from:"Xavier M"

Sorry for spamming...

Mea culpa again, I did not have load wstunnel correctly. sudo a2enmod 
proxy_wstunnel and it seems to work.


Have a  good evening,

Xavier


Le 05/08/2019 à 20:54, Xavier M a écrit :

Hello again,

My fault, I copied/pasted once again the code for the VHost and modified the 
appropriated lines (names of server / error-log and SSL Certificates) again: 
now the log-in session works.

BUT when I'm logged in, I can see only "T'chat": the main page does not load. 
The browser console shows:

Firefox ne peut établir de connexion avec le serveur à l’adresse 
wss://openmeetings.domain.eu/openmeetings/wicket/websocket?pageId=2=.=OpenmeetingsApplication.


I don't know anything of wss, but can it be that the line RewriteRule /(.*) 
ws://localhost:5080/$1 [P,L] does not work with wss:// requests?

Xavier


Post Scriptum: I tested with https://:5443/openmeetings and it 
still works correctly. But I had to add an exception of security on my 
computer, since I do not have a valid certificate for the IP adress.


Le 05/08/2019 à 18:22, Maxim Solodovnik a écrit :
please check browser console
do you have HTTP #400 errors?

On Mon, 5 Aug 2019 at 23:02, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi Maxim,

Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got 
exactly the same as before, except that I can not connect through 
http://domain.eu:5080/openmeetings/ anymore. As for 
https://openmeetings.domain.eu/openmeetings/, I now have an access to the 
log-in session, but nothing happens when I sign in (except the dotted box which 
appears for less than 1 second when I click on the button).

I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from 
domain.test-test.eu<http://domain.test-test.eu> to 
openmeetings.domain.eu<http://openmeetings.domain.eu>
Could you please confirm that I have to let "localhost" rather than changing by 
"domain.eu<http://domain.eu>", even for a web server?

Hope you're on holidays!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Objet : Re: Tomcat with SSL

Hello Xavier,

In 5.0.0 the changes need to be done in 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- mailto:xa...@hotmail.com>> wrote:
Hello,

I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I 
tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235

But I could not find the file corresponding to "conf/jee-container.xml". There 
exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to 
be found?

For your information: all seems to work when I connect to 
http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But 
when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual 
host with servername openmeetings.domain.eu<http://openmeetings.domain.eu> 
being configured as described in Stackoverflow), I have an access to the log in 
formular, but nothing happens when I click on "Sign in".

Could you please provide me help?
Thanks,
Xavier



--
WBR
Maxim aka solomax


--
WBR
Maxim aka solomax

Re: Tomcat with SSL

Hello again,

My fault, I copied/pasted once again the code for the VHost and modified the 
appropriated lines (names of server / error-log and SSL Certificates) again: 
now the log-in session works.

BUT when I'm logged in, I can see only "T'chat": the main page does not load. 
The browser console shows:

Firefox ne peut établir de connexion avec le serveur à l’adresse 
wss://openmeetings.domain.eu/openmeetings/wicket/websocket?pageId=2=.=OpenmeetingsApplication.


I don't know anything of wss, but can it be that the line RewriteRule /(.*) 
ws://localhost:5080/$1 [P,L] does not work with wss:// requests?

Xavier


Post Scriptum: I tested with https://:5443/openmeetings and it 
still works correctly. But I had to add an exception of security on my 
computer, since I do not have a valid certificate for the IP adress.


Le 05/08/2019 à 18:22, Maxim Solodovnik a écrit :
please check browser console
do you have HTTP #400 errors?

On Mon, 5 Aug 2019 at 23:02, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi Maxim,

Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got 
exactly the same as before, except that I can not connect through 
http://domain.eu:5080/openmeetings/ anymore. As for 
https://openmeetings.domain.eu/openmeetings/, I now have an access to the 
log-in session, but nothing happens when I sign in (except the dotted box which 
appears for less than 1 second when I click on the button).

I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from 
domain.test-test.eu<http://domain.test-test.eu> to 
openmeetings.domain.eu<http://openmeetings.domain.eu>
Could you please confirm that I have to let "localhost" rather than changing by 
"domain.eu<http://domain.eu>", even for a web server?

Hope you're on holidays!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Objet : Re: Tomcat with SSL

Hello Xavier,

In 5.0.0 the changes need to be done in 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- mailto:xa...@hotmail.com>> wrote:
Hello,

I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I 
tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235

But I could not find the file corresponding to "conf/jee-container.xml". There 
exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to 
be found?

For your information: all seems to work when I connect to 
http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But 
when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual 
host with servername openmeetings.domain.eu<http://openmeetings.domain.eu> 
being configured as described in Stackoverflow), I have an access to the log in 
formular, but nothing happens when I click on "Sign in".

Could you please provide me help?
Thanks,
Xavier



--
WBR
Maxim aka solomax


--
WBR
Maxim aka solomax

RE: Tomcat with SSL

Hi Maxim,

Thank you for your help. After a "sudo /etc/init.d/tomcat3 restart", I've got 
exactly the same as before, except that I can not connect through 
http://domain.eu:5080/openmeetings/ anymore. As for 
https://openmeetings.domain.eu/openmeetings/, I now have an access to the 
log-in session, but nothing happens when I sign in (except the dotted box which 
appears for less than 1 second when I click on the button).

I guess I'll have to double-check the Virtual Host you gave as answer at:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235
I just changed the ServerName and the RedirectMatch (and logs), from 
domain.test-test.eu to openmeetings.domain.eu
Could you please confirm that I have to let "localhost" rather than changing by 
"domain.eu", even for a web server?

Hope you're on holidays!
Xavier


De : Maxim Solodovnik 
Envoyé : lundi 5 août 2019 16:39
À : Openmeetings user-list 
Objet : Re: Tomcat with SSL

Hello Xavier,

In 5.0.0 the changes need to be done in 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L55
-- mailto:xa...@hotmail.com>> wrote:
Hello,

I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I 
tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235

But I could not find the file corresponding to "conf/jee-container.xml". There 
exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to 
be found?

For your information: all seems to work when I connect to 
http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But 
when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual 
host with servername openmeetings.domain.eu 
being configured as described in Stackoverflow), I have an access to the log in 
formular, but nothing happens when I click on "Sign in".

Could you please provide me help?
Thanks,
Xavier



--
WBR
Maxim aka solomax

Tomcat with SSL

Hello,

I'm trying to secure OpenMeetings 5.0.0 with a Proxy (on an Apache-Server). I 
tried to follow these instructions to configure the Virtual Host:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass/51783235#51783235

But I could not find the file corresponding to "conf/jee-container.xml". There 
exists a /opt/open500/conf/ directory, but no jee-container.xml. Where is it to 
be found?

For your information: all seems to work when I connect to 
http://domain.eu:5080/openmeetings/ (I sign in and access to OpenMeetings). But 
when I connect to https://openmeetings.domain.eu/openmeetings/, (the virtual 
host with servername openmeetings.domain.eu being configured as described in 
Stackoverflow), I have an access to the log in formular, but nothing happens 
when I click on "Sign in".

Could you please provide me help?
Thanks,
Xavier

RE: conversion problem during update

2019-07-16 Thread Xavier M

Hello,

Yes, it works fine with:
cd (Directory where the file to be converted is)
convert -density 125 OpenMeet.pdf +profile '*' -quality 100 page-%04d.png
(where OpenMeet.pdf is the name of the file to be converted).

Nota Bene : transparency is active in the results (the .png files) : when the 
background of the PDF-file is white, it becomes transparent in the PNG-files.

Xavier


De : Maxim Solodovnik 
Envoyé : lundi 15 juillet 2019 13:48
À : Openmeetings user-list
Objet : Re: conversion problem during update

even better if it will be "+profile '*'" (typo in `profile` is also fixed)

