Step by step what I did: 1- created the keys: keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore red5/conf/keystore -storepass "mypassword" -validity 15000
keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
red5/conf/keystore.screen -storepass "mypassword" -validity 15000
2- exported the certificates:
keytool -exportcert - alias red5 -storepass "mypassword" -kwystore
red5/conf/keystore - file keyopen.der
keytool -exportcert - alias red5 -storepass "mypassword" -kwystore
red5/conf/keystore.screen - file keyscreenopen.der
3- imported keyopen.der and keyscreenopen.der to firefox >>certificate
manager>>servers
4- set up rtmps:
Uncomment <!-- RTMPS --> section in red5/conf/red5-core.xml
Edit red5/conf/red5.properties and set rtmps.port=5443 and
rtmps.keystorepass="mypassword"
Edit red5/webapps/openmeetings/config.xml and set
<rtmpsslport>5443</rtmpsslport> , <useSSL>yes</useSSL> and
<proxyType>best</proxyType>
6-set up https
7-stop and restart red5.
Still doenst work, the https open as untrusted and I add as a excpetion,
but it doenst connect. stop on screen with NetConnect.Failed
rtmpt://8088/openmeetings/hibernate, and "error missing [556]".
On Wed, Aug 22, 2012 at 1:27 PM, Stephen Cottham <
[email protected]> wrote:
> Oh and BTW make sure you restart Open Meetings after you make a change to
> the keystore file.****
>
> ** **
>
> ** **
>
> *From:* Stephen Cottham [mailto:[email protected]]
> *Sent:* 22 August 2012 17:24
>
> *To:* [email protected]
> *Subject:* RE: rtmps and certificate****
>
> ** **
>
> Rafael,****
>
> ** **
>
> I just used your method here and was able to get HTTPS and RTMPS working,
> RTMPS will fail unless you export the certificate out first (from the
> browser as a DER file) and then import into your browsers trusted root
> authority. (it will complain it cannot verify the cert just accept the
> warning) - Reload the site and it will connect fine..****
>
> ** **
>
> Cheers****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Stephen Cottham [mailto:[email protected]]
> *Sent:* 22 August 2012 17:08
> *To:* [email protected]
> *Subject:* RE: rtmps and certificate****
>
> ** **
>
> Can you confirm your keystore contents?****
>
> ** **
>
> cd /usr/lib/red5/conf****
>
> keytool -list -v -keystore keystore****
>
> ** **
>
> and does https work? What errors are you getting?****
>
> ** **
>
> Did you import the certificate into your browser?****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Rafael [mailto:[email protected]]
> *Sent:* 22 August 2012 17:00
> *To:* [email protected]
> *Subject:* Re: rtmps and certificate****
>
> ** **
>
> creating 2 self signed certificates like this:****
>
> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
> red5/conf/keystore -storepass "mypassword" -validity 15000****
>
> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
> red5/conf/keystore.screen -storepass "mypassword" -validity 15000****
>
> ****
>
> and editing the setups for rtmps, shouldnt it work ? ****
>
>
> thanks.****
>
> On Wed, Aug 22, 2012 at 11:14 AM, Rafael <[email protected]> wrote:****
>
> Thanks Stephen.
