All your steps sounds correct to me It works for me I got this "Allow Flash" message from browser only once
then everything works flawlessly I can create recording with my steps after Jan, 9, if it will help .... not sure how :( On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <jen...@gmail.com> wrote: > I will get back to you on these questions on Tuesday if that is OK. > > I did manage to get openmeetings to work via https, I do not have it > fully scripted just yet, but close. This is using the self-signed CA > and cert method described on the link. > > The reason I wen't this way in the first place was because when I > enter an openmeetings room, I was not being presented a list of audio > hardware to use. I was told that chrome needs https to access > microphone. > > Well, even with the https, after enabling flash, after entering a room > I click gear widget. It has choose webcam: Disabled, choose microphone > disabled. On the right side it says: "Click to Enable Adobe Flash > Player". I click, flash player seems to enable OK (keep in mind this > is with PepperFlash). I can do recordings tests, etc. > > But still only option for microphone is Disabled. If I click widget > again, setting is the same. > If I restart chrome, and log back in, I do not have to enable flash > this time, but still for microphone option is Disabled > > I know chromium can see my audio hardware, if I go to chromium -> > settings -> content settings -> microphone, the correct device is > listed there. My only option is "Ask before accessing (recommended)", > otherwise mic is completely disabled. There are no sites listed in the > blocked or allowed lists below. > > It would seem openmeetings is not asking to chromium to use > microphone. Am I doing something wrong? Will the self signed cert > method work to enable this? > > -Dave > > > On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > > Do you have these options in your version? > > What is the error? > > > > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <jen...@gmail.com> wrote: > >> > >> I just tried srcstorepass, deststorepass, and storepass, none seem to > >> accept an argument despite what the help page said. > >> > >> -Dave > >> > >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <solomax...@gmail.com > > > >> wrote: > >> > here is mine output: (src and dest keystore options are highlighted) > >> > > >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help > >> > > >> > keytool -importkeystore [OPTION]... > >> > > >> > Imports one or all entries from another keystore > >> > > >> > Options: > >> > > >> > -srckeystore <srckeystore> source keystore name > >> > -destkeystore <destkeystore> destination keystore name > >> > -srcstoretype <srcstoretype> source keystore type > >> > -deststoretype <deststoretype> destination keystore type > >> > -srcstorepass <arg> source keystore password > >> > -deststorepass <arg> destination keystore password > >> > -srcprotected source keystore password > >> > protected > >> > -srcprovidername <srcprovidername> source keystore provider name > >> > -destprovidername <destprovidername> destination keystore provider > >> > name > >> > -srcalias <srcalias> source alias > >> > -destalias <destalias> destination alias > >> > -srckeypass <arg> source key password > >> > -destkeypass <arg> destination key password > >> > -noprompt do not prompt > >> > -providerclass <providerclass> provider class name > >> > -providerarg <arg> provider argument > >> > -providerpath <pathlist> provider classpath > >> > -v verbose output > >> > > >> > Use "keytool -help" for all available commands > >> > > >> > > >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <jen...@gmail.com> > wrote: > >> >> > >> >> keytool --help does not list -keystorepass as an option for me. here > >> >> is what we have to work with: > >> >> > >> >> #which keytool > >> >> /usr/bin/keytool > >> >> > >> >> #namei /usr/bin/keytool > >> >> f: /usr/bin/keytool > >> >> d / > >> >> d usr > >> >> d bin > >> >> l keytool -> /etc/alternatives/keytool > >> >> d / > >> >> d etc > >> >> d alternatives > >> >> l keytool -> > >> >> > >> >> > >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9. > x86_64/jre/bin/keytool > >> >> d / > >> >> d usr > >> >> d lib > >> >> d jvm > >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64 > >> >> d jre > >> >> d bin > >> >> - keytool > >> >> > >> >> #rpm -qf > >> >> > >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9. > x86_64/jre/bin/keytool > >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64 > >> >> > >> >> #keytool -help > >> >> Key and Certificate Management Tool > >> >> > >> >> Commands: > >> >> > >> >> -certreq Generates a certificate request > >> >> -changealias Changes an entry's alias > >> >> -delete Deletes an entry > >> >> -exportcert Exports certificate > >> >> -genkeypair Generates a key pair > >> >> -genseckey Generates a secret key > >> >> -gencert Generates certificate from a certificate request > >> >> -importcert Imports a certificate or a certificate chain > >> >> -importpass Imports a password > >> >> -importkeystore Imports one or all entries from another keystore > >> >> -keypasswd Changes the key password of an entry > >> >> -list Lists entries in a keystore > >> >> -printcert Prints the content of a certificate > >> >> -printcertreq Prints the content of a certificate request > >> >> -printcrl Prints the content of a CRL file > >> >> -storepasswd Changes the store password of a keystore > >> >> > >> >> Use "keytool -command_name -help" for usage of command_name > >> >> > >> >> > >> >> I think we have the openjdk on the linux (perhaps other platforms > too) > >> >> and not the Sun/oracle implementation so as to get around license > >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, > it > >> >> doesn't have keystorepass either. > >> >> > >> >> > >> >> -Dave > >> >> > >> >> > >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik > >> >> <solomax...@gmail.com> > >> >> wrote: > >> >> > Can you run "keytool --help" and check possible options? > >> >> > > >> >> > For real server it might be better to set up "let's encrypt" free > >> >> > certificate (script was posted some time ago) > >> >> > > >> >> > WBR, Maxim > >> >> > (from mobile, sorry for the typos) > >> >> > > >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <jen...@gmail.com> wrote: > >> >> >> > >> >> >> I am working through these steps on rhel6 which is a close cousin > to > >> >> >> centos 6. > >> >> >> > >> >> >> I have the same issue, -keystorepass is not a valid argument to > >> >> >> keytool. > >> >> >> > >> >> >> Instead, you can just leave that argument off (and the pass ) > since > >> >> >> then keytool will just prompt. > >> >> >> > >> >> >> This still poses a problem for me because I am trying to have the > >> >> >> entire setup in a script. Perhaps I can write an expect script > just > >> >> >> for this one line. > >> >> >> > >> >> >> Anyhow, I will work to further get SSL working next year. It turns > >> >> >> out > >> >> >> my version of chrome requires it for sound. > >> >> >> > >> >> >> -Dave > >> >> >> > >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов > >> >> >> <p.and...@fort.crimea.com> wrote: > >> >> >> > I do all by this instruction > >> >> >> > > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_ > for_OM_server > >> >> >> > except > >> >> >> > create in the beginning red5.key and red5.crt. > >> >> >> > > >> >> >> > In instruction error on this command: > >> >> >> > keytool -import -alias root -keystore > >> >> >> > /opt/red5401/conf/keystore.jks > >> >> >> > -keystorepass password -trustcacerts -file red5.crt > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Error: > >> >> >> > illegal option: -keystorepass > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > In documentation > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html > >> >> >> > not exist that option so > >> >> >> > > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_ > for_OM_server > >> >> >> > is > >> >> >> > not > >> >> >> > can’t be used, not relevant. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > ------------------- > >> >> >> > > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > >> >> >> > Sent: Friday, December 29, 2017 11:12 AM > >> >> >> > > >> >> >> > > >> >> >> > To: Openmeetings user-list > >> >> >> > Subject: Re: Configure https on centos7 > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Please read documentation [1] and use search before asking > >> >> >> > questions > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > According to the steps from [2] "-srcstorepass changeit" this > >> >> >> > means > >> >> >> > "red5.p12" MUST have password "changeit" > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > [1] > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/ > windows/keytool.html > >> >> >> > > >> >> >> > [2] > >> >> >> > > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_ > for_OM_server > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов > >> >> >> > <p.and...@fort.crimea.com> > >> >> >> > wrote: > >> >> >> > > >> >> >> > Ø The idea here is… > >> >> >> > > >> >> >> > I can’t do this idea in practice, something doing not right. I > >> >> >> > create > >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough > >> >> >> > information > >> >> >> > in instruction to do this fast step-by-step. Later I will have > >> >> >> > ‘real’ > >> >> >> > certificate. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Ø At the moment you are starting #3 above there should be NO > >> >> >> > keystore.jks, > >> >> >> > you already have renamed it to *.bak (prerequisite) > >> >> >> > > >> >> >> > What means #3? > >> >> >> > > >> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Ø Finally you are renaming passwords, they MUST match > >> >> >> > > >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999 > -newkey > >> >> >> > rsa:2048 > >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I > >> >> >> > enter > >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If > like > >> >> >> > that > >> >> >> > I > >> >> >> > still have this error. > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > ------------------- > >> >> >> > > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > From: Maxim Solodovnik [mailto:solomax...@gmail.com] > >> >> >> > Sent: Friday, December 29, 2017 10:27 AM > >> >> >> > To: Openmeetings user-list > >> >> >> > Subject: Re: Configure https on centos7 > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > The idea here is > >> >> >> > > >> >> >> > 1) you are creating self-signed certificate (prerequisite) -> > >> >> >> > red5.crt > >> >> >> > > >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) -> > >> >> >> > red5.p12 > >> >> >> > > >> >> >> > 3) you are creating keystore based on signed red5.p12 -> > >> >> >> > keystore.jks > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > At the moment you are starting #3 above there should be NO > >> >> >> > keystore.jks, > >> >> >> > you > >> >> >> > already have renamed it to *.bak (prerequisite) > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Finally you are renaming passwords, they MUST match > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов > >> >> >> > <p.and...@fort.crimea.com> > >> >> >> > wrote: > >> >> >> > > >> >> >> > Its standard, line “jmx.keystorepass=password” > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > ------------------- > >> >> >> > > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > From: Yakovlev N. [mailto:yakovlev...@krvostok.ru] > >> >> >> > Sent: Friday, December 29, 2017 7:51 AM > >> >> >> > To: user@openmeetings.apache.org > >> >> >> > Subject: RE: Configure https on centos7 > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > which passwords do you use in red5/conf/red5.properties ? > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > From: Андрей Прицепов [mailto:p.and...@fort.crimea.com] > >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM > >> >> >> > To: user@openmeetings.apache.org > >> >> >> > Subject: Configure https on centos7 > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Use this instruction > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html . > >> >> >> > For > >> >> >> > beginning I configure self-signed certificate. > >> >> >> > > >> >> >> > Not all in instruction was wrote, so what I do first before > >> >> >> > instruction > >> >> >> > is > >> >> >> > create self-signed sertificate: > >> >> >> > > >> >> >> > su - > >> >> >> > mkdir /opt/prytsepov > >> >> >> > > >> >> >> > cd /opt/prytsepov > >> >> >> > > >> >> >> > yum install mod_ssl > >> >> >> > > >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout > >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Then I do by instruction: > >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this > step > >> >> >> > password > >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key > >> >> >> > -out > >> >> >> > red5.p12 -name red5 -certfile red5.crt > >> >> >> > > >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore > >> >> >> > red5.p12 > >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore > >> >> >> > /opt/red5401/conf/keystore.jks -alias red5 > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > Here I see errors: > >> >> >> > > >> >> >> > keytool error:java.io.IOException:keystore password was > incorrect > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > ------------------- > >> >> >> > > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > -- > >> >> >> > > >> >> >> > WBR > >> >> >> > Maxim aka solomax > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > -- > >> >> >> > > >> >> >> > WBR > >> >> >> > Maxim aka solomax > >> > > >> > > >> > > >> > > >> > -- > >> > WBR > >> > Maxim aka solomax > > > > > > > > > > -- > > WBR > > Maxim aka solomax > -- WBR Maxim aka solomax
