Oh and BTW make sure you restart Open Meetings after you make a change to the keystore file.
From: Stephen Cottham [mailto:[email protected]] Sent: 22 August 2012 17:24 To: [email protected] Subject: RE: rtmps and certificate Rafael, I just used your method here and was able to get HTTPS and RTMPS working, RTMPS will fail unless you export the certificate out first (from the browser as a DER file) and then import into your browsers trusted root authority. (it will complain it cannot verify the cert just accept the warning) - Reload the site and it will connect fine.. Cheers From: Stephen Cottham [mailto:[email protected]] Sent: 22 August 2012 17:08 To: [email protected] Subject: RE: rtmps and certificate Can you confirm your keystore contents? cd /usr/lib/red5/conf keytool -list -v -keystore keystore and does https work? What errors are you getting? Did you import the certificate into your browser? From: Rafael [mailto:[email protected]] Sent: 22 August 2012 17:00 To: [email protected] Subject: Re: rtmps and certificate creating 2 self signed certificates like this: keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore red5/conf/keystore -storepass "mypassword" -validity 15000 keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore red5/conf/keystore.screen -storepass "mypassword" -validity 15000 and editing the setups for rtmps, shouldnt it work ? thanks. On Wed, Aug 22, 2012 at 11:14 AM, Rafael <[email protected]> wrote: Thanks Stephen. Just in case, if I do it with .csr will I need to import a root crt or mine will be enough? Wich root should I use? On Wed, Aug 22, 2012 at 9:44 AM, Stephen Cottham < [email protected]> wrote: Assuming the key and cert is you created is in PEM format do this Copy the two files (apache.key.pem and apache.cert.pem - or whatever you have called yours ) to /usr/adm/ Then cd /usr/adm/ mkdir certs cd certs/ openssl pkcs8 -topk8 -nocrypt -in apache.key.pem -inform PEM -out key.der -outform DER openssl x509 -in apache.cert.pem -inform PEM -out cert.der -outform DER Now we need a couple of files to help us import the DER files into the keystore, so issue the following: wget http://www.agentbob.info/agentbob/80/version/default/part/AttachmentData /data/ImportKey.java wget http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData /data/ImportKey.class Then use these commands to import: java ImportKey key.der cert.der Finally move the keystore to the correct location mv /root/keystore.ImportKey /usr/lib/red5/conf/keystore N.B = Alias:importkey Password:importkey (When using the java import key files, you can change the password afterwards) From: Rafael [mailto:[email protected]] Sent: 22 August 2012 13:36 To: [email protected] Subject: Re: rtmps and certificate openssl On Wed, Aug 22, 2012 at 9:30 AM, Stephen Cottham < [email protected]> wrote: What format do you have your self-signed certificate in? From: Rafael [mailto:[email protected]] Sent: 22 August 2012 13:29 To: [email protected] Subject: Re: rtmps and certificate What should I do at this point? Skipt it ? 4- Import your chosen CA's root certificate into the keystore (may need to download it from their site - make sure to get the root CA and not the intermediate one): keytool -import -alias root -keystore red5/conf/keystore -trustcacerts -file root.crt (note: you may receive a warning that the certificate already exists in the system wide keystore - import anyway) On Wed, Aug 22, 2012 at 9:16 AM, Stephen Cottham < [email protected]> wrote: You can use a self-signed certificate and it will work, in some cases you will need to import the certificate into your browser so RTMPS to work correctly even thou HTTPS will work with the warning message. Best regards From: Rafael [mailto:[email protected]] Sent: 22 August 2012 13:13 To: [email protected] Subject: Re: rtmps and certificate is self certicate a solution ?? On Tue, Aug 21, 2012 at 11:46 PM, Rafael <[email protected]> wrote: Im sorry Im newbie in rtmps and certificates. Is the only way to use rtmps generating a key and sending it to a CA? Cant it be done as https that you can "assume the risk" and accept the connection as a excpetion ? without verify with a CA ? Thanks. Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 <tel:%2B6173%20319%202777> (AUS) Phone: +44207 592 8000 <tel:%2B44207%20592%208000> (UK) Fax: +6173 319 2799 <tel:%2B6173%20319%202799> Mobile: +61400 756 963 <tel:%2B61400%20756%20963> (AUS) Mobile: +447900 918 616 <tel:%2B447900%20918%20616> (UK) Web: www.robertbird.com <http://www.robertbird.com/> <http://www.robertbird.com.au/> This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules www.codetwo.com Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 592 8000 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com
<<image001.gif>>
<<image002.png>>