On Mon, 15 Jul 2019 at 16:17, Maxim Solodovnik  wrote:
>
> This string "+ profil '*'"
> Should be "+profil '*'" (no space)
>
> On Mon, 15 Jul 2019 at 16:11, Xavier M  wrote:
> >
> > Hi all,
> >
> > I just tested the command lines with a Mac... There must be a mistake 
> > somewhere, but it is quite encouraging.
> >
> >  * I used a copy of the tutorial of OpenMeetings Installation by Alvaro (16 
> > pages), and put it into a directory "Test". I renamed it OpenMeet.pdf to 
> > (preventively) avoid some undesirable effects of spaces or long names.
> >  * I launched a console and cd into this directory.
> >  * I typed following command:
> > convert -density 125 OpenMeet.pdf + profil '*' -quality 100 page-%04d.png
> >   * I got following errors:
> > convert: unable to open image '+': No such file or directory @ 
> > error/blob.c/OpenBlob/3485.
> > convert: no decode delegate for this image format `' @ 
> > error/constitute.c/ReadImage/556.
> > convert: unable to open image 'profil': No such file or directory @ 
> > error/blob.c/OpenBlob/3485.
> > convert: unable to open image 'profil': No such file or directory @ 
> > error/blob.c/OpenBlob/3485.
> > convert: no decode delegate for this image format `' @ 
> > error/constitute.c/ReadImage/556.
> >  * BUT I've got now 32 new png-files, numerotated  to 0035. The files 
> > page-.png and page-0015.png correspond to the first page of the PDF 
> > file.
> >
> > --> I guess that ImageMagick works, but that there is some problem with the 
> > options in the command lines.
> >
> > Hope this helps...
> > Xavier
> >
> > 
> > De : Maxim Solodovnik 
> > Envoyé : jeudi 11 juillet 2019 09:44
> > À : Openmeetings user-list
> > Objet : Re: conversion problem during update
> >
> > the page seems to correct
> >
> > On Thu, 11 Jul 2019 at 14:42, Xavier M  wrote:
> > >
> > > Just to check for step 1, due to the way it is written: do I follow the 
> > > instructions here?
> > > https://imagemagick.org/script/download.php#macosx
> > >
> > >
> > >
> > > 
> > > De : Maxim Solodovnik 
> > > Envoyé : jeudi 11 juillet 2019 09:33
> > > À : Openmeetings user-list
> > > Objet : Re: conversion problem during update
> > >
> > > Steps:
> > > 1) Install ImageMagic
> > > 2) create empty folder, cd into this folder, put any PDF file to it
> > > Using terminal/console app
> > > 3) run
> > > `PATH_TO_IMAGIC_BIN/convert -density 125 NAME_OF_PDF.pdf +profile
> > > '*' -quality 100 page-%04d.png`
> > >
> > > should be no errors
> > > (NOTE PDF conversion might be blocked in ImageMagic policy.xml file)
> > >
> > > On Thu, 11 Jul 2019 at 14:29, Xavier M  wrote:
> > > >
> > > > Hi,
> > > >
> > > > I'm a Mac user at work - be aware that it is not a server on the web. I 
> > > > do not fully understand the point, but if you detail me the steps, I 
> > > > can maybe help? I'll find time to do on Monday or Tuesday.
> > > >
> > > > Xavier
> > > >
> > > > 
> > > > De : Peter Dähn 
> > > > Envoyé : jeudi 11 juillet 2019 09:13
> > > > À : user@openmeetings.apache.org
> > > > Objet : Re: conversion problem during update
> > > >
> > > > I will ask MAC user around here...
> > > >
> > > > Am 11.07.19 um 08:32 schrieb Maxim Solodovnik:
> > > > > I can test it on Windows
> > > > > Not on Mac :(
> > > > >
> > > > > should be easy:
> > > > > 1) install ImageMagic
> > > > > 2) run command
> > > > > 3) report back :)
> > > > >
> > > >

RE: conversion problem during update

2019-07-15 Thread Xavier M

Hi all,

I just tested the command lines with a Mac... There must be a mistake 
somewhere, but it is quite encouraging.

 * I used a copy of the tutorial of OpenMeetings Installation by Alvaro (16 
pages), and put it into a directory "Test". I renamed it OpenMeet.pdf to 
(preventively) avoid some undesirable effects of spaces or long names.
 * I launched a console and cd into this directory.
 * I typed following command:
convert -density 125 OpenMeet.pdf + profil '*' -quality 100 page-%04d.png
  * I got following errors:
convert: unable to open image '+': No such file or directory @ 
error/blob.c/OpenBlob/3485.
convert: no decode delegate for this image format `' @ 
error/constitute.c/ReadImage/556.
convert: unable to open image 'profil': No such file or directory @ 
error/blob.c/OpenBlob/3485.
convert: unable to open image 'profil': No such file or directory @ 
error/blob.c/OpenBlob/3485.
convert: no decode delegate for this image format `' @ 
error/constitute.c/ReadImage/556.
 * BUT I've got now 32 new png-files, numerotated  to 0035. The files 
page-.png and page-0015.png correspond to the first page of the PDF file.

--> I guess that ImageMagick works, but that there is some problem with the 
options in the command lines.

Hope this helps...
Xavier


De : Maxim Solodovnik 
Envoyé : jeudi 11 juillet 2019 09:44
À : Openmeetings user-list
Objet : Re: conversion problem during update

the page seems to correct

On Thu, 11 Jul 2019 at 14:42, Xavier M  wrote:
>
> Just to check for step 1, due to the way it is written: do I follow the 
> instructions here?
> https://imagemagick.org/script/download.php#macosx
>
>
>
> 
> De : Maxim Solodovnik 
> Envoyé : jeudi 11 juillet 2019 09:33
> À : Openmeetings user-list
> Objet : Re: conversion problem during update
>
> Steps:
> 1) Install ImageMagic
> 2) create empty folder, cd into this folder, put any PDF file to it
> Using terminal/console app
> 3) run
> `PATH_TO_IMAGIC_BIN/convert -density 125 NAME_OF_PDF.pdf +profile
> '*' -quality 100 page-%04d.png`
>
> should be no errors
> (NOTE PDF conversion might be blocked in ImageMagic policy.xml file)
>
> On Thu, 11 Jul 2019 at 14:29, Xavier M  wrote:
> >
> > Hi,
> >
> > I'm a Mac user at work - be aware that it is not a server on the web. I do 
> > not fully understand the point, but if you detail me the steps, I can maybe 
> > help? I'll find time to do on Monday or Tuesday.
> >
> > Xavier
> >
> > 
> > De : Peter Dähn 
> > Envoyé : jeudi 11 juillet 2019 09:13
> > À : user@openmeetings.apache.org
> > Objet : Re: conversion problem during update
> >
> > I will ask MAC user around here...
> >
> > Am 11.07.19 um 08:32 schrieb Maxim Solodovnik:
> > > I can test it on Windows
> > > Not on Mac :(
> > >
> > > should be easy:
> > > 1) install ImageMagic
> > > 2) run command
> > > 3) report back :)
> > >
> > > Are there any volunteers?
> > >
> > > On Thu, 11 Jul 2019 at 13:29, Peter Dähn  wrote:
> > >> you are right... I simply try to keep it in mind... Maybe updates to
> > >> 5.0.x will be done by moving to a new server. I think complete migration
> > >> with conversion etc. will to be tested by more admins... ;-)
> > >>
> > >> Greetings Peter
> > >>
> > >> Am 11.07.19 um 08:17 schrieb Maxim Solodovnik:
> > >>> Actually this is "one minute task" BUT
> > >>> Someone need to test it using Win and Mac (I guess it will work on 
> > >>> Linux)
> > >>>
> > >>> On Thu, 11 Jul 2019 at 13:15, Peter Dähn  wrote:
> > >>>> Hi Maxim,
> > >>>>
> > >>>> seems to be. Does it hurt to add that parameter anyway?
> > >>>>
> > >>>> Greetigs Peter
> > >>>>
> > >>>> Am 11.07.19 um 07:17 schrieb Maxim Solodovnik:
> > >>>>> No answers for a long time
> > >>>>> I guess this one is not a common problem
> > >>>>>
> > >>>>> On Mon, 3 Jun 2019 at 13:44, Peter Dähn  wrote:
> > >>>>>> Hi Maxim,
> > >>>>>>
> > >>>>>> you are right, to add this would help, if it is a common problem.
> > >>>>>>
> > >>>>>> This is a really old file. It seems that it was already a pdf-file.
> > >>>>>> Original content of the folder was
> > >>>>>>

RE: conversion problem during update

2019-07-11 Thread Xavier M

Just to check for step 1, due to the way it is written: do I follow the 
instructions here?
https://imagemagick.org/script/download.php#macosx




De : Maxim Solodovnik 
Envoyé : jeudi 11 juillet 2019 09:33
À : Openmeetings user-list
Objet : Re: conversion problem during update

Steps:
1) Install ImageMagic
2) create empty folder, cd into this folder, put any PDF file to it
Using terminal/console app
3) run
`PATH_TO_IMAGIC_BIN/convert -density 125 NAME_OF_PDF.pdf +profile
'*' -quality 100 page-%04d.png`

should be no errors
(NOTE PDF conversion might be blocked in ImageMagic policy.xml file)

