The other thread was getting a lot of responses so I start a new one..
Here is a script that works for me on redhat 6.9 (/centos6.9) that
converts a 4.0.3 -snapshot default install of openmeetings from http
to https
There are lots of opportunities for improvement to fully automate. I
guess this might help people as a starting point but maybe not as an
ending point.
Here I am using the password as 'changeit' which is obviously not a
real password..
-Dave
#!/bin/sh
RED5_HOME=/opt/red5
cd $RED5_HOME
mkdir certs
mkdir certs/private
#create CA cert
figlet create CA
mkdir certs/ca
mkdir certs/ca/private
cd certs/ca
#try to argment passphrase
openssl genrsa -aes256 -out private/ca.key.pem 4096
#check return code, exit on error
#exit on no file private ca.key.pem
chmod 400 private/ca.key.pem
#try to argment passphrase
openssl req -key private/ca.key.pem -new -x509 -days 7300 -sha256
-extensions v3_ca -out ca.cert.pem
#check return code, exit on error
#exit on no file ca.cert.pem
#Create Selfsigned cert, maybe use what the russians have in threads instead.
figlet create red5 cert
cd $RED5_HOME
cd certs
#try to argment passphrase
openssl req -new > new.ssl.csr
#check return code, exit on error
#exit on no file new.ssl.csr
#exit on no file privkey
#( use actual hostname for CN)
#(leave challenge blank)
mv privkey.pem private
openssl rsa -in private/privkey.pem -out private/red5.cert.key
#check return code, exit on error
#exit on no file new.cert.key
openssl x509 -in new.ssl.csr -out red5.crt -req -signkey
private/red5.cert.key -days 9999
#check return code, exit on error
#exit on no file red5.crt
openssl pkcs12 -export -in red5.crt -inkey private/red5.cert.key -out
red5.p12 -name red5 -certfile ca/ca.cert.pem
#check return code, exit on error
#exit on no file red5.crt
#Need permissive type?? Some avc on next line need permissive type for
secadm_java_t (it transistions)
keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass changeit -destkeystore
keystore.jks -alias red5
keytool -import -alias root -keystore keystore.jks -trustcacerts -file
ca/ca.cert.pem
#^ keystorepass changeit no good, need expect script instead
cp keystore.jks ../conf
cp keystore.jks ../conf/truststore.jks
#Rename the existing keystore file red5/conf/keystore.jmx to
red5/conf/keystore.bak
#mv ${RED5_HOME}/conf/keystore.jmx ${RED5_HOME}/conf/keystore.bak
#Rename the existing truststore file red5/conf/truststore.jmx to
red5/conf/truststore.bak
#mv ${RED5_HOME}/conf/truststore.jmx ${RED5_HOME}/conf/truststore.bak
cd ${RED5_HOME}
#twizzle red5/conf/jee-container.xml line 33 SSL add <!--
sed -i '33s/^/\<\!--/' conf/jee-container.xml
#twizzle red5/conf/jee-container.xml line 71 SSL add -->
sed -i '71s/^/--\>/' conf/jee-container.xml
#twizzle red5/conf/jee-container.xml line 73 SSL remove <!--
sed -i '73s/.*//' conf/jee-container.xml
#twizzle red5/conf/jee-container.xml line 132 SSL remove -->
sed -i '132s/.*//' conf/jee-container.xml
#twizzle red5/conf/red5-core.xml line 198 add -->
sed -i '198s/^/--\>/' conf/red5-core.xml
#twizzle red5/conf/red5-core.xml line 234 remove -->
sed -i '234s/.*//' conf/red5-core.xml
sed -i 's/password/changeit/' conf/red5.properties
## trustAnchors parameter must be non empty
