keystore/truststore > you need to add your certificate into it > > On Wed, Feb 25, 2015 at 12:45 AM, OpenAr-IT Soluciones <opena...@gmail.com > > wrote: > >> Hi Maxim, what do you mean by "you need to add your certificate to the >> trusted certificates of your server JVM"?. I have the same issue as Lionel. >> >> Lionel, what did you do exactly? >> >> >> Thanks in advance. >> >> >> >> On Wed, Feb 4, 2015 at 1:45 PM, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >> >>> you need to add your certificate to the trusted certificates of your >>> server JVM >>> >>> On Wed, Feb 4, 2015 at 10:40 PM, Lionel Djeukam <lio.djoma...@gmail.com> >>> wrote: >>> >>>> Ok, that's what i observed: >>>> First of all, my certificate was added as expected in the trusted list >>>> on the server side, therefore the following lines: >>>> >>>> >>>> >>>> >>>> >>>> *"adding as trusted cert: Subject: CN=139.6.237.96, >>>> OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, C=DE Issuer: >>>> CN=139.6.237.96, OU=Informationssicherheit, O=FH-Koeln, L=Koeln, ST=NRW, >>>> C=DE Algorithm: RSA; Serial number: 0x21787fbf Valid from Wed Feb 04 >>>> 15:06:08 CET 2015 until Sat Jan 30 15:06:08 CET 201*6 >>>> ... >>>> ... " >>>> >>>> Second, during the TLS-Handshake, it seems like there is a problem with >>>> my certificate on the client side >>>> which followed to a fatal error: >>>> >>>> >>>> >>>> >>>> *"NioProcessor-21, READ: TLSv1 Alert, length = 2NioProcessor-21, RECV >>>> TLSv1 ALERT: fatal, bad_certificateNioProcessor-21, fatal: engine already >>>> closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: >>>> bad_certificateNioProcessor-21, fatal: engine already closed. Rethrowing >>>> javax.net.ssl.SSLException: Received fatal alert: bad_certificate"* >>>> >>>> Should i do anythings else than just add an exception for my >>>> certificate on the client side? >>>> >>>> >>>> 2015-02-04 17:18 GMT+01:00 Maxim Solodovnik <solomax...@gmail.com>: >>>> >>>>> not sure what is wrong :(( >>>>> >>>>> you need to call >>>>> sudo /etc/init.d/red5 stop >>>>> >>>>> then open ./red5-debug.sh add -Djavax.net.debug=all to the JAVA_OPTS >>>>> then start ./red5-debug.sh from the console >>>>> >>>>> On Wed, Feb 4, 2015 at 10:09 PM, Lionel Djeukam < >>>>> lio.djoma...@gmail.com> wrote: >>>>> >>>>>> That's realy strange because i did exactly what is content there: >>>>>> http://openmeetings.apache.org/RTMPSAndHTTPS.html >>>>>> >>>>>> The only thing i did not make is to close the port 1935. Is it >>>>>> mandotory? Should i just comment his line in the file red5.properties? >>>>>> >>>>>> A part from that i made what you adviced in the last mail. I started >>>>>> the server as follow: >>>>>> sudo /etc/init.d/red5 start -Djavax.net.debug=all >>>>>> >>>>>> and by executing "./red5-debug.sh" it does act as a normal command, >>>>>> since i could not observe what append when trying to enter to the room >>>>>> >>>>>> >>>>>> >>>>>> 2015-02-04 16:44 GMT+01:00 Maxim Solodovnik <solomax...@gmail.com>: >>>>>> >>>>>>> It seems like you set up HTTPS but not RTMPS :( >>>>>>> can you start red5 manually with this additional option: >>>>>>> *-Djavax.net.debug=all* >>>>>>> >>>>>>> *then run ./red5-debug.sh and check the console while entering the >>>>>>> room* >>>>>>> >>>>>>> On Wed, Feb 4, 2015 at 9:39 PM, Lionel Djeukam < >>>>>>> lio.djoma...@gmail.com> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> i think i enjoyed to early :( >>>>>>>> After configuring the server for HTTPs and RTMPs, i could finaly >>>>>>>> connect to the https-page of my server. Then when a lauch a >>>>>>>> conference, i >>>>>>>> became the three mistakes in the subject field of this mail. >>>>>>>> >>>>>>>> I already had exeption to my Browser to recognise the certificate >>>>>>>> as trusted-part. >>>>>>>> >>>>>>>> What could i do now? >>>>>>>> >>>>>>>> -- >>>>>>>> Master Student Communication systems and Network >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> WBR >>>>>>> Maxim aka solomax >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> DJOMATCHO Djeukam, Lionel >>>>>> *Master-Student Kommunikationssysteme und Netze* >>>>>> Tel-Nummer: (+49) 176 996 248 93 >>>>>> Deutzer Ring 5 >>>>>> 50679 Köln >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> WBR >>>>> Maxim aka solomax >>>>> >>>> >>>> >>>> >>>> -- >>>> DJOMATCHO Djeukam, Lionel >>>> *Master-Student Kommunikationssysteme und Netze* >>>> Tel-Nummer: (+49) 176 996 248 93 >>>> Deutzer Ring 5 >>>> 50679 Köln >>>> >>> >>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >> >> > > > -- > WBR > Maxim aka solomax >
