How to use letsencrypt with OpenMeetings for RTMPS/HTTPS connection

Wed, 18 Oct 2017 04:39:04 -0700 

Hi all!
I had a few problems with translating the RTMPS/HTTPS guide <https://openmeetings.apache.org/RTMPSAndHTTPS.html#Create_Keystore_using_existing_key-pair> for use with letsencrypt certificates due to different file names, so I documented the process for my own memory and anyone interested can see or follow the steps below to get a working RTMPS/HTTPS setup for OpenMeetings. 


*But what happens when my certificates are renewed?* Will I have to 
repeat steps 1 - 5 every time? If yes then I with try to create a bash 
script that automates the process.


--------------------------------------


   RTMPS/HTTPS in OpenMeetings with letsencrypt

(Replace [OM server FQDN] with your actual OpenMeetings FQDN)

1. cd to your red5 install dir
2.

   Export existing keys into PKCS12 format:

   |openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server
   FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server
   FQDN]/privkey.pem -out red5.p12 -name red5 -certfile
   /etc/letsencrypt/live/[OM server FQDN]/chain.pem Enter Export
   Password: password Verifying - Enter Export Password: password|

3.

   Import resulting red5.p12 into keystore:

   |keytool -importkeystore -srcstorepass password -srckeystore
   red5.p12 -srcstoretype PKCS12 -deststorepass password -destkeystore
   keystore.jks -alias red5|

4.

   Import your letsencrypt certificate into the keystore

   |keytool -import -alias root -keystore keystore.jks -trustcacerts
   -file /etc/letsencrypt/live/[OM server FQDN]/chain.pem|

5.

   Copy keystore to truststore

   |cp keystore.jks trustscore.jks|


       SSL for the web interface and Tunneling RTMPS

6. Edit |./jee-container.xml| file
   - Comment Tomcat without SSL enabled section
   - UNComment Tomcat with SSL enabled section
7.

   Edit |../webapps/openmeetings/public/config.xml| and set

   |<protocol>https</protocol> <red5httpport>5443</red5httpport>
   <rtmpsslport>5443</rtmpsslport> <useSSL>yes</useSSL>
   <proxyType>none</proxyType>|

8.

   Restart red5 service (or reboot)

9. Visit |https://[OM server FQDN]:5443| in your browser and sign in.
   - Go to |Administration > Configuration| and set
   |application.base.url| to |https://https://[OM server
   FQDN]:5443/openmeetings/|

--

*Med venlig hilsen/Best regards*

*JACOB WENZEL
Projektleder*

*ENERGIAKADEMIET*
Strandengen 1
8305 SAMSØ
+45 60 61 15 97
j...@energiakademiet.dk <mailto:j...@energiakademiet.dk>
www.energiakademiet.dk <http://energiakademiet.dk>























					Reply via email to