Thanks again :) I've added user@ list so others can use your script :)
On Wed, Oct 18, 2017 at 10:17 PM, Jacob Wenzel <j...@energiakademiet.dk> wrote: > Fixed a few typos and added a script, that can repeat the process on > renewal :) > > ------------------------------------ > RTMPS/HTTPS in OpenMeetings with letsencrypt (Replace [OM server FQDN] > with your actual OpenMeetings FQDN) > > 1. cd to your red5/conf dir > 2. > > Export existing keys into PKCS12 format: > > openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem > -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out red5.p12 -name > red5 -certfile /etc/letsencrypt/live/[OM server FQDN]/chain.pem > > Enter Export Password: password > Verifying - Enter Export Password: password > > 3. > > Import resulting red5.p12 into keystore: > > keytool -importkeystore -srcstorepass password -srckeystore red5.p12 > -srcstoretype PKCS12 -deststorepass password -destkeystore keystore.jks > -alias red5 > 4. > > Import your letsencrypt certificate into the keystore > > keytool -import -alias root -keystore keystore.jks -trustcacerts -file > /etc/letsencrypt/live/[OM server FQDN]/chain.pem > 5. > > Copy keystore to truststore > > cp keystore.jks trustscore.jks > SSL for the web interface and Tunneling RTMPS > 6. Edit ./jee-container.xml file > - Comment Tomcat without SSL enabled section > - UNComment Tomcat with SSL enabled section > 7. > > Edit ../webapps/openmeetings/public/config.xml and set > > <protocol>https</protocol> > <red5httpport>5443</red5httpport> > <rtmpsslport>5443</rtmpsslport> > <useSSL>yes</useSSL> > <proxyType>none</proxyType> > > 8. > > Restart red5 service (or reboot) > 9. Visit https://[OM server FQDN]:5443 in your browser and sign in. > - Go to Administration > Configuration and set application.base.url to > https://[OM server FQDN]:5443/openmeetings/ > > Script to run when letsencrypt certs are renewed > > 1. > > Create /root/renew-red5-cert.sh with (check red5 install dir and > service name): > > #!/bin/bash > > mv /opt/red5/conf/keystore.jks /opt/red5/conf/keystore.bak > > openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server FQDN]/cert.pem > -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem -out > /opt/red5/conf/red5.p12 -name red5 -passout pass:password -certfile > /etc/letsencrypt/live/[OM server FQDN]/chain.pem > > keytool -importkeystore -srcstorepass password -srckeystore > /opt/red5/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password > -destkeystore /opt/red5/conf/keystore.jks -alias red5 > > keytool -import -alias root -keystore /opt/red5/conf/keystore.jks > -trustcacerts -storepass password -file /etc/letsencrypt/live/[OM server > FQDN]/chain.pem > > cp -f /opt/red5/conf/keystore.jks /opt/red5/conf/trustscore.jks > > /etc/init.d/red5-ubdeb2 restart > > 2. > > Make it executable > > chmod +x renew-red5-cert.sh > 3. Enter crontab with crontab -e > - Add --renew-hook "/root/renew-red5-cert.sh" after certbot renew > > > On 2017-10-18 14:22, Maxim Solodovnik wrote: > > Thanks for sharing! > > steps 1-5 need to be repeated, BUT they are simple and you can create > script for this :))) > > On Wed, Oct 18, 2017 at 6:38 PM, Jacob Wenzel <j...@energiakademiet.dk> > wrote: > >> Hi all! >> >> I had a few problems with translating the RTMPS/HTTPS guide >> <https://openmeetings.apache.org/RTMPSAndHTTPS.html#Create_Keystore_using_existing_key-pair> >> for use with letsencrypt certificates due to different file names, so I >> documented the process for my own memory and anyone interested can see or >> follow the steps below to get a working RTMPS/HTTPS setup for OpenMeetings. >> >> *But what happens when my certificates are renewed?* Will I have to >> repeat steps 1 - 5 every time? If yes then I with try to create a bash >> script that automates the process. >> >> -------------------------------------- >> RTMPS/HTTPS in OpenMeetings with letsencrypt (Replace [OM server FQDN] >> with your actual OpenMeetings FQDN) >> >> 1. cd to your red5 install dir >> 2. >> >> Export existing keys into PKCS12 format: >> >> openssl pkcs12 -export -in /etc/letsencrypt/live/[OM server >> FQDN]/cert.pem -inkey /etc/letsencrypt/live/[OM server FQDN]/privkey.pem >> -out red5.p12 -name red5 -certfile /etc/letsencrypt/live/[OM server >> FQDN]/chain.pem >> >> Enter Export Password: password >> Verifying - Enter Export Password: password >> >> 3. >> >> Import resulting red5.p12 into keystore: >> >> keytool -importkeystore -srcstorepass password -srckeystore red5.p12 >> -srcstoretype PKCS12 -deststorepass password -destkeystore keystore.jks >> -alias red5 >> 4. >> >> Import your letsencrypt certificate into the keystore >> >> keytool -import -alias root -keystore keystore.jks -trustcacerts >> -file /etc/letsencrypt/live/[OM server FQDN]/chain.pem >> 5. >> >> Copy keystore to truststore >> >> cp keystore.jks trustscore.jks >> SSL for the web interface and Tunneling RTMPS >> 6. Edit ./jee-container.xml file >> - Comment Tomcat without SSL enabled section >> - UNComment Tomcat with SSL enabled section >> 7. >> >> Edit ../webapps/openmeetings/public/config.xml and set >> >> <protocol>https</protocol> >> <red5httpport>5443</red5httpport> >> <rtmpsslport>5443</rtmpsslport> >> <useSSL>yes</useSSL> >> <proxyType>none</proxyType> >> >> 8. >> >> Restart red5 service (or reboot) >> 9. Visit https://[OM server FQDN]:5443 in your browser and sign in. >> - Go to Administration > Configuration and set application.base.url >> to https://https://[OM server FQDN]:5443/openmeetings/ >> >> -- >> >> *Med venlig hilsen/Best regards* >> >> >> *JACOB WENZEL Projektleder* >> >> *ENERGIAKADEMIET* >> Strandengen 1 >> <https://maps.google.com/?q=Strandengen+1+%0D+8305+SAMS%C3%98&entry=gmail&source=g> >> 8305 SAMSØ >> +45 60 61 15 97 >> j...@energiakademiet.dk >> www.energiakademiet.dk <http://energiakademiet.dk> >> > > > > -- > WBR > Maxim aka solomax > > > -- WBR Maxim aka solomax
