Pull requests re always welcome :) On Fri, Dec 29, 2017 at 7:32 PM, Андрей Прицепов <p.and...@fort.crimea.com> wrote:
> I do all by this instruction http://openmeetings.apache. > org/RTMPSAndHTTPS.html#Steps_for_OM_server except create in the beginning > red5.key and red5.crt. > > In instruction error on this command: > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks > -keystorepass password -trustcacerts -file red5.crt > > > > Error: > illegal option: -keystorepass > > > > In documentation https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html not exist that option so > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is > not can’t be used, not relevant. > > > > *------------------- * > > *С уважением, Андрей Прицепов “Лаборатория Форт Крым”* > > > > *From:* Maxim Solodovnik [mailto:solomax...@gmail.com] > *Sent:* Friday, December 29, 2017 11:12 AM > *To:* Openmeetings user-list > *Subject:* Re: Configure https on centos7 > > > > Please read documentation [1] and use search before asking questions > > > > According to the steps from [2] "-srcstorepass changeit" this means " > red5.p12" MUST have password "changeit" > > > > [1] https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html > > [2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > > > > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <p.and...@fort.crimea.com> > wrote: > > Ø The idea here is… > > I can’t do this idea in practice, something doing not right. I create > red5.crt and red5.p12 but keystore.jks can’t create. Not enough information > in instruction to do this fast step-by-step. Later I will have ‘real’ > certificate. > > > > Ø At the moment you are starting #3 above there should be NO keystore.jks, > you already have renamed it to *.bak (prerequisite) > > What means #3? > > I renamed them, but *jks wasn’t there in the beginning was *jmx. > > > > > > Ø Finally you are renaming passwords, they MUST match > > So when I do command “openssl req -x509 -nodes -days 99999 -newkey > rsa:2048 -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I > enter “jmx.keystorepass=password” when it ask me enter password. If like > that I still have this error. > > > > > > *------------------- * > > *С уважением, Андрей Прицепов “Лаборатория Форт Крым”* > > > > *From:* Maxim Solodovnik [mailto:solomax...@gmail.com] > *Sent:* Friday, December 29, 2017 10:27 AM > *To:* Openmeetings user-list > *Subject:* Re: Configure https on centos7 > > > > The idea here is > > 1) you are creating self-signed certificate (prerequisite) -> red5.crt > > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12 > > 3) you are creating keystore based on signed red5.p12 -> keystore.jks > > > > At the moment you are starting #3 above there should be NO keystore.jks, > you already have renamed it to *.bak (prerequisite) > > > > Finally you are renaming passwords, they MUST match > > > > > > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <p.and...@fort.crimea.com> > wrote: > > Its standard, line “jmx.keystorepass=password” > > > > *------------------- * > > *С уважением, Андрей Прицепов “Лаборатория Форт Крым”* > > > > *From:* Yakovlev N. [mailto:yakovlev...@krvostok.ru] > *Sent:* Friday, December 29, 2017 7:51 AM > *To:* user@openmeetings.apache.org > *Subject:* RE: Configure https on centos7 > > > > which passwords do you use in red5/conf/red5.properties ? > > > > *From:* Андрей Прицепов [mailto:p.and...@fort.crimea.com > <p.and...@fort.crimea.com>] > *Sent:* Thursday, December 28, 2017 5:36 PM > *To:* user@openmeetings.apache.org > *Subject:* Configure https on centos7 > > > > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . > For beginning I configure self-signed certificate. > > Not all in instruction was wrote, so what I do first before instruction is > create self-signed sertificate: > > su - > mkdir /opt/prytsepov > > cd /opt/prytsepov > > yum install mod_ssl > > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt > > > > Then I do by instruction: > this step edit sa.crt to red5.crt or it gives errors. On this step > password left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key > -out red5.p12 -name red5 -certfile red5.crt > > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 > -srcstoretype PKCS12 -deststorepass changeit -destkeystore > /opt/red5401/conf/keystore.jks -alias red5 > > > > Here I see errors: > > keytool error:java.io.IOException:keystore password was incorrect > > > > > > > > > > *------------------- * > > *С уважением, Андрей Прицепов “Лаборатория Форт Крым”* > > > > > > > > -- > > WBR > Maxim aka solomax > > > > > > -- > > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
