here is mine output: (src and dest keystore options are highlighted) */usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help*
keytool -importkeystore [OPTION]... Imports one or all entries from another keystore Options: * -srckeystore* <srckeystore> source keystore name * -destkeystore* <destkeystore> destination keystore name * -srcstoretype* <srcstoretype> source keystore type * -deststoretype* <deststoretype> destination keystore type * -srcstorepass* <arg> source keystore password * -deststorepass* <arg> destination keystore password -srcprotected source keystore password protected -srcprovidername <srcprovidername> source keystore provider name -destprovidername <destprovidername> destination keystore provider name -srcalias <srcalias> source alias -destalias <destalias> destination alias -srckeypass <arg> source key password -destkeypass <arg> destination key password -noprompt do not prompt -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output Use "keytool -help" for all available commands On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <jen...@gmail.com> wrote: > keytool --help does not list -keystorepass as an option for me. here > is what we have to work with: > > #which keytool > /usr/bin/keytool > > #namei /usr/bin/keytool > f: /usr/bin/keytool > d / > d usr > d bin > l keytool -> /etc/alternatives/keytool > d / > d etc > d alternatives > l keytool -> > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9. > x86_64/jre/bin/keytool > d / > d usr > d lib > d jvm > d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64 > d jre > d bin > - keytool > > #rpm -qf /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9. > x86_64/jre/bin/keytool > java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64 > > #keytool -help > Key and Certificate Management Tool > > Commands: > > -certreq Generates a certificate request > -changealias Changes an entry's alias > -delete Deletes an entry > -exportcert Exports certificate > -genkeypair Generates a key pair > -genseckey Generates a secret key > -gencert Generates certificate from a certificate request > -importcert Imports a certificate or a certificate chain > -importpass Imports a password > -importkeystore Imports one or all entries from another keystore > -keypasswd Changes the key password of an entry > -list Lists entries in a keystore > -printcert Prints the content of a certificate > -printcertreq Prints the content of a certificate request > -printcrl Prints the content of a CRL file > -storepasswd Changes the store password of a keystore > > Use "keytool -command_name -help" for usage of command_name > > > I think we have the openjdk on the linux (perhaps other platforms too) > and not the Sun/oracle implementation so as to get around license > issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it > doesn't have keystorepass either. > > > -Dave > > > On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > > Can you run "keytool --help" and check possible options? > > > > For real server it might be better to set up "let's encrypt" free > > certificate (script was posted some time ago) > > > > WBR, Maxim > > (from mobile, sorry for the typos) > > > > On Sat, Dec 30, 2017, 08:06 David Jentz <jen...@gmail.com> wrote: > >> > >> I am working through these steps on rhel6 which is a close cousin to > >> centos 6. > >> > >> I have the same issue, -keystorepass is not a valid argument to keytool. > >> > >> Instead, you can just leave that argument off (and the pass ) since > >> then keytool will just prompt. > >> > >> This still poses a problem for me because I am trying to have the > >> entire setup in a script. Perhaps I can write an expect script just > >> for this one line. > >> > >> Anyhow, I will work to further get SSL working next year. It turns out > >> my version of chrome requires it for sound. > >> > >> -Dave > >> > >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов > >> <p.and...@fort.crimea.com> wrote: > >> > I do all by this instruction > >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > >> > except > >> > create in the beginning red5.key and red5.crt. > >> > > >> > In instruction error on this command: > >> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks > >> > -keystorepass password -trustcacerts -file red5.crt > >> > > >> > > >> > > >> > Error: > >> > illegal option: -keystorepass > >> > > >> > > >> > > >> > In documentation > >> > > >> > https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html > >> > not exist that option so > >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > is > >> > not > >> > can’t be used, not relevant. > >> > > >> > > >> > > >> > ------------------- > >> > > >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> > > >> > > >> > > >> > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > >> > Sent: Friday, December 29, 2017 11:12 AM > >> > > >> > > >> > To: Openmeetings user-list > >> > Subject: Re: Configure https on centos7 > >> > > >> > > >> > > >> > Please read documentation [1] and use search before asking questions > >> > > >> > > >> > > >> > According to the steps from [2] "-srcstorepass changeit" this means > >> > "red5.p12" MUST have password "changeit" > >> > > >> > > >> > > >> > [1] > >> > > >> > https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html > >> > > >> > [2] > >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > >> > > >> > > >> > > >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов > >> > <p.and...@fort.crimea.com> > >> > wrote: > >> > > >> > Ø The idea here is… > >> > > >> > I can’t do this idea in practice, something doing not right. I create > >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough > >> > information > >> > in instruction to do this fast step-by-step. Later I will have ‘real’ > >> > certificate. > >> > > >> > > >> > > >> > Ø At the moment you are starting #3 above there should be NO > >> > keystore.jks, > >> > you already have renamed it to *.bak (prerequisite) > >> > > >> > What means #3? > >> > > >> > I renamed them, but *jks wasn’t there in the beginning was *jmx. > >> > > >> > > >> > > >> > > >> > > >> > Ø Finally you are renaming passwords, they MUST match > >> > > >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey > >> > rsa:2048 > >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter > >> > “jmx.keystorepass=password” when it ask me enter password. If like > that > >> > I > >> > still have this error. > >> > > >> > > >> > > >> > > >> > > >> > ------------------- > >> > > >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> > > >> > > >> > > >> > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > >> > Sent: Friday, December 29, 2017 10:27 AM > >> > To: Openmeetings user-list > >> > Subject: Re: Configure https on centos7 > >> > > >> > > >> > > >> > The idea here is > >> > > >> > 1) you are creating self-signed certificate (prerequisite) -> > red5.crt > >> > > >> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12 > >> > > >> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks > >> > > >> > > >> > > >> > At the moment you are starting #3 above there should be NO > keystore.jks, > >> > you > >> > already have renamed it to *.bak (prerequisite) > >> > > >> > > >> > > >> > Finally you are renaming passwords, they MUST match > >> > > >> > > >> > > >> > > >> > > >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов > >> > <p.and...@fort.crimea.com> > >> > wrote: > >> > > >> > Its standard, line “jmx.keystorepass=password” > >> > > >> > > >> > > >> > ------------------- > >> > > >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> > > >> > > >> > > >> > From: Yakovlev N. [mailto:yakovlev...@krvostok.ru] > >> > Sent: Friday, December 29, 2017 7:51 AM > >> > To: user@openmeetings.apache.org > >> > Subject: RE: Configure https on centos7 > >> > > >> > > >> > > >> > which passwords do you use in red5/conf/red5.properties ? > >> > > >> > > >> > > >> > From: Андрей Прицепов [mailto:p.and...@fort.crimea.com] > >> > Sent: Thursday, December 28, 2017 5:36 PM > >> > To: user@openmeetings.apache.org > >> > Subject: Configure https on centos7 > >> > > >> > > >> > > >> > Use this instruction http://openmeetings.apache. > org/RTMPSAndHTTPS.html . > >> > For > >> > beginning I configure self-signed certificate. > >> > > >> > Not all in instruction was wrote, so what I do first before > instruction > >> > is > >> > create self-signed sertificate: > >> > > >> > su - > >> > mkdir /opt/prytsepov > >> > > >> > cd /opt/prytsepov > >> > > >> > yum install mod_ssl > >> > > >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout > >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt > >> > > >> > > >> > > >> > Then I do by instruction: > >> > this step edit sa.crt to red5.crt or it gives errors. On this step > >> > password > >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out > >> > red5.p12 -name red5 -certfile red5.crt > >> > > >> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 > >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore > >> > /opt/red5401/conf/keystore.jks -alias red5 > >> > > >> > > >> > > >> > Here I see errors: > >> > > >> > keytool error:java.io.IOException:keystore password was incorrect > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > ------------------- > >> > > >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > -- > >> > > >> > WBR > >> > Maxim aka solomax > >> > > >> > > >> > > >> > > >> > > >> > -- > >> > > >> > WBR > >> > Maxim aka solomax > -- WBR Maxim aka solomax
