also note that in OM4 it used keystore.jks where in OM5 it is just
keystore. It may not be necessary but I create a new keystore file each
time I renew my cert via letsencrypt.
Below is the commands I use to generate the cert and keystore
letsencrypt certonly
****with OM not running select 1
****enter your domain name example: testom5.net
****I store my cert and files in a folder called ssl to make it simpler
when typing the commands to generate the keystore
cd /opt/files/ssl
****copy the generated cert, key, and root to the ssl folder and rename
cp /etc/letsencrypt/live/testom5.net/cert.pem /opt/files/ssl/red5.crt
cp /etc/letsencrypt/live/testom5.net/privkey.pem /opt/files/ssl/red5.key
cp /etc/letsencrypt/live/testom5.net/fullchain.pem /opt/files/ssl/root.crt
**** delete the existing keystore file (in my example my OM install is
in a folder called om5)
**** also deletes the generated files when creating the keystore (.p12)
rm /opt/files/ssl/red5.p12
rm /opt/om5/conf/keystore
****create new keystore source file (will ask you to create a password
which will be used in the creation)
openssl pkcs12 -export -in red5.crt -inkey red5.key -out red5.p12 -name
red5 -certfile root.crt
**** create new keystore (password is the password you used in the above
step example: password. This is all one line)
keytool -importkeystore -srcstorepass _password _-srckeystore red5.p12
-srcstoretype PKCS12 -deststorepass_password_ -destkeystore
/opt/om5/conf/keystore -alias red5
**** add the root certificate (will ask for the password you used in the
1st step)
keytool -import -alias root -keystore /opt/om5/conf/keystore
-trustcacerts -file root.crt
****your new keystore has now been created. Now the password you used
in step one, make sure you change the password in the
/opt/om5/conf/server.xml file to match what you used
****section where password goes
<Connector port="5443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
keystoreFile="conf/keystore" keystorePass="_password_"
<-------------
clientAuth="false" sslProtocol="TLS"/>
There are other ways to accomplish the goal but I found this to be the
easiest when trying to explain it via typing.
On 4/14/19 5:36 AM, Stefan Kühl wrote:
Morning,
try to update my 4.0.4 running on apache2 to version 5.0
but I cannot connect to web-installer, because of insecure connection
(using HSTS). I copied all the neccessary certifiacte files into the
new OM folder. Is there any other differenz I need to take care of in
using Apache2 instead of tomcat?
Greetz
Stefan
Am 14.04.2019 10:36, schrieb Stefan Kühl:
Morning@ everybody,
tested it three times. Installation of kms directly on a 18.04. LTS
Ubuntu works very well.
Maybe for Alvaro and his great Tutorials (!) it would be worth to add
a paragraph for native installation with the commands:
sudo apt update
sudo apt install --no-install-recommends --yes gnupg #to be sure that
gnupg is installed#
DISTRO="bionic" #verify the name of the distribution#
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5AFA7A83
#in the following we are building the kms sources.list#
sudo tee "/etc/apt/sources.list.d/kurento.list" >/dev/null <<EOF
# server answers with > #
deb [arch=amd64] http://ubuntu.openvidu.io/6.10.0 $DISTRO kms6
EOF
# server returns to normal prompt #
sudo apt update && sudo apt install --yes kurento-media-server
## thats all ##
Greetz
Stefan
Am 09.04.2019 11:36, schrieb Maxim Solodovnik:
Hello All,
recently new Kurento server with native 18.04 support is out [1
<https://www.kurento.org/blog/kurento-610-bionic-support>]
So overall installation should be more stable :)
[1] https://www.kurento.org/blog/kurento-610-bionic-support