On Thu, 11 Jul 2019 at 14:29, Xavier M  wrote:
>
> Hi,
>
> I'm a Mac user at work - be aware that it is not a server on the web. I do 
> not fully understand the point, but if you detail me the steps, I can maybe 
> help? I'll find time to do on Monday or Tuesday.
>
> Xavier
>
> 
> De : Peter Dähn 
> Envoyé : jeudi 11 juillet 2019 09:13
> À : user@openmeetings.apache.org
> Objet : Re: conversion problem during update
>
> I will ask MAC user around here...
>
> Am 11.07.19 um 08:32 schrieb Maxim Solodovnik:
> > I can test it on Windows
> > Not on Mac :(
> >
> > should be easy:
> > 1) install ImageMagic
> > 2) run command
> > 3) report back :)
> >
> > Are there any volunteers?
> >
> > On Thu, 11 Jul 2019 at 13:29, Peter Dähn  wrote:
> >> you are right... I simply try to keep it in mind... Maybe updates to
> >> 5.0.x will be done by moving to a new server. I think complete migration
> >> with conversion etc. will to be tested by more admins... ;-)
> >>
> >> Greetings Peter
> >>
> >> Am 11.07.19 um 08:17 schrieb Maxim Solodovnik:
> >>> Actually this is "one minute task" BUT
> >>> Someone need to test it using Win and Mac (I guess it will work on Linux)
> >>>
> >>> On Thu, 11 Jul 2019 at 13:15, Peter Dähn  wrote:
> >>>> Hi Maxim,
> >>>>
> >>>> seems to be. Does it hurt to add that parameter anyway?
> >>>>
> >>>> Greetigs Peter
> >>>>
> >>>> Am 11.07.19 um 07:17 schrieb Maxim Solodovnik:
> >>>>> No answers for a long time
> >>>>> I guess this one is not a common problem
> >>>>>
> >>>>> On Mon, 3 Jun 2019 at 13:44, Peter Dähn  wrote:
> >>>>>> Hi Maxim,
> >>>>>>
> >>>>>> you are right, to add this would help, if it is a common problem.
> >>>>>>
> >>>>>> This is a really old file. It seems that it was already a pdf-file.
> >>>>>> Original content of the folder was
> >>>>>>
> >>>>>> HASH.pdf, HASH.swf, library.xml and for each page of the pdf a
> >>>>>> _thumb_page-.jpg.
> >>>>>>
> >>>>>> Greetings Peter
> >>>>>>
> >>>>>> Am 31.05.19 um 18:39 schrieb Maxim Solodovnik:
> >>>>>>> Hello Peter,
> >>>>>>>
> >>>>>>> I guess you propose to add "profile" param to OM code :)
> >>>>>>> I'm OK with it, could you check if your original document is being
> >>>>>>> converted by OM UI as expected or not?
> >>>>>>>
> >>>>>>> On Fri, 31 May 2019 at 20:03, Peter Dähn  wrote:
> >>>>>>>> Hi Maxim,
> >>>>>>>>
> >>>>>>>> I needed to convert some room files afterwards. I user command out of
> >>>>>>>> the logs and got for some files an error.
> >>>>>>>>
> >>>>>>>> /usr/bin/convert -density 125
> >>>>>>>> /SERVER/webapps/openmeetings/data/upload/files/HASH/HASH.pdf -quality
> >>>>>>>> 100 /SERVER/webapps/openmeetings/data/upload/files/HASH/page-%04d.png
> >>>>>>>>
> >>>>>>>> convert: profile 'icc': 'RGB ': RGB color space not permitted on
> >>>>>>>> grayscale PNG
> >>>>>>>> `/SERVER/webapps/openmeetings/data/upload/files/HASH/page-%04d.png' @
> >>>>>>>> warning/png.c/MagickPNGWarningHandler/1654.
> >>>>>>>>
> >>>>>>>> I needed to add parameter +profile '*' . Now convert is working 
> >>>>>>>> without
>

RE: conversion problem during update

2019-07-11 Thread Xavier M

Hi,

I'm a Mac user at work - be aware that it is not a server on the web. I do not 
fully understand the point, but if you detail me the steps, I can maybe help? 
I'll find time to do on Monday or Tuesday.

Xavier


De : Peter Dähn 
Envoyé : jeudi 11 juillet 2019 09:13
À : user@openmeetings.apache.org
Objet : Re: conversion problem during update

I will ask MAC user around here...

Am 11.07.19 um 08:32 schrieb Maxim Solodovnik:
> I can test it on Windows
> Not on Mac :(
>
> should be easy:
> 1) install ImageMagic
> 2) run command
> 3) report back :)
>
> Are there any volunteers?
>
> On Thu, 11 Jul 2019 at 13:29, Peter Dähn  wrote:
>> you are right... I simply try to keep it in mind... Maybe updates to
>> 5.0.x will be done by moving to a new server. I think complete migration
>> with conversion etc. will to be tested by more admins... ;-)
>>
>> Greetings Peter
>>
>> Am 11.07.19 um 08:17 schrieb Maxim Solodovnik:
>>> Actually this is "one minute task" BUT
>>> Someone need to test it using Win and Mac (I guess it will work on Linux)
>>>
>>> On Thu, 11 Jul 2019 at 13:15, Peter Dähn  wrote:
 Hi Maxim,

 seems to be. Does it hurt to add that parameter anyway?

 Greetigs Peter

 Am 11.07.19 um 07:17 schrieb Maxim Solodovnik:
> No answers for a long time
> I guess this one is not a common problem
>
> On Mon, 3 Jun 2019 at 13:44, Peter Dähn  wrote:
>> Hi Maxim,
>>
>> you are right, to add this would help, if it is a common problem.
>>
>> This is a really old file. It seems that it was already a pdf-file.
>> Original content of the folder was
>>
>> HASH.pdf, HASH.swf, library.xml and for each page of the pdf a
>> _thumb_page-.jpg.
>>
>> Greetings Peter
>>
>> Am 31.05.19 um 18:39 schrieb Maxim Solodovnik:
>>> Hello Peter,
>>>
>>> I guess you propose to add "profile" param to OM code :)
>>> I'm OK with it, could you check if your original document is being
>>> converted by OM UI as expected or not?
>>>
>>> On Fri, 31 May 2019 at 20:03, Peter Dähn  wrote:
 Hi Maxim,

 I needed to convert some room files afterwards. I user command out of
 the logs and got for some files an error.

 /usr/bin/convert -density 125
 /SERVER/webapps/openmeetings/data/upload/files/HASH/HASH.pdf -quality
 100 /SERVER/webapps/openmeetings/data/upload/files/HASH/page-%04d.png

 convert: profile 'icc': 'RGB ': RGB color space not permitted on
 grayscale PNG
 `/SERVER/webapps/openmeetings/data/upload/files/HASH/page-%04d.png' @
 warning/png.c/MagickPNGWarningHandler/1654.

 I needed to add parameter +profile '*' . Now convert is working without
 error.

 /usr/bin/convert -density 125
 /SERVER/webapps/openmeetings/data/upload/files/HASH/HASH.pdf +profile
 '*' -quality 100
 /usr/lib/red5/webapps/openmeetings/data/upload/files/HASH/page-%04d.png

 Greetings Peter

 Am 15.05.19 um 13:15 schrieb Peter Dähn:
> Hi,
>
> I had a little problem during the last update (from 3.0.7 to 4.0.8). I
> didn't realise, that ffmpeg didn't work after server update. The
> following om update went throug, despite the fact, that
> screen-recordings were not converted.
>
> That why I needed to figure out (with a little bit help of Maxim) how 
> to
> manage that afterwards. I would like to share my steps, in case 
> someone
> has a similar problem.
>
> 1. Get needed information from database (in my case it is postgres)
>
>  select id,hash from om_file where deleted=false and type='Recording'
> and dtype='Recording' order by id;
>
> 2. save the result in a text file e.g. convert_recordings.txt
>
> 3. prepare a little script (linux/bash)
>
> #!/bin/bash
> i=0
> while read line
> do
>#echo "$line"
>id=`echo $line | awk '{split($0, a, "|"); print a[1]}'`
>#echo $id
>hash=`echo $line | awk '{split($0, a, "|"); print a[2]}'`
>#echo $hash
> #   echo "bearbeite $id"
>command_mp4="/usr/local/bin/ffmpeg -y -nostdin -i
> /OM_OLD_DIR/webapps/openmeetings/data/streams/hibernate/flvRecording_$id.avi
> -c:v h264 -crf 24 -pix_fmt yuv420p -preset medium -profile:v baseline
> -level 3.0 -movflags faststart -c:a aac -ar 22050 -b:a 32k
> /OM_DIR/webapps/openmeetings/data/streams/hibernate/$hash.mp4"
> #   echo $command_mp4
>command_png="/usr/local/bin/ffmpeg -y -nostdin -i
> /OM_DIR/webapps/openmeetings/data/streams/hibernate/$hash.mp4 -vf
> thumbnail,scale=640:-1 -frames:v 1
>

Re: New DVD-Pendrive live iso OpenMeetings 5.0.0-M2 on Ubuntu 18.04

2019-07-10 Thread Xavier M

Hello,


Waouh, it sounds great! Is there already any tutorial to install it - I'm 
thinking to a webserver using SSH?

At each case, I'll test it soon.


Xavier


Le 10/07/2019 à 21:01, Alvaro a écrit :
[cid:part1.75BE35D1.682C012D@hotmail.com]
Hello,

I've modified and uploaded again the live iso.

Now can recording in any room. Before was limited
to Conference Room.

Can download newly if you like.

https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu

Best regards

Alvaro


...



El lun, 08-07-2019 a las 11:52 +0200, Alvaro escribió:
[cid:part1.75BE35D1.682C012D@hotmail.com]
Hello,

A new DVD-Pendrive live iso of OpenMeetings 5.0.0-M2 on Ubuntu 18.04
is at your disposal, called:

OpenMeetings 5.0.0-M2 on Ubuntu 18.04 lts Live.iso

Is the option to install on hard drive.

Contains:

==

OpenMeetings 5.0.0-M2 (web video conference server)

MariaDB (Data server)

Mail server (Postfix - Dovecot - MariaDB) (virtual domains and users)

Roundcube (webmail)

Apache (web server)

PhpMyAdmin (administration of MariaDB)

==


Can find it here:

https://cwiki.apache.org/confluence/display/OPENMEETINGS/Live+iso+OpenMeetings+on+Ubuntu

The information about users, passwords, etc, is in a folder in the desktop.


Best regards

Alvaro

Re: Log-in and security

... and restart!

It works, I do not have an error message anymore, even for "lack of security".
Exactly what I was looking for!

Thank you all, and especially Stefan and Maxim!

Xavier

Le 07/07/2019 à 16:52, Stefan Kühl a écrit :

So, please change the given password into the password you use in the
commandlines and the error should be gone. ;-)

Am 07.07.2019 16:08, schrieb Xavier M:

Oops, sorry... No, it is not the password you gave me.

But I state that my file looks *very much* like
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L75
(at least for this "SSL section").

Xavier

Le 07/07/2019 à 15:29, Stefan Kühl a écrit :

Hey Xavier,

but you don't mention the very important answer: Is the keystorePass the the
same as we use in the commandlines?