> Just in case, if I do it with .csr will I need to import a root crt or
> mine will be enough? Wich root should I use?****
>
> ** **
>
> On Wed, Aug 22, 2012 at 9:44 AM, Stephen Cottham <
> [email protected]> wrote:****
>
> Assuming the key and cert is you created is in PEM format do this****
>
> ****
>
> Copy the two files (*apache.key.pem and apache.cert.pem - or whatever you
> have called yours ) *to****
>
> ****
>
> */usr/adm/*****
>
> ****
>
> Then****
>
> ****
>
> *cd /usr/adm/*****
>
> * *****
>
> *mkdir certs*****
>
> *cd certs/*****
>
> ****
>
> *openssl pkcs8 -topk8 -nocrypt -in apache.key.pem -inform PEM -out
> key.der -outform DER*****
>
> *openssl x509 -in apache.cert.pem -inform PEM -out cert.der -outform DER**
> ***
>
> ****
>
> Now we need a couple of files to help us import the DER files into the
> keystore, so issue the****
>
> following:****
>
> * *****
>
> *wget
> http://www.agentbob.info/agentbob/80/version/default/part/AttachmentData/data/ImportKey.java
> *****
>
> *wget
> http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class
> *****
>
> ****
>
> Then use these commands to import:****
>
> * *****
>
> *java ImportKey key.der cert.der*****
>
> ****
>
> Finally move the keystore to the correct location****
>
> * *****
>
> *mv /root/keystore.ImportKey /usr/lib/red5/conf/keystore*****
>
> ****
>
> N.B = Alias:importkey Password:importkey (When using the java import key
> files, you can change the****
>
> password afterwards)****
>
> ****
>
> ****
>
> ****
>
> *From:* Rafael [mailto:[email protected]]
> *Sent:* 22 August 2012 13:36****
>
>
> *To:* [email protected]
> *Subject:* Re: rtmps and certificate****
>
> ****
>
> openssl****
>
> On Wed, Aug 22, 2012 at 9:30 AM, Stephen Cottham <
> [email protected]> wrote:****
>
> What format do you have your self-signed certificate in?****
>
> ****
>
> ****
>
> ****
>
> *From:* Rafael [mailto:[email protected]]
> *Sent:* 22 August 2012 13:29****
>
>
> *To:* [email protected]
> *Subject:* Re: rtmps and certificate****
>
> ****
>
> What should I do at this point? Skipt it ?
>
> 4- Import your chosen CA's root certificate into the keystore (may need to
> download it from their site - make sure to get the root CA and not the
> intermediate one): keytool -import -alias root -keystore red5/conf/keystore
> -trustcacerts -file root.crt (note: you may receive a warning that the
> certificate already exists in the system wide keystore - import anyway)***
> *
>
> On Wed, Aug 22, 2012 at 9:16 AM, Stephen Cottham <
> [email protected]> wrote:****
>
> You can use a self-signed certificate and it will work, in some cases you
> will need to import the certificate into your browser so RTMPS to work
> correctly even thou HTTPS will work with the warning message.****
>
> ****
>
> Best regards****
>
> ****
>
> ****
>
> ****
>
> *From:* Rafael [mailto:[email protected]]
> *Sent:* 22 August 2012 13:13
> *To:* [email protected]
> *Subject:* Re: rtmps and certificate****
>
> ****
>
> is self certicate a solution ??****
>
> On Tue, Aug 21, 2012 at 11:46 PM, Rafael <[email protected]> wrote:****
>
> Im sorry Im newbie in rtmps and certificates. Is the only way to use rtmps
> generating a key and sending it to a CA?
> Cant it be done as https that you can "assume the risk" and accept the
> connection as a excpetion ? without verify with a CA ?
>
> Thanks.****
>
> ****
>
> *Stephen Cottham
> *Group IT Manager (Associate)
>
> Robert Bird Group
> Level 5, 333 Ann St
> Brisbane, Queensland, 4000, Australia****
>
> *Phone: +6173 319 2777 (AUS)*****
>
> *Phone: +44207 592 8000 (UK)*****
>
> *Fax: +6173 319 2799*****
>
> ****
>
> *Mobile: +61400 756 963 (AUS)*****
>
> *Mobile: +447900 918 616 (UK)*****
>
> *Web: **www.robertbird.com* <http://www.robertbird.com/>****
>
> <http://www.robertbird.com.au/>
>
> This email and any attachments are confidential and may contain legally
> privileged information or copyright material. Unless expressly stated,
> confidentiality and/or legal privilege is not intended to be waived by the
> sending of this email. The contents of this email, including any
> attachments, are intended solely for the use of the individual or entity to
> whom they are addressed. If you are not an intended recipient, please
> contact us immediately by return email and then delete both messages. You
> may not otherwise read, forward, copy, use or disclose this email or any
> attachments. Any views expressed in this email are those of the individual
> sender except where the sender expressly, and with authority, states
> otherwise. It is your responsibility to check any attachments for viruses
> or defects before opening or sending them on. None of the sender or its
> related entities accepts any liability for any consequential damage
> resulting from this email containing computer viruses. ****
>
> ****
>
>
> Disclaimer added by *CodeTwo Exchange Rules*
> www.codetwo.com****
>
> ****
>
> ****
>
> ****
>
> ** **
>
> ** **
>
<<image002.png>>
<<image001.gif>>
