Can you run "keytool --help" and check possible options? For real server it might be better to set up "let's encrypt" free certificate (script was posted some time ago)
WBR, Maxim (from mobile, sorry for the typos) On Sat, Dec 30, 2017, 08:06 David Jentz <jen...@gmail.com> wrote: > I am working through these steps on rhel6 which is a close cousin to > centos 6. > > I have the same issue, -keystorepass is not a valid argument to keytool. > > Instead, you can just leave that argument off (and the pass ) since > then keytool will just prompt. > > This still poses a problem for me because I am trying to have the > entire setup in a script. Perhaps I can write an expect script just > for this one line. > > Anyhow, I will work to further get SSL working next year. It turns out > my version of chrome requires it for sound. > > -Dave > > On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов > <p.and...@fort.crimea.com> wrote: > > I do all by this instruction > > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > except > > create in the beginning red5.key and red5.crt. > > > > In instruction error on this command: > > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks > > -keystorepass password -trustcacerts -file red5.crt > > > > > > > > Error: > > illegal option: -keystorepass > > > > > > > > In documentation > > > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html > > not exist that option so > > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > is not > > can’t be used, not relevant. > > > > > > > > ------------------- > > > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > > > > > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > > Sent: Friday, December 29, 2017 11:12 AM > > > > > > To: Openmeetings user-list > > Subject: Re: Configure https on centos7 > > > > > > > > Please read documentation [1] and use search before asking questions > > > > > > > > According to the steps from [2] "-srcstorepass changeit" this means > > "red5.p12" MUST have password "changeit" > > > > > > > > [1] > > > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html > > > > [2] > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > > > > > > > > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов < > p.and...@fort.crimea.com> > > wrote: > > > > Ø The idea here is… > > > > I can’t do this idea in practice, something doing not right. I create > > red5.crt and red5.p12 but keystore.jks can’t create. Not enough > information > > in instruction to do this fast step-by-step. Later I will have ‘real’ > > certificate. > > > > > > > > Ø At the moment you are starting #3 above there should be NO > keystore.jks, > > you already have renamed it to *.bak (prerequisite) > > > > What means #3? > > > > I renamed them, but *jks wasn’t there in the beginning was *jmx. > > > > > > > > > > > > Ø Finally you are renaming passwords, they MUST match > > > > So when I do command “openssl req -x509 -nodes -days 99999 -newkey > rsa:2048 > > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter > > “jmx.keystorepass=password” when it ask me enter password. If like that I > > still have this error. > > > > > > > > > > > > ------------------- > > > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > > > > > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > > Sent: Friday, December 29, 2017 10:27 AM > > To: Openmeetings user-list > > Subject: Re: Configure https on centos7 > > > > > > > > The idea here is > > > > 1) you are creating self-signed certificate (prerequisite) -> red5.crt > > > > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12 > > > > 3) you are creating keystore based on signed red5.p12 -> keystore.jks > > > > > > > > At the moment you are starting #3 above there should be NO keystore.jks, > you > > already have renamed it to *.bak (prerequisite) > > > > > > > > Finally you are renaming passwords, they MUST match > > > > > > > > > > > > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов < > p.and...@fort.crimea.com> > > wrote: > > > > Its standard, line “jmx.keystorepass=password” > > > > > > > > ------------------- > > > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > > > > > From: Yakovlev N. [mailto:yakovlev...@krvostok.ru] > > Sent: Friday, December 29, 2017 7:51 AM > > To: user@openmeetings.apache.org > > Subject: RE: Configure https on centos7 > > > > > > > > which passwords do you use in red5/conf/red5.properties ? > > > > > > > > From: Андрей Прицепов [mailto:p.and...@fort.crimea.com] > > Sent: Thursday, December 28, 2017 5:36 PM > > To: user@openmeetings.apache.org > > Subject: Configure https on centos7 > > > > > > > > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html > . For > > beginning I configure self-signed certificate. > > > > Not all in instruction was wrote, so what I do first before instruction > is > > create self-signed sertificate: > > > > su - > > mkdir /opt/prytsepov > > > > cd /opt/prytsepov > > > > yum install mod_ssl > > > > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout > > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt > > > > > > > > Then I do by instruction: > > this step edit sa.crt to red5.crt or it gives errors. On this step > password > > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out > > red5.p12 -name red5 -certfile red5.crt > > > > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 > > -srcstoretype PKCS12 -deststorepass changeit -destkeystore > > /opt/red5401/conf/keystore.jks -alias red5 > > > > > > > > Here I see errors: > > > > keytool error:java.io.IOException:keystore password was incorrect > > > > > > > > > > > > > > > > > > > > ------------------- > > > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > > > > > > > > > > > > > -- > > > > WBR > > Maxim aka solomax > > > > > > > > > > > > -- > > > > WBR > > Maxim aka solomax >