Greetz

Stefan

Am 07.07.2019 15:08, schrieb Xavier M:

Hi Stefan,

Here the result for the SSL part... One can find the keystorePass inside, I
just changed the password by "xxx" (bold) since we have a "public"
discussion... Even if I'm not sure this is very useful. As you mentioned
earlier, the keystoreFile for OM 5.0.0 appears to be "keystore" and not
"keystore.jks". Do you conlude anything? If I have to reinstall the old files,
I would be glad if you could provide them.

Nota Bene: the second Connector port="5443" lies between . It is
probably normal, I just wonder why.

Thank you!

Xavier

Le 07/07/2019 à 12:32, Stefan Kühl a écrit :
sudo cat OM_Folder/conf/server.xml

Re: Log-in and security

Oops, sorry... No, it is not the password you gave me.

But I state that my file looks *very much* like 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L75
 (at least for this "SSL section").


Xavier


Le 07/07/2019 à 15:29, Stefan Kühl a écrit :

Hey Xavier,

but you don't mention the very important answer: Is the keystorePass the the 
same as we use in the commandlines?

Greetz

Stefan




Am 07.07.2019 15:08, schrieb Xavier M:

Hi Stefan,


Here the result for the SSL part... One can find the keystorePass inside, I 
just changed the password by "xxx" (bold) since we have a "public" 
discussion... Even if I'm not sure this is very useful. As you mentioned 
earlier, the keystoreFile for OM 5.0.0 appears to be "keystore" and not 
"keystore.jks". Do you conlude anything? If I have to reinstall the old files, 
I would be glad if you could provide them.

Nota Bene: the second  Connector port="5443" lies between . It is 
probably normal, I just wonder why.


Thank you!

Xavier







Le 07/07/2019 à 12:32, Stefan Kühl a écrit :
sudo cat OM_Folder/conf/server.xml

Re: Log-in and security

Hi Stefan,


Here the result for the SSL part... One can find the keystorePass inside, I 
just changed the password by "xxx" (bold) since we have a "public" 
discussion... Even if I'm not sure this is very useful. As you mentioned 
earlier, the keystoreFile for OM 5.0.0 appears to be "keystore" and not 
"keystore.jks". Do you conlude anything? If I have to reinstall the old files, 
I would be glad if you could provide them.

Nota Bene: the second  Connector port="5443" lies between . It is 
probably normal, I just wonder why.


Thank you!

Xavier








Le 07/07/2019 à 12:32, Stefan Kühl a écrit :
sudo cat OM_Folder/conf/server.xml

Re: Log-in and security

Hi Stefan,


No matters, we all have another life (or even some other lives?)... That's the 
advantage of the e-mails, that we can report to later!

First of all: you're right for the usergroup, I didn't take care that I 
answered to the sender only when I was using Thunderbird (it is not the case 
when I'm using the webmail).


Then, 2 points:

 1/ Can you please tell me which is the keystore from the original file from 
the install source - that is in which folder I should find it? I guess I 
modified the keystore files with the -import option of the command lines?

 1bis/ There is no problem if I have to uninstall / install again OpenMeetings 
to have it again. Is there any way to uninstall it properly, or do I have to 
delete /opt/open500/ folder from a shell?

 2/ Here the result you asked me (is it a list of files in the folder, with the 
right for the access, owner and owner-group, and the date of last 
modification?):

xavier@sd-118950:/opt/open500/conf$ ls -al
total 264
drwxr-xr-x 3 nobody nogroup   4096 juil.  5 14:45 .
drwxr-xr-x 9 nobody nogroup   4096 juil.  3 10:27 ..
drwxr-x--- 3 root   root  4096 juil.  3 10:34 Catalina
-rw-r--r-- 1 nobody nogroup  12873 mars  13 22:58 catalina.policy
-rw-r--r-- 1 nobody nogroup   7243 mars  13 22:58 catalina.properties
-rw-r--r-- 1 nobody nogroup   1400 mars  13 22:58 context.xml
-rw-r--r-- 1 nobody nogroup   1149 mars  13 22:58 jaspic-providers.xml
-rw-r--r-- 1 nobody nogroup   2313 mars  13 22:58 jaspic-providers.xsd
-rw-r--r-- 1 root   root  5651 juil.  5 14:45 keystore
-rw-r--r-- 1 root   root  5651 juil.  4 21:43 keystore.jks
-rw-r--r-- 1 nobody nogroup   4144 mars  13 22:58 logging.properties
-rw--- 1 root   root  4222 juil.  4 21:42 red5.p12
-rw-r--r-- 1 nobody nogroup   6433 mars  28 21:01 server.xml
-rw-r--r-- 1 root   root  5651 juil.  5 14:45 trustscore.jks
-rw-r--r-- 1 nobody nogroup 170202 mars  13 22:58 web.xml
xavier@sd-118950:/opt/open500/conf$


Bis bald,

Xavier


Le 06/07/2019 à 22:36, Stefan Kühl a écrit :

Hi Xavier,

sorry for being late, I'm a bit busy these days  ;-)



First: we should keep the usergroup in loop, that's why I'm take the 
user@openmeetings<mailto:user@openmeetings>.apache.org in place. ;-)

Second: I totally agree with maxim. Setting the ports in listening state for 
the apache keep them busy and unusable for openmeetings. Of course the address 
is reachable then, but only via the apache webserver. The error message means 
that you want to deliver secure conten via an insecure apache port.

Can you please post the result from ls -al of the OM-Folder/conf? It's weird 
that you get a password error message for the keystore, because we set it to 
password at the import I think. Any typos in the code-lines?

To cancel this lines, just copy the keystore from the original file fromn the 
install source into the OM-Folder/conf.

Greetz

Stefan

Am 06.07.2019 21:21, schrieb Xavier M:

Hi Stefan,


I wonder if there is a way to cancel what I did with these command lines? 
Indeed, I can not connect anymore to OpenMeetings... and I want to check where 
it comes from. In Catalina log, I can read things like:

 * Caused by: java.lang.IllegalArgumentException: keystore password was 
incorrect

 * Caused by: java.io.IOException: keystore password was incorrect

... so I suppose that something went wrong.


Thanks in advance, have a good week-end!

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem 
-inkey /etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Fold

Re: Log-in and security

2019-07-06 Thread Xavier M

Hi!


As you can probably already presume, these command lines are quite magic for 
me. No idea of how they work, neither what their utility is... But I trust in 
the fact that most of you understand!


xavier@sd-118950:~$ ps -ef|grep java
root  1060 1  0 juil.05 ?  00:09:28 /usr/bin/java 
-Djava.util.logging.config.file=/opt/open500/conf/logging.properties 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djdk.tls.ephemeralDHKeySize=2048 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources 
-Dorg.apache.catalina.security.SecurityListener.UMASK=0027 
-Dignore.endorsed.dirs= -classpath 
/opt/open500/bin/bootstrap.jar:/opt/open500/bin/tomcat-juli.jar 
-Dcatalina.base=/opt/open500 -Dcatalina.home=/opt/open500 
-Djava.io.tmpdir=/opt/open500/temp org.apache.catalina.startup.Bootstrap -u 
nobody -Dcatalina.base start
xavier   11265 11246  0 14:54 pts/000:00:00 grep --color=auto java
xavier@sd-118950:~$ netstat -an|grep 5443
xavier@sd-118950:~$


Please note that the second command does not give any result (that's the same 
with "sudo"). At the time being, I commented the "LISTEN" command in 
ports.conf, since Maxim thought that they made no sense here.


Xavier


Le 06/07/2019 à 04:06, Maxim Solodovnik a écrit :
Please check OM is running: `ps -ef|grep java` and necessary ports are being 
LISTEN `netstat -an|grep 5443`

The result of the last command should be something like

tcp6   0  0 :::5443 :::*LISTEN



On Fri, 5 Jul 2019 at 22:21, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Atomic steps sounds fine... Except if it is a nuclear bomb!

In my case, I'd like as first step to understand why I can not connect anymore 
to "https://domain.eu:5443/openmeetings; (while I could connect to 
"https://domain.eu<https://domain.eu:5443/openmeetings>") - 
domain.eu<http://domain.eu> was a generic name in my explanation - since I 
followed the steps given yesterday. Nota Bene: it works again when I modify 
/etc/apache2/ports.conf to add "Listen 5443" and "Listen ", but I got the 
error SSL_ERROR_RX_RECORD_TOO_LONG.

Assume that I go back to the previous problem, that is I can connect, but with 
a warning "self made certificate", or whatever the correct name... Then I have 
to understand what Aaron means by "Proxy through Apache, or configure your OM 
instance to be able to read where the keys are" and what are pros and cons. 
Aaron suggested me to "proxy", but actually I do not know how one does this.

Thanks all of you for your help,
Xavier

RE: Log-in and security

Atomic steps sounds fine... Except if it is a nuclear bomb!

In my case, I'd like as first step to understand why I can not connect anymore 
to "https://domain.eu:5443/openmeetings; (while I could connect to 
"https://domain.eu<https://domain.eu:5443/openmeetings>") - domain.eu was a 
generic name in my explanation - since I followed the steps given yesterday. 
Nota Bene: it works again when I modify /etc/apache2/ports.conf to add "Listen 
5443" and "Listen ", but I got the error SSL_ERROR_RX_RECORD_TOO_LONG.

