I think I spoke too soon as I was testing the rmi locally. When trying to connect from another lan machine even after creating a new client truststore importing the server cert, it wont connect. Client is jdk6, server is jdk5.
Mondain wrote: > All I meant is that I hadn't gotten around to it yet.. I'm all for > putting it in, but I wont force everyone to use it. > > Paul > > On 5/16/07, *Dan Rossi * <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > So you dont think the rmi registry should be started from code ? Im > really not sure how im going to start that as a service with red5 > which > is also a windows service. > > Mondain wrote: > > I knew you'd get it working eventually :) > > > > Paul > > > > On 5/16/07, *Dan Rossi* < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> > wrote: > > > > http://www.red5tutorials.net/index.php/Tutorials:RMI_JMX_SSL > > <http://www.red5tutorials.net/index.php/Tutorials:RMI_JMX_SSL> > > > > Dan Rossi wrote: > > > Create Server Keystore: > > > > > > keytool -genkey -alias red5server -keyalg RSA -validity 36500 > > -keystore > > > conf/jmx.keystore -storepass password -keypass password > -dname > > "CN=Dan > > > Rossi, OU=IT, O=Red5, L=Sydney,S=NSW, C=AU" > > > > > > Verify Keystore: > > > > > > keytool -list -v -keystore conf/jmx.keystore -storepass > password > > > > > > Export Self Signed Cert: > > > > > > keytool -export -alias red5server -keystore > conf/jmx.keystore -file > > > conf/red5server.cer -storepass password > > > > > > Create Client Truststore: > > > > > > keytool -genkey -alias red5client -keyalg RSA -validity 36500 > > -keystore > > > conf/jmx.truststore -storepass trustword -keypass > trustword -dname > > > "CN=Dan Rossi, OU=IT, O=Red5, L=Sydney,S=NSW, C=AU" > > > > > > Import Server Cert into TrustStore: > > > > > > keytool -import -file conf/red5server.cer -keystore > > conf/jmx.truststore > > > -storepass trustword -noprompt > > > > > > Start RMI Registry (unless it is going to started > programatically) > > > > > > rmiregistry - J-Djava.security.manager > > > -J-Djava.security.policy=conf/red5.policy > > > -J-Djavax.net.ssl.trustStore=conf/jmx.truststore > > > -J-Djavax.net.ssl.trustStorePassword=trustword 9999 & > > > > > > > > > Start Red5: > > > > > > With these args > > > > > > -Djava.security.manager > > > -Djava.security.policy=conf/red5.policy > > > -Dcom.sun.management.jmxremote > > > -Djavax.net.ssl.keyStore=conf/jmx.keystore > > > -Djavax.net.ssl.keyStorePassword=password > > > > > > Start Jconsole: > > > > > > jconsole -J-Djava.security.manager > > > -J-Djava.security.policy=conf/red5.policy > > > -J-Djavax.net.ssl.trustStore=conf/jmx.truststore > > > -J-Djavax.net.ssl.trustStorePassword=trustword > > > -J-Djava.security.debug=ssl > > service:jmx:rmi:///jndi/rmi://host:9999/red5 > > > > > > > > > Works after different variations of trying to create the > store. > > So JMX > > > is enabled locally and RMI is used for remote management. > Ive yet to > > > test this live on a windows server running in a service. > > > > > > Ill prob add all the required bits on red5 tutorials, but the > > silly wiki > > > doesnt like new lines when you paste it in. > > > > > > I also suggest maybe an ant task is created to create the > > keystore and > > > truststore for you ? > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Red5 mailing list > > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > http://osflash.org/mailman/listinfo/red5_osflash.org > <http://osflash.org/mailman/listinfo/red5_osflash.org> > > > > > > > > > > > > _______________________________________________ > > Red5 mailing list > > [email protected] <mailto:[email protected]> <mailto: > [email protected] <mailto:[email protected]>> > > http://osflash.org/mailman/listinfo/red5_osflash.org > > > > > > > > > > -- > > It is difficult to free fools from the chains they revere. - > Voltaire > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Red5 mailing list > > [email protected] <mailto:[email protected]> > > http://osflash.org/mailman/listinfo/red5_osflash.org > > > > > _______________________________________________ > Red5 mailing list > [email protected] <mailto:[email protected]> > http://osflash.org/mailman/listinfo/red5_osflash.org > <http://osflash.org/mailman/listinfo/red5_osflash.org> > > > > > -- > It is difficult to free fools from the chains they revere. - Voltaire > ------------------------------------------------------------------------ > > _______________________________________________ > Red5 mailing list > [email protected] > http://osflash.org/mailman/listinfo/red5_osflash.org > _______________________________________________ Red5 mailing list [email protected] http://osflash.org/mailman/listinfo/red5_osflash.org
