the contents of keystore and keystore.screen: *keystore* Keystore type: JKS Keystore provider: SUN
Your keystore contains 1 entry
Alias name: red5
Creation date: Aug 22, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=TI, OU=NIMP, O=MP-RS, L=POA, ST=RS, C=BR
Issuer: CN=TI, OU=NIMP, O=MP-RS, L=POA, ST=RS, C=BR
Serial number: 5034d465
Valid from: Wed Aug 22 14:45:25 CEST 2012 until: Tue Sep 16 14:45:25 CEST
2053
Certificate fingerprints:
MD5: 0D:3F:DF:4F:77:8E:A2:18:BD:25:C5:39:34:CA:6E:58
SHA1: 33:63:08:FC:34:2B:6A:D5:2F:BA:11:E9:AC:C2:7B:2D:38:37:24:63
Signature algorithm name: SHA1withRSA
Version: 3
****************************************
*keystore.screen*
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: red5
Creation date: Aug 22, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=TI, OU=NIMP, O=MP-RS, L=POA, ST=RS, C=BR
Issuer: CN=TI, OU=NIMP, O=MP-RS, L=POA, ST=RS, C=BR
Serial number: 5034d49c
Valid from: Wed Aug 22 14:46:20 CEST 2012 until: Tue Sep 16 14:46:20 CEST
2053
Certificate fingerprints:
MD5: 50:FD:EF:A5:73:7B:9B:9F:A1:BB:C4:D4:4E:58:CD:DD
SHA1: 7F:B2:8B:3C:AE:CD:F6:AA:8D:15:DB:E3:6A:46:9D:A0:AE:28:13:2E
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
On Wed, Aug 22, 2012 at 8:39 PM, Rafael <[email protected]> wrote:
> Step by step what I did:
> 1- created the keys:
>
> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
> red5/conf/keystore -storepass "mypassword" -validity 15000
>
> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
> red5/conf/keystore.screen -storepass "mypassword" -validity 15000
>
>
> 2- exported the certificates:
>
> keytool -exportcert - alias red5 -storepass "mypassword" -kwystore
> red5/conf/keystore - file keyopen.der
>
> keytool -exportcert - alias red5 -storepass "mypassword" -kwystore
> red5/conf/keystore.screen - file keyscreenopen.der
>
> 3- imported keyopen.der and keyscreenopen.der to firefox >>certificate
> manager>>servers
>
> 4- set up rtmps:
> Uncomment <!-- RTMPS --> section in red5/conf/red5-core.xml
> Edit red5/conf/red5.properties and set rtmps.port=5443 and
> rtmps.keystorepass="mypassword"
> Edit red5/webapps/openmeetings/config.xml and set
> <rtmpsslport>5443</rtmpsslport> , <useSSL>yes</useSSL> and
> <proxyType>best</proxyType>
>
> 6-set up https
>
> 7-stop and restart red5.
>
> Still doenst work, the https open as untrusted and I add as a excpetion,
> but it doenst connect. stop on screen with NetConnect.Failed
> rtmpt://8088/openmeetings/hibernate, and "error missing [556]".
>
>
>
> On Wed, Aug 22, 2012 at 1:27 PM, Stephen Cottham <
> [email protected]> wrote:
>
>> Oh and BTW make sure you restart Open Meetings after you make a change to
>> the keystore file.****
>>
>> ** **
>>
>> ** **
>>
>> *From:* Stephen Cottham [mailto:[email protected]]
>> *Sent:* 22 August 2012 17:24
>>
>> *To:* [email protected]
>> *Subject:* RE: rtmps and certificate****
>>
>> ** **
>>
>> Rafael,****
>>
>> ** **
>>
>> I just used your method here and was able to get HTTPS and RTMPS working,
>> RTMPS will fail unless you export the certificate out first (from the
>> browser as a DER file) and then import into your browsers trusted root
>> authority. (it will complain it cannot verify the cert just accept the
>> warning) - Reload the site and it will connect fine..****
>>
>> ** **
>>
>> Cheers****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> *From:* Stephen Cottham [mailto:[email protected]]
>> *Sent:* 22 August 2012 17:08
>> *To:* [email protected]
>> *Subject:* RE: rtmps and certificate****
>>
>> ** **
>>
>> Can you confirm your keystore contents?****
>>
>> ** **
>>
>> cd /usr/lib/red5/conf****
>>
>> keytool -list -v -keystore keystore****
>>
>> ** **
>>
>> and does https work? What errors are you getting?****
>>
>> ** **
>>
>> Did you import the certificate into your browser?****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> *From:* Rafael [mailto:[email protected]]
>> *Sent:* 22 August 2012 17:00
>> *To:* [email protected]
>> *Subject:* Re: rtmps and certificate****
>>
>> ** **
>>
>> creating 2 self signed certificates like this:****
>>
>> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
>> red5/conf/keystore -storepass "mypassword" -validity 15000****
>>
>> keytool -keysize 2048 -genkey -keyalg RSA -alias red5 -keystore
>> red5/conf/keystore.screen -storepass "mypassword" -validity 15000****
>>
>> ****
>>
>> and editing the setups for rtmps, shouldnt it work ? ****
>>
>>
>> thanks.****
>>
>> On Wed, Aug 22, 2012 at 11:14 AM, Rafael <[email protected]> wrote:****
>>
>> Thanks Stephen.