Assume that I go back to the previous problem, that is I can connect, but with 
a warning "self made certificate", or whatever the correct name... Then I have 
to understand what Aaron means by "Proxy through Apache, or configure your OM 
instance to be able to read where the keys are" and what are pros and cons. 
Aaron suggested me to "proxy", but actually I do not know how one does this.

Thanks all of you for your help,
Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 16:28
À : Openmeetings user-list
Objet : Re: Log-in and security

The best way to make everything working is to perform atomic steps
And ensure everything still works after each step

In your case
0) you need to understand what is your goal
1) then achieve it :)

As I understand you would like to have OM at port 443

You can do it by ether change OM https port to be 443
Or
By set up frontend proxy

Each option has pros and cons
You have to choose one option before any other step :)

On Fri, Jul 5, 2019, 20:34 Xavier M 
mailto:xa...@hotmail.com>> wrote:
This is possible! But:

 - What does Alvaro mean by "To be able to connect from the Internet or LAN 
with this server, remember to open the following
ports: 5443 " ?
 - I could not connect anymore to "https://domain.eu:5443/openmeetings; (while 
I could connect to "https://domain.eu<https://domain.eu:5443/openmeetings>") 
until I did that: and now it "works" again, with the error 
SSL_ERROR_RX_RECORD_TOO_LONG...
 - ... and I have no idea why!

If you have any idea/explanation, I really don't know neither what happens nor 
what to do! I will comment the lines in ports.conf and restart, to check 
whether it works like before or not.

Thank you!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 15:14
À : Openmeetings user-list
Objet : Re: Log-in and security

I'm afraid this
I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
make no sense :(

Apache HTTPD will listen these ports and both OM and Kurento will be unable to 
start since the port are already busy 

On Fri, 5 Jul 2019 at 17:37, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem<http://domain.eu/cert.pem> -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem<http://domain.eu/privkey.pem> -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M mailto:xa...@hotmail.com>>
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@ho

RE: Default password for keystore

Hi,

Did you try "password" ? If it does not work, can you please write the command 
line you are using and the message you read?

Good luck,
Xavier


De : Equinoxe 4 
Envoyé : vendredi 5 juillet 2019 15:44
À : user@openmeetings.apache.org
Objet : Default password for keystore

Hello,

I'm trying to use ssl with om. When importing the certificate, I'm asked for 
the store's password. Which could be this password?

Thank you

RE: Log-in and security

This is possible! But:

 - What does Alvaro mean by "To be able to connect from the Internet or LAN 
with this server, remember to open the following
ports: 5443 " ?
 - I could not connect anymore to "https://domain.eu:5443/openmeetings; (while 
I could connect to "https://domain.eu<https://domain.eu:5443/openmeetings>") 
until I did that: and now it "works" again, with the error 
SSL_ERROR_RX_RECORD_TOO_LONG...
 - ... and I have no idea why!

If you have any idea/explanation, I really don't know neither what happens nor 
what to do! I will comment the lines in ports.conf and restart, to check 
whether it works like before or not.

Thank you!
Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 15:14
À : Openmeetings user-list
Objet : Re: Log-in and security

I'm afraid this
I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf
make no sense :(

Apache HTTPD will listen these ports and both OM and Kurento will be unable to 
start since the port are already busy 

On Fri, 5 Jul 2019 at 17:37, Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem<http://domain.eu/cert.pem> -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem<http://domain.eu/privkey.pem> -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M mailto:xa...@hotmail.com>>
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu<https://domain.eu:5443/openmeetings>") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu<https://domain.eu:5443/openmeetings>" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05,

RE: Log-in and security

Hi all,

I just added "Listen 5443" and "Listen " into /etc/apache2/ports.conf (and 
nothing into /etc/apache2/sites-enabled/000-default.conf)

I can now access to "https://domain.eu:5443/openmeetings;, but with the error 
SSL_ERROR_RX_RECORD_TOO_LONG
How can I solve it? Could it be due to the changes I made yesterday thanks to 
Stefan's help?


sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem<http://domain.eu/cert.pem> -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem<http://domain.eu/privkey.pem> -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file 
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)


Bis demnächst,
Xavier





De : Xavier M 
Envoyé : vendredi 5 juillet 2019 10:36
À : user@openmeetings.apache.org
Objet : RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I 
do it. But it seems that I forgot something, since I can not access to Open 
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier


De : Maxim Solodovnik 
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M 
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm 
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to 
"https://domain.eu:5443/openmeetings; (while I can connect to 
"https://domain.eu<https://domain.eu:5443/openmeetings>") after I "shutdown -r 
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier


De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here: 
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M 
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu<https://domain.eu:5443/openmeetings>" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in 
/etc/letsencrypt/live/domain.eu/cert.pem<http://domain.eu/cert.pem> -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem<http://domain.eu/privkey.pem> -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt

RE: Log-in and security

Hello Maxim,

That's a good idea... I had already heard of it, but I still have to look how I
do it. But it seems that I forgot something, since I can not access to Open
Meetings since I "shutdown -r now" the server. Any idea of which command it is?

Xavier

De : Maxim Solodovnik
Envoyé : vendredi 5 juillet 2019 09:38
À : Openmeetings user-list
Objet : Re: Log-in and security

You need to set-up autostart for these services

On Fri, Jul 5, 2019, 14:04 Xavier M
mailto:xa...@hotmail.com>> wrote:
Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm
pretty sure I'll do it.

For the moment, I do not understand why I can not connect anymore to
"https://domain.eu:5443/openmeetings; (while I can connect to
"https://domain.eu<https://domain.eu:5443/openmeetings>") after I "shutdown -r
now" the web server? It has been a full night since I typed after the "reboot":
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier

De : Maxim Solodovnik mailto:solomax...@gmail.com>>
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website
"https://domain.eu<https://domain.eu:5443/openmeetings>" reachable). I
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not
establish a connection with this address...

Thank you all and have a good night,

Xavier

Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to
root, sudo won't work in this case. But be careful, keep in mind that you
change the ownership if you change files as root.

Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!

Each command line worked... But it did not change anything when I want to log
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I
can not access (Permission denied).

Greetings,

Xavier

Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First:
the password is: password

;-)

Let's go through the lines:

"sudo openssl pkcs12 -export -in
/etc/letsencrypt/live/domain.eu/cert.pem<http://domain.eu/cert.pem> -inkey
/etc/letsencrypt/live/domain.eu/privkey.pem<http://domain.eu/privkey.pem> -out
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>"

Here you use the openssl library to export the the key from the letsencrypt
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks
-trustcacerts -file
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>"

by using keytool you import the certificate key by setting the password
(-srcstorepass password -> deststorepass password) into the file keystore.jks
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore"
this is neccesary because OM5-'looks only for keystore and not for
keystore.jks. You can do "mv keystore.jks keystore" also. Otherwise you could
update the config file to look for keystore.jks"

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and aga

RE: Log-in and security

Hmm... It sounds a bit complicated for me, I have to make it "slowly". But I'm
pretty sure I'll do it.

Did I forget something? Is there anywhere a log which could help?

Have a good day!
Xavier

De : Maxim Solodovnik
Envoyé : vendredi 5 juillet 2019 04:18
À : Openmeetings user-list
Objet : Re: Log-in and security

Demo server uses Apache as frontend proxy
The config is here:
https://stackoverflow.com/questions/51721771/apache-openmeetings-4-0-4-csrf-attack-when-using-apache2-as-proxypass

On Fri, 5 Jul 2019 at 03:51, Xavier M
mailto:xa...@hotmail.com>> wrote:

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website
"https://domain.eu<https://domain.eu:5443/openmeetings>" reachable). I
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not
establish a connection with this address...

Thank you all and have a good night,

Xavier

Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!

Each command line worked... But it did not change anything when I want to log
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I
can not access (Permission denied).

Greetings,

Xavier

Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First:
the password is: password

;-)

Let's go through the lines:

"sudo keytool -importkeystore -srcstorepass password -srckeystore
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks
-trustcacerts -file
/etc/letsencrypt/live/domain.eu/chain.pem<http://domain.eu/chain.pem>"

by using keytool you import the certificate key by setting the password
(-srcstorepass password -> deststorepass password) into the file keystore.jks
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and again

Enter Import Password:
Verifying - Enter Import Password:

you need to enter password

Just to keep it simple, you can choose your own password, but keep in mind top
change it within the command too;-)

Greetz

Stefan

Am 04.07.2019 21:18, schrieb Xavier M:

So...

After having changed the folder names, I entered the first command line to get:

Enter Export Password:
Verifying - Enter Export Password:

I wrote down a password - I guess I defined it at this step?

Then the second command line delivered:

Importing keystore /opt/open500/conf/red5.p12 to
/opt/open500/conf/ke

Re: Log-in and security

Ok, at the time being, I won't switch to root...

I "sudo shutdown -r now" and waited. The server has gone on again (website 
"https://domain.eu<https://domain.eu:5443/openmeetings>" reachable). I 
connected through SSH and typed:

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start


Now I'm waiting... But I can't connect at all to OpenMeetings with the URL that 
previously worked ("https://domain.eu:5443/openmeetings;): Firefox can not 
establish a connection with this address...


Thank you all and have a good night,

Xavier


Le 04/07/2019 à 22:05, Stefan Kühl a écrit :

Ok, please restart the server and it should work.
If you use open500 as folder open500/conf is correct.

Just restart it.

Greetz

Stefan

PS: if you want to access to "permission denied" folders you need to switch to 
root, sudo won't work in this case. But be careful, keep in mind that you 
change the ownership if you change files as root.



