Rene, I apologize and thanks for your help! I did use the lines you
sent me and changed the necessary information. .
The private key is using http11NioProtocol, the format you provided
goes into the Http11AprProtocol section.
I got this error:
16-Oct-2019 05:58:47.266 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
to initialize component
[Connector[org.apache.coyote.http11.Http11AprProtocol-5443]]
org.apache.catalina.LifecycleException: The configured protocol
[org.apache.coyote.http11.Http11AprProtocol] requires the APR/native
library which is not available
When I use the Http11NioProtocol I get this error. My keystore only
has one key in it the private key.
16-Oct-2019 06:05:35.065 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-5080"]
16-Oct-2019 06:05:35.107 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-5443"]
16-Oct-2019 06:05:35.352 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
to initialize component [Connector[HTTP/1.1-5443]]
org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
at org.apache.catalina.startup.Catalina.start(Catalina.java:621)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:344)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: Cannot store
non-PrivateKeys
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
... 13 more
Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys
at
java.base/sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:262)
at
java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:324)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 more
here is the relevant part of my server.xml that includes the original
configuration plus the two configurations I have tried to use to get
this to work commented out. <fqdn> is my servername.domainname.org
<http://servername.domainname.org> perhaps you can look and see what I
have done wrong.
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener
className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a
"Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one
or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are
received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="5080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="5443" />
<Connector port="5443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
keystoreFile="conf/keystore" keystorePass="openmeetings"
clientAuth="false" sslProtocol="TLS"/>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which
always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used.
OpenSSL style
configuration is used below.
-->
-->
<!--Connector port="5443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLCertificateFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true" URIEncoding="UTF-8"
keystoreFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
clientAuth="false" sslProtocol="TLS" /-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which
always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used.
OpenSSL style
configuration is used below.
-->
<!--Connector port="5443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol
className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate
certificateKeyFile="/etc/letsencrypt/live/<fqdn>/cert.pem"
certificateFile="/etc/letsencrypt/live/<fqdn>/privkey.pem"
certificateChainFile="/etc/letsencrypt/live/<fqdn>/fullchain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
On Wed, Oct 16, 2019 at 1:50 AM René Scholz
<rene.sch...@abakus-edv-systems.de
<mailto:rene.sch...@abakus-edv-systems.de>> wrote:
Hello,
why don't you try out the config-part I sent you?
Make a backup of your sever.xml, edit the part for your
connector-port, restart your OM, pray a little bit and open your
browser with https and your port.
Whats the result?
When you mean that something goes wrong replace it with your
backuped server.xml.
Best regards,
René
Am 15.10.2019 um 22:30 schrieb Yah's Global Kingdom:
Your saying I don't have to use a keystore with these certs?
On Mon, Oct 14, 2019 at 4:06 AM Maxim Solodovnik
<solomax...@gmail.com <mailto:solomax...@gmail.com>> wrote:
With this config import is redundant
you can use your keys as-is :)
On Sun, 13 Oct 2019 at 21:11, Yah's Global Kingdom
<yahs...@gmail.com <mailto:yahs...@gmail.com>> wrote:
Thanks for the information, if I might ask which of these
keys did you import into your keystore for openmeetings?
On Sat, Oct 12, 2019 at 1:36 PM R. Scholz
<rene.sch...@abakus-edv-systems.de
<mailto:rene.sch...@abakus-edv-systems.de>> wrote:
Hello,
this is the part in my server.xml in the conf-dir of
my openmeeting I use without problems:
<Connector port="5443"
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/etc/letsencrypt/live/subdomain.domain.de/cert.pem
<http://subdomain.domain.de/cert.pem>"
certificateKeyFile="/etc/letsencrypt/live/subdomain.domain.de/privkey.pem
<http://subdomain.domain.de/privkey.pem>"
certificateChainFile="/etc/letsencrypt/live/subdomain.domain.de/fullchain.pem
<http://subdomain.domain.de/fullchain.pem>" />
</SSLHostConfig>
</Connector>
With best regards,
René
Am 12.10.2019 um 17:35 schrieb Yah's Global Kingdom:
Ok understood for the VOIP implementation.
Hopefully, there will be time for in the near future
as it was feature that was really appreciated and used.
On a different note. I am using LetsEncrypt for ssl
certificates. The wiki at
https://openmeetings.apache.org/HTTPS.html does not
seem to apply as you can not submit a .csr file to
lets encrypt and it only works on port 443. I have
changed /conf/server.conf to 443 but the server
still refuses to connect. Are there any
instructions for how to make OM 5.0.0.M2 OR M3 work
with LetEncrypt and Certbot? Thanks for all your
help Maxim.
On Thu, Oct 10, 2019 at 12:45 PM Maxim Solodovnik
<solomax...@gmail.com <mailto:solomax...@gmail.com>>
wrote:
Yes, sure
unfortunately my time is very limited
not sure i can provide any estimates
On Thu, 10 Oct 2019 at 09:16, Yah's Global
Kingdom <yahs...@gmail.com
<mailto:yahs...@gmail.com>> wrote:
Is there a plan to implement VOIP for this
version of Openmeetings?
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