>> Just in case, if I do it with .csr will I need to import a root crt or
>> mine will be enough? Wich root should I use?****
>>
>> ** **
>>
>> On Wed, Aug 22, 2012 at 9:44 AM, Stephen Cottham <
>> [email protected]> wrote:****
>>
>> Assuming the key and cert is you created is in PEM format do this****
>>
>> ****
>>
>> Copy the two files (*apache.key.pem and apache.cert.pem - or whatever
>> you have called yours ) *to****
>>
>> ****
>>
>> */usr/adm/*****
>>
>> ****
>>
>> Then****
>>
>> ****
>>
>> *cd /usr/adm/*****
>>
>> * *****
>>
>> *mkdir certs*****
>>
>> *cd certs/*****
>>
>> ****
>>
>> *openssl pkcs8 -topk8 -nocrypt -in apache.key.pem -inform PEM -out
>> key.der -outform DER*****
>>
>> *openssl x509 -in apache.cert.pem -inform PEM -out cert.der -outform DER*
>> ****
>>
>> ****
>>
>> Now we need a couple of files to help us import the DER files into the
>> keystore, so issue the****
>>
>> following:****
>>
>> * *****
>>
>> *wget
>> http://www.agentbob.info/agentbob/80/version/default/part/AttachmentData/data/ImportKey.java
>> *****
>>
>> *wget
>> http://www.agentbob.info/agentbob/81/version/default/part/AttachmentData/data/ImportKey.class
>> *****
>>
>> ****
>>
>> Then use these commands to import:****
>>
>> * *****
>>
>> *java ImportKey key.der cert.der*****
>>
>> ****
>>
>> Finally move the keystore to the correct location****
>>
>> * *****
>>
>> *mv /root/keystore.ImportKey /usr/lib/red5/conf/keystore*****
>>
>> ****
>>
>> N.B = Alias:importkey Password:importkey (When using the java import key
>> files, you can change the****
>>
>> password afterwards)****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> *From:* Rafael [mailto:[email protected]]
>> *Sent:* 22 August 2012 13:36****
>>
>>
>> *To:* [email protected]
>> *Subject:* Re: rtmps and certificate****
>>
>> ****
>>
>> openssl****
>>
>> On Wed, Aug 22, 2012 at 9:30 AM, Stephen Cottham <
>> [email protected]> wrote:****
>>
>> What format do you have your self-signed certificate in?****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> *From:* Rafael [mailto:[email protected]]
>> *Sent:* 22 August 2012 13:29****
>>
>>
>> *To:* [email protected]
>> *Subject:* Re: rtmps and certificate****
>>
>> ****
>>
>> What should I do at this point? Skipt it ?
>>
>> 4- Import your chosen CA's root certificate into the keystore (may need
>> to download it from their site - make sure to get the root CA and not the
>> intermediate one): keytool -import -alias root -keystore red5/conf/keystore
>> -trustcacerts -file root.crt (note: you may receive a warning that the
>> certificate already exists in the system wide keystore - import anyway)**
>> **
>>
>> On Wed, Aug 22, 2012 at 9:16 AM, Stephen Cottham <
>> [email protected]> wrote:****
>>
>> You can use a self-signed certificate and it will work, in some cases you
>> will need to import the certificate into your browser so RTMPS to work
>> correctly even thou HTTPS will work with the warning message.****
>>
>> ****
>>
>> Best regards****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> *From:* Rafael [mailto:[email protected]]
>> *Sent:* 22 August 2012 13:13
>> *To:* [email protected]
>> *Subject:* Re: rtmps and certificate****
>>
>> ****
>>
>> is self certicate a solution ??****
>>
>> On Tue, Aug 21, 2012 at 11:46 PM, Rafael <[email protected]> wrote:****
>>
>> Im sorry Im newbie in rtmps and certificates. Is the only way to use
>> rtmps generating a key and sending it to a CA?
>> Cant it be done as https that you can "assume the risk" and accept the
>> connection as a excpetion ? without verify with a CA ?
>>
>> Thanks.****
>>
>> ****
>>
>> *Stephen Cottham
>> *Group IT Manager (Associate)
>>
>> Robert Bird Group
>> Level 5, 333 Ann St
>> Brisbane, Queensland, 4000, Australia****
>>
>> *Phone: +6173 319 2777 (AUS)*****
>>
>> *Phone: +44207 592 8000 (UK)*****
>>
>> *Fax: +6173 319 2799*****
>>
>> ****
>>
>> *Mobile: +61400 756 963 (AUS)*****
>>
>> *Mobile: +447900 918 616 (UK)*****
>>
>> *Web: **www.robertbird.com* <http://www.robertbird.com/>****
>>
>> <http://www.robertbird.com.au/>
>>
>> This email and any attachments are confidential and may contain legally
>> privileged information or copyright material. Unless expressly stated,
>> confidentiality and/or legal privilege is not intended to be waived by the
>> sending of this email. The contents of this email, including any
>> attachments, are intended solely for the use of the individual or entity to
>> whom they are addressed. If you are not an intended recipient, please
>> contact us immediately by return email and then delete both messages. You
>> may not otherwise read, forward, copy, use or disclose this email or any
>> attachments. Any views expressed in this email are those of the individual
>> sender except where the sender expressly, and with authority, states
>> otherwise. It is your responsibility to check any attachments for viruses
>> or defects before opening or sending them on. None of the sender or its
>> related entities accepts any liability for any consequential damage
>> resulting from this email containing computer viruses. ****
>>
>> ****
>>
>>
>> Disclaimer added by *CodeTwo Exchange Rules*
>> www.codetwo.com****
>>
>> ****
>>
>> ****
>>
>> ****
>>
>> ** **
>>
>> ** **
>>
>
>
<<image002.png>>
<<image001.gif>>