Bonne soiree

Am 04.07.2019 21:57, schrieb Xavier M:

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem 
-inkey /etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file /etc/letsencrypt/live/domain.eu/chain.pem"

by using keytool you import the certificate key by setting the password 
(-srcstorepass password -> deststorepass password) into the file keystore.jks 
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore"
this is neccesary because OM5-'looks only for keystore and not for 
keystore.jks. You can do "mv keystore.jks keystore" also. Otherwise you could 
update the config file to look for keystore.jks"

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and again

Enter Import Password:
Verifying - Enter Import Password:

you need to enter password

Just to keep it simple, you can choose your own password, but keep in mind top 
change it within the command too;-)

Greetz

Stefan

Am 04.07.2019 21:18, schrieb Xavier M:

So...

After having changed the folder names, I entered the first command line to get:

Enter Export Password:
Verifying - Enter Export Password:

I wrote down a password - I guess I defined it at this step?


Then the second command line delivered:

Importing keystore /opt/open500/conf/red5.p12 to 
/opt/open500/conf/keystore.jks...
keytool error: java.io.IOException: keystore password was incorrect

Any idea of what happens and what I should do? I did not try the third command 
line.

By the way, can you explain me in a few words what I'm doing with these command 
lines ?


Have a good evening,

Xavier


Le 04/07/2019 à 19:15, Stefan Kühl a écrit :

Maybe to make a quick check (every command in one line):

sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out /opt/OM_Folder/conf/red5.p12 
-name red5 -certfile /etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file /etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)




Please remeber: If you leave it like this, you

Re: Log-in and security

Thank you!


Each command line worked... But it did not change anything when I want to log 
in. Maybe shall I restart "a service"?

NB : as OM_Folder, I wrote "open500", where I found a "conf" subdirectory with 
a "keystore" file. But I have an "openmeetings" subdirectory too... to which I 
can not access (Permission denied).


Greetings,

Xavier


Le 04/07/2019 à 21:35, Stefan Kühl a écrit :

Yes, I'm sorry. Did this so many times and forgot an important point. First: 
the password is: password

;-)



Let's go through the lines:

"sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem 
-inkey /etc/letsencrypt/live/domain.eu/privkey.pem -out 
/opt/OM_Folder/conf/red5.p12 -name red5 -certfile 
/etc/letsencrypt/live/domain.eu/chain.pem"

Here you use the openssl library to export the the key from the letsencrypt 
certificate into the red5.p12 file and store it in youtr OM Folder (red5 is 
just an name - you could also use any other name)

"sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file /etc/letsencrypt/live/domain.eu/chain.pem"

by using keytool you import the certificate key by setting the password 
(-srcstorepass password -> deststorepass password) into the file keystore.jks 
and confirming the trust by the chain.pem

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks"

now creating the trustscore.jks by copying the keystore.jks

at least and only if you have OM 5.* installed:

"sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore"
this is neccesary because OM5-'looks only for keystore and not for 
keystore.jks. You can do "mv keystore.jks keystore" also. Otherwise you could 
update the config file to look for keystore.jks"

So if you will be asked for

Enter Export Password:
Verifying - Enter Export Password:

and again

Enter Import Password:
Verifying - Enter Import Password:

you need to enter password

Just to keep it simple, you can choose your own password, but keep in mind top 
change it within the command too;-)

Greetz

Stefan

Am 04.07.2019 21:18, schrieb Xavier M:

So...

After having changed the folder names, I entered the first command line to get:

Enter Export Password:
Verifying - Enter Export Password:

I wrote down a password - I guess I defined it at this step?


Then the second command line delivered:

Importing keystore /opt/open500/conf/red5.p12 to 
/opt/open500/conf/keystore.jks...
keytool error: java.io.IOException: keystore password was incorrect

Any idea of what happens and what I should do? I did not try the third command 
line.

By the way, can you explain me in a few words what I'm doing with these command 
lines ?


Have a good evening,

Xavier


Le 04/07/2019 à 19:15, Stefan Kühl a écrit :

Maybe to make a quick check (every command in one line):

sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out /opt/OM_Folder/conf/red5.p12 
-name red5 -certfile /etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file /etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)




Please remeber: If you leave it like this, you need to repaet this lines after 
every renew of your certificate. Be aware of the folders -> domain.eu: your 
domain an OM_Folder: your OM installation folder.

Greetz

Stefan

Am 04.07.2019 18:00, schrieb Xavier M:

Then let's go with Proxy through Apache.

I'm not running as root, but my account has the whole rights so that I thought 
I could do exactly the same things. "sudo" is my friend... even sudo chmod.

The server works with Ubuntu - my account was created at the installation. When 
I refer to a "LAMP-server", I executed the command

sudo apt install apache2 php libapache2-mod-php mariadb-server php-mysql


... among other prior to install OM.


Xavier


De : Aaron Hepp <mailto:aaron.h...@gmail.com>
Envoyé : jeudi 4 juillet 2019 17:53
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : Re: Log-in and security

Proxy through Apache would be the easier solution for upgrading

when you say Admin of the sever you are r

Re: Log-in and security

So...

After having changed the folder names, I entered the first command line to get:

Enter Export Password:
Verifying - Enter Export Password:


I wrote down a password - I guess I defined it at this step?


Then the second command line delivered:

Importing keystore /opt/open500/conf/red5.p12 to 
/opt/open500/conf/keystore.jks...
keytool error: java.io.IOException: keystore password was incorrect


Any idea of what happens and what I should do? I did not try the third command 
line.

By the way, can you explain me in a few words what I'm doing with these command 
lines ?


Have a good evening,

Xavier


Le 04/07/2019 à 19:15, Stefan Kühl a écrit :

Maybe to make a quick check (every command in one line):

sudo openssl pkcs12 -export -in /etc/letsencrypt/live/domain.eu/cert.pem -inkey 
/etc/letsencrypt/live/domain.eu/privkey.pem -out /opt/OM_Folder/conf/red5.p12 
-name red5 -certfile /etc/letsencrypt/live/domain.eu/chain.pem

sudo keytool -importkeystore -srcstorepass password -srckeystore 
/opt/OM_Folder/conf/red5.p12 -srcstoretype PKCS12 -deststorepass password 
-destkeystore /opt/OM_Folder/conf/keystore.jks -alias red5

sudo keytool -import -alias root -keystore /opt/OM_Folder/conf/keystore.jks 
-trustcacerts -file /etc/letsencrypt/live/domain.eu/chain.pem

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/trustscore.jks

sudo cp -f /opt/OM_Folder/conf/keystore.jks /opt/OM_Folder/conf/keystore (<- 
only if you have version 5.*)




Please remeber: If you leave it like this, you need to repaet this lines after 
every renew of your certificate. Be aware of the folders -> domain.eu: your 
domain an OM_Folder: your OM installation folder.

Greetz

Stefan

Am 04.07.2019 18:00, schrieb Xavier M:

Then let's go with Proxy through Apache.

I'm not running as root, but my account has the whole rights so that I thought 
I could do exactly the same things. "sudo" is my friend... even sudo chmod.

The server works with Ubuntu - my account was created at the installation. When 
I refer to a "LAMP-server", I executed the command

sudo apt install apache2 php libapache2-mod-php mariadb-server php-mysql


... among other prior to install OM.


Xavier


De : Aaron Hepp <mailto:aaron.h...@gmail.com>
Envoyé : jeudi 4 juillet 2019 17:53
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : Re: Log-in and security

Proxy through Apache would be the easier solution for upgrading

when you say Admin of the sever you are running as root or that you can log 
into it?  As well what "type" of server is it (REHL, CentOS, Ubuntu, etc.)

On 7/4/19 11:48 AM, Xavier M wrote:
Thank you Aaron.

Even if I have admin rights, I can access only to /etc/letsencrypt/. The 
permission is denied when I want to open the subdirectory "live".

How do both solution work? I know neither how to "Proxy through Apache", nor 
how to "configure my OM instance to be able to read where the keys are". Sorry 
for all that...

Xavier


De : Aaron Hepp <mailto:aaron.h...@gmail.com>
Envoyé : jeudi 4 juillet 2019 17:40
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : Re: Log-in and security

That is your issue.  Apache has the cert installed via LetEncrypt.  Tomcat 
which is running on 5443 needs to have the configuration set to know where the 
cert is located as well as the keystore created.

You can do two things.  Proxy through Apache, or configure your OM instance to 
be able to read where the keys are.

LetEncrypt places the cert at:
/etc/letsencrypt/live/



On 7/4/19 11:34 AM, Xavier M wrote:
Hem... No... Do you mean I have to copy and paste the certificate in each 
folder? Actually, I even don't know where the certificate is to be found on the 
server... But I guess I find it somewhere if needed.

Xavier


De : Stefan Kühl <mailto:ste...@quatrekuehl.eu>
Envoyé : jeudi 4 juillet 2019 17:06
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc : R. Scholz
Objet : Re: Log-in and security


Hi @all,

port should be irrelevant. I'm using Apache on Ubuntu with port 5443 too. https 
works as expected.
Did you export they certificate keys (like keystore and trustscore) to your 
%OM%/conf folder?



Greetz

Stefan

Am 04.07.2019 16:57, schrieb R. Scholz:

Hello Xavier,

Hm, you using on Port 80 Tomcat or Apache?

Best regards,

René


Am 04.07.2019 um 16:24 schrieb Xavier M:
Thank you for answering... I'm sorry, but I don't know enough about 
certificates to give you a relevant answer. I think that :
 * The common name is "rusa.fr"
 * There is no subject alternative name (even www.rusa.fr<http://www.rusa.fr>)
 * It is not a wildcard

... But I'm not 100% sure, it is the first time I administrate a server, I'm 
discovering many things at the same time!

Xavier

RE: Log-in and security

Then let's go with Proxy through Apache.

I'm not running as root, but my account has the whole rights so that I thought 
I could do exactly the same things. "sudo" is my friend... even sudo chmod.

The server works with Ubuntu - my account was created at the installation. When 
I refer to a "LAMP-server", I executed the command

sudo apt install apache2 php libapache2-mod-php mariadb-server php-mysql

... among other prior to install OM.


Xavier


De : Aaron Hepp 
Envoyé : jeudi 4 juillet 2019 17:53
À : user@openmeetings.apache.org
Objet : Re: Log-in and security

Proxy through Apache would be the easier solution for upgrading

when you say Admin of the sever you are running as root or that you can log 
into it?  As well what "type" of server is it (REHL, CentOS, Ubuntu, etc.)

On 7/4/19 11:48 AM, Xavier M wrote:
Thank you Aaron.

Even if I have admin rights, I can access only to /etc/letsencrypt/. The 
permission is denied when I want to open the subdirectory "live".

How do both solution work? I know neither how to "Proxy through Apache", nor 
how to "configure my OM instance to be able to read where the keys are". Sorry 
for all that...

Xavier


De : Aaron Hepp <mailto:aaron.h...@gmail.com>
Envoyé : jeudi 4 juillet 2019 17:40
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : Re: Log-in and security

That is your issue.  Apache has the cert installed via LetEncrypt.  Tomcat 
which is running on 5443 needs to have the configuration set to know where the 
cert is located as well as the keystore created.

You can do two things.  Proxy through Apache, or configure your OM instance to 
be able to read where the keys are.

LetEncrypt places the cert at:
/etc/letsencrypt/live/



On 7/4/19 11:34 AM, Xavier M wrote:
Hem... No... Do you mean I have to copy and paste the certificate in each 
folder? Actually, I even don't know where the certificate is to be found on the 
server... But I guess I find it somewhere if needed.

Xavier


De : Stefan Kühl <mailto:ste...@quatrekuehl.eu>
Envoyé : jeudi 4 juillet 2019 17:06
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc : R. Scholz
Objet : Re: Log-in and security


Hi @all,

port should be irrelevant. I'm using Apache on Ubuntu with port 5443 too. https 
works as expected.
Did you export they certificate keys (like keystore and trustscore) to your 
%OM%/conf folder?



Greetz

Stefan

Am 04.07.2019 16:57, schrieb R. Scholz:

Hello Xavier,

Hm, you using on Port 80 Tomcat or Apache?

Best regards,

René


Am 04.07.2019 um 16:24 schrieb Xavier M:
Thank you for answering... I'm sorry, but I don't know enough about 
certificates to give you a relevant answer. I think that :
 * The common name is "rusa.fr"
 * There is no subject alternative name (even www.rusa.fr<http://www.rusa.fr>)
 * It is not a wildcard

... But I'm not 100% sure, it is the first time I administrate a server, I'm 
discovering many things at the same time!

Xavier


De : Clayton, Robin 
<mailto:robin.clay...@cumberland.co.uk>
Envoyé : jeudi 4 juillet 2019 15:43
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : RE: Log-in and security


What is the CN of the certificate, is there any SAN entries on the certificate? 
Or is it a wildcard?



The TCP port should be irrelevant.



Rob









From: Stefan Kühl [mailto:ste...@quatrekuehl.eu]
Sent: 04 July 2019 14:16
To: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc: Xavier M
Subject: Re: Log-in and security



Hi,

are you sure that you request your certificate also for 
domain.eu<http://domain.eu> or only for www.domain.eu<http://www.domain.eu>. 
You should check this. Sometimes webhoster only use the www adresses for 
certificates.

Greetz

Stefan





Am 04.07.2019 14:18, schrieb Xavier M:

Hi everybody,



I'm quite sure that the answer is already somewhere, but I couldn't find it...



After having installed OM on a web-server, the "written" way to access to the 
log-in is following, according to Alvaro's tuto:

https://localhost:5443/openmeetings



If OM is installed on a web server, let's say "domain.eu<http://domain.eu>", it 
works correctly with:

https://domain.eu:5443/openmeetings



But the user will get a warning for security reason, even if 
domain.eu<http://domain.eu> works with https, since the common certificates 
will not work with this port.



I stated that following URL worked for the "demo version":

https://om.alteametasoft.com/openmeetings



Does anyone know how this was done? I would like to avoid the use of the port 
5443 with the warning.



Have a good day!

Xavier



Disclaimer

This email has been scanned by the Mimecast security

RE: Log-in and security

Thank you Aaron.

Even if I have admin rights, I can access only to /etc/letsencrypt/. The 
permission is denied when I want to open the subdirectory "live".

How do both solution work? I know neither how to "Proxy through Apache", nor 
how to "configure my OM instance to be able to read where the keys are". Sorry 
for all that...

Xavier


De : Aaron Hepp 
Envoyé : jeudi 4 juillet 2019 17:40
À : user@openmeetings.apache.org
Objet : Re: Log-in and security

That is your issue.  Apache has the cert installed via LetEncrypt.  Tomcat 
which is running on 5443 needs to have the configuration set to know where the 
cert is located as well as the keystore created.

You can do two things.  Proxy through Apache, or configure your OM instance to 
be able to read where the keys are.

LetEncrypt places the cert at:
/etc/letsencrypt/live/



On 7/4/19 11:34 AM, Xavier M wrote:
Hem... No... Do you mean I have to copy and paste the certificate in each 
folder? Actually, I even don't know where the certificate is to be found on the 
server... But I guess I find it somewhere if needed.

Xavier


De : Stefan Kühl <mailto:ste...@quatrekuehl.eu>
Envoyé : jeudi 4 juillet 2019 17:06
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc : R. Scholz
Objet : Re: Log-in and security


Hi @all,

port should be irrelevant. I'm using Apache on Ubuntu with port 5443 too. https 
works as expected.
Did you export they certificate keys (like keystore and trustscore) to your 
%OM%/conf folder?



Greetz

Stefan

Am 04.07.2019 16:57, schrieb R. Scholz:

Hello Xavier,

Hm, you using on Port 80 Tomcat or Apache?

Best regards,

René


Am 04.07.2019 um 16:24 schrieb Xavier M:
Thank you for answering... I'm sorry, but I don't know enough about 
certificates to give you a relevant answer. I think that :
 * The common name is "rusa.fr"
 * There is no subject alternative name (even www.rusa.fr<http://www.rusa.fr>)
 * It is not a wildcard

... But I'm not 100% sure, it is the first time I administrate a server, I'm 
discovering many things at the same time!

Xavier


De : Clayton, Robin 
<mailto:robin.clay...@cumberland.co.uk>
Envoyé : jeudi 4 juillet 2019 15:43
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : RE: Log-in and security


What is the CN of the certificate, is there any SAN entries on the certificate? 
Or is it a wildcard?



The TCP port should be irrelevant.



Rob









From: Stefan Kühl [mailto:ste...@quatrekuehl.eu]
Sent: 04 July 2019 14:16
To: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc: Xavier M
Subject: Re: Log-in and security



Hi,

are you sure that you request your certificate also for 
domain.eu<http://domain.eu> or only for www.domain.eu<http://www.domain.eu>. 
You should check this. Sometimes webhoster only use the www adresses for 
certificates.

Greetz

Stefan





Am 04.07.2019 14:18, schrieb Xavier M:

Hi everybody,



I'm quite sure that the answer is already somewhere, but I couldn't find it...



After having installed OM on a web-server, the "written" way to access to the 
log-in is following, according to Alvaro's tuto:

https://localhost:5443/openmeetings



If OM is installed on a web server, let's say "domain.eu<http://domain.eu>", it 
works correctly with:

https://domain.eu:5443/openmeetings



But the user will get a warning for security reason, even if 
domain.eu<http://domain.eu> works with https, since the common certificates 
will not work with this port.



I stated that following URL worked for the "demo version":

https://om.alteametasoft.com/openmeetings



Does anyone know how this was done? I would like to avoid the use of the port 
5443 with the warning.



Have a good day!

Xavier



Disclaimer

This email has been scanned by the Mimecast security service.



Disclaimer



Please, consider your environmental responsibility. Before printing this e-mail 
ask yourself: Do I need a hard copy?

Cumberland Building Society
Cumberland House
Cooper Way
Parkhouse
CARLISLE CA3 0JF
To help us monitor and improve customer service telephone calls may be recorded.
Cumberland Building Society is authorised by the Prudential Regulation 
Authority and regulated by the Financial Conduct Authority and Prudential 
Regulation Authority. We arrange life assurance and critical illness cover only 
with Legal & General Assurance Society Limited and general insurance only with 
Aviva Insurance Limited.
To find out more about us, visit 
www.cumberland.co.uk<http://www.cumberland.co.uk/>

CONFIDENTIALITY: This e-mail and any files transmitted with it are 
confidential, may be legally privileged and are intended for the addressee(s) 
only. If you are not the intended recipient you may not disclose, cop

RE: Log-in and security

Hem... No... Do you mean I have to copy and paste the certificate in each 
folder? Actually, I even don't know where the certificate is to be found on the 
server... But I guess I find it somewhere if needed.

Xavier


De : Stefan Kühl 
Envoyé : jeudi 4 juillet 2019 17:06
À : user@openmeetings.apache.org
Cc : R. Scholz
Objet : Re: Log-in and security


Hi @all,

port should be irrelevant. I'm using Apache on Ubuntu with port 5443 too. https 
works as expected.
Did you export they certificate keys (like keystore and trustscore) to your 
%OM%/conf folder?



Greetz

Stefan

Am 04.07.2019 16:57, schrieb R. Scholz:

Hello Xavier,

Hm, you using on Port 80 Tomcat or Apache?

Best regards,

René


Am 04.07.2019 um 16:24 schrieb Xavier M:
Thank you for answering... I'm sorry, but I don't know enough about 
certificates to give you a relevant answer. I think that :
 * The common name is "rusa.fr"
 * There is no subject alternative name (even www.rusa.fr<http://www.rusa.fr>)
 * It is not a wildcard

... But I'm not 100% sure, it is the first time I administrate a server, I'm 
discovering many things at the same time!

Xavier


De : Clayton, Robin 
<mailto:robin.clay...@cumberland.co.uk>
Envoyé : jeudi 4 juillet 2019 15:43
À : user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Objet : RE: Log-in and security


What is the CN of the certificate, is there any SAN entries on the certificate? 
Or is it a wildcard?



The TCP port should be irrelevant.



Rob









From: Stefan Kühl [mailto:ste...@quatrekuehl.eu]
Sent: 04 July 2019 14:16
To: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Cc: Xavier M
Subject: Re: Log-in and security



Hi,

are you sure that you request your certificate also for 
domain.eu<http://domain.eu> or only for www.domain.eu<http://www.domain.eu>. 
You should check this. Sometimes webhoster only use the www adresses for 
certificates.

Greetz

Stefan





Am 04.07.2019 14:18, schrieb Xavier M:

Hi everybody,



I'm quite sure that the answer is already somewhere, but I couldn't find it...



After having installed OM on a web-server, the "written" way to access to the 
log-in is following, according to Alvaro's tuto:

https://localhost:5443/openmeetings



If OM is installed on a web server, let's say "domain.eu<http://domain.eu>", it 
works correctly with:

https://domain.eu:5443/openmeetings



But the user will get a warning for security reason, even if 
domain.eu<http://domain.eu> works with https, since the common certificates 
will not work with this port.



I stated that following URL worked for the "demo version":

https://om.alteametasoft.com/openmeetings



Does anyone know how this was done? I would like to avoid the use of the port 
5443 with the warning.



Have a good day!

Xavier



Disclaimer

This email has been scanned by the Mimecast security service.



Disclaimer



Please, consider your environmental responsibility. Before printing this e-mail 
ask yourself: Do I need a hard copy?

Cumberland Building Society
Cumberland House
Cooper Way
Parkhouse
CARLISLE CA3 0JF
To help us monitor and improve customer service telephone calls may be recorded.
Cumberland Building Society is authorised by the Prudential Regulation 
Authority and regulated by the Financial Conduct Authority and Prudential 
Regulation Authority. We arrange life assurance and critical illness cover only 
with Legal & General Assurance Society Limited and general insurance only with 
Aviva Insurance Limited.
To find out more about us, visit 
www.cumberland.co.uk<http://www.cumberland.co.uk/>

CONFIDENTIALITY: This e-mail and any files transmitted with it are 
confidential, may be legally privileged and are intended for the addressee(s) 
only. If you are not the intended recipient you may not disclose, copy, 
distribute, or retain all or part of this e-mail without our authority. Please 
notify the sender immediately by replying to this e-mail and then permanently 
delete it.

Any views or opinions expressed are solely those of the author and do not 
necessarily represent those of Cumberland Building Society or any of its 
subsidiaries.

Although we have taken steps to ensure that this e-mail and any attachments are 
free from virus contamination, please rely on your own virus checking 
procedures as no guarantee is implied or given. We will not be liable for any 
loss or damage arising from alteration of the contents of this e-mail by a 
third party or as a result of any virus.


This email has been scanned by the Mimecast security service.

RE: Log-in and security

Thank you for answering... I'm sorry, but I don't know enough about 
certificates to give you a relevant answer. I think that :
 * The common name is "rusa.fr"
 * There is no subject alternative name (even www.rusa.fr<http://www.rusa.fr>)
 * It is not a wildcard

... But I'm not 100% sure, it is the first time I administrate a server, I'm 
discovering many things at the same time!

Xavier


De : Clayton, Robin 
Envoyé : jeudi 4 juillet 2019 15:43
À : user@openmeetings.apache.org
Objet : RE: Log-in and security


What is the CN of the certificate, is there any SAN entries on the certificate? 
Or is it a wildcard?



The TCP port should be irrelevant.



Rob









From: Stefan Kühl [mailto:ste...@quatrekuehl.eu]
Sent: 04 July 2019 14:16
To: user@openmeetings.apache.org
Cc: Xavier M
Subject: Re: Log-in and security



Hi,

are you sure that you request your certificate also for 
domain.eu<http://domain.eu> or only for www.domain.eu<http://www.domain.eu>. 
You should check this. Sometimes webhoster only use the www adresses for 
certificates.

Greetz

Stefan





Am 04.07.2019 14:18, schrieb Xavier M:

Hi everybody,



I'm quite sure that the answer is already somewhere, but I couldn't find it...



After having installed OM on a web-server, the "written" way to access to the 
log-in is following, according to Alvaro's tuto:

https://localhost:5443/openmeetings



If OM is installed on a web server, let's say "domain.eu<http://domain.eu>", it 
works correctly with:

https://domain.eu:5443/openmeetings



But the user will get a warning for security reason, even if 
domain.eu<http://domain.eu> works with https, since the common certificates 
will not work with this port.



I stated that following URL worked for the "demo version":

https://om.alteametasoft.com/openmeetings



Does anyone know how this was done? I would like to avoid the use of the port 
5443 with the warning.



Have a good day!

Xavier



Disclaimer

This email has been scanned by the Mimecast security service.



Disclaimer

Please, consider your environmental responsibility. Before printing this e-mail 
ask yourself: Do I need a hard copy?

Cumberland Building Society
Cumberland House
Cooper Way
Parkhouse
CARLISLE CA3 0JF
To help us monitor and improve customer service telephone calls may be recorded.
Cumberland Building Society is authorised by the Prudential Regulation 
Authority and regulated by the Financial Conduct Authority and Prudential 
Regulation Authority. We arrange life assurance and critical illness cover only 
with Legal & General Assurance Society Limited and general insurance only with 
Aviva Insurance Limited.
To find out more about us, visit 
www.cumberland.co.uk<http://www.cumberland.co.uk/>

CONFIDENTIALITY: This e-mail and any files transmitted with it are 
confidential, may be legally privileged and are intended for the addressee(s) 
only. If you are not the intended recipient you may not disclose, copy, 
distribute, or retain all or part of this e-mail without our authority. Please 
notify the sender immediately by replying to this e-mail and then permanently 
delete it.

Any views or opinions expressed are solely those of the author and do not 
necessarily represent those of Cumberland Building Society or any of its 
subsidiaries.

Although we have taken steps to ensure that this e-mail and any attachments are 
free from virus contamination, please rely on your own virus checking 
procedures as no guarantee is implied or given. We will not be liable for any 
loss or damage arising from alteration of the contents of this e-mail by a 
third party or as a result of any virus.


This email has been scanned by the Mimecast security service.

RE: Log-in and security

Hi,

Yes I am sure. Actually, I could not have a certificate for 
www.domain.eu<http://www.domain.eu> but just for domain.eu (the website is not 
reachable at www.domain.eu<http://www.domain.eu>)

The certificate was delivered by SSL Labs after I installed CertBot on an 
Apache Server... I should say "on the LAMP server where I installed 
OpenMeetings". I followed those instructions:
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
... and I configured so that the whole "domain.eu" should use https instead of 
http.

BUT :
 1/ When I connect to https://domain.eu, the certificate is verified by "Let's 
Encrypt".
 2/ When I connect to https://domain.eu:5443/openmeetings, the certificate 
correspond to a self-signed one.
I assume that it is due to the port, which does not correspond to HTTP/HTTPS 
protocols ?

Sincerely,
Xavier



De : Stefan Kühl 
Envoyé : jeudi 4 juillet 2019 15:16
À : user@openmeetings.apache.org
Cc : Xavier M
Objet : Re: Log-in and security


Hi,

are you sure that you request your certificate also for domain.eu or only for 
www.domain.eu<http://www.domain.eu>. You should check this. Sometimes webhoster 
only use the www adresses for certificates.

Greetz

Stefan




Am 04.07.2019 14:18, schrieb Xavier M:

Hi everybody,

I'm quite sure that the answer is already somewhere, but I couldn't find it...

After having installed OM on a web-server, the "written" way to access to the 
log-in is following, according to Alvaro's tuto:
https://localhost:5443/openmeetings

If OM is installed on a web server, let's say "domain.eu", it works correctly 
with:
https://domain.eu:5443/openmeetings

But the user will get a warning for security reason, even if domain.eu works 
with https, since the common certificates will not work with this port.

I stated that following URL worked for the "demo version":
https://om.alteametasoft.com/openmeetings

Does anyone know how this was done? I would like to avoid the use of the port 
5443 with the warning.

Have a good day!
Xavier

Log-in and security