...quizás esto le pueda ayudar. Es la
respuesta, al mismo problema, dada por
un usuario llamado Jason Romo, en la lista
en inglés. Desde aquí:
-------------------
-------------------
To get SSL working with RTMPS you need to do the following:
If you want to use LetsEncrypt Free SSL do this use the following or
skip and add your own valid cert from any location to the keystone.
I add the LetsEncrypt because I couldn’t find a single source that
had this correct either. It took a bit to resolve.
Install LetsEncrypt plenty of places to show you how to install.
Then do cert-only install. You need to convert the cert to work
with keystone.
cd /etc/letsencrypt/live/yourdomain
# Java cacerts you can add the x3-cross-sign.pem to it like this.
You have to download the x3-cross-sign.pem from letsencrypt website.
the default Java password is: changeit
keytool -importcert
-file /etc/letsencrypt/live/yourdomain/x3-cross-sign.pem -keystore
cacerts
# Make new keystore
#keytool -keysize 2048 -genkey -alias key -keyalg RSA -keystore
keystore.jks
# Make sure you append the x3-cross-sign.pem to the chain.pem or it will
not work.
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out
cert_and_key.p12 -name red5 -CAfile chain.pem -caname root
# Import keys
keytool -importkeystore -deststorepass password -destkeypass password
-destkeystore keystore.jks -srckeystore cert_and_key.p12 -srcstoretype
PKCS12 -srcstorepass d4h3j9nq1 -alias red5
cp keystore.jks /opt/yourinstall/conf/keystore.jks
cp keystore.jks /opt/yourinstall/conf/keystore.screen
cp keystore.jks /opt/yourinstall/conf/truststore.jks
vi conf/red5.properties
https.port=443
rtmps.port=443
rtmps.keystorepass=yourpass
rtmps.keystorefile=conf/keystore.jks
rtmps.truststorepass=yourpass
rtmps.truststorefile=conf/truststore.jks
Make sure you set proxyType to none or it will not work.
vi webapps/openmeetings/public/config.xml
<rtmpport>1935</rtmpport>
<rtmpsslport>443</rtmpsslport>
<useSSL>yes</useSSL>
<protocol>https</protocol>
# NOTE: don’t use best like other docs say. It doesn’t work!!
<proxyType>none</proxyType>
Now enable SSL in the jee-container.xml. I copy the file appending .ssl
and .html to allow quick changes.
vi conf/jee-container.xml
<!-- Tomcat without SSL enabled
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" init-method="start" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address"
value="${http.host}:${http.port}" />
<property name="redirectPort"
value="${https.port}" />
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
<property name="valves">
<list>
<bean id="valve.access"
class="org.apache.catalina.valves.AccessLogValve">
<property name="directory" value="log" />
<property name="prefix"
value="${http.host}_access." />
<property name="suffix" value=".log" />
<property name="pattern" value="common" />
<property name="rotatable" value="true" />
</bean>
</list>
</property>
</bean>
-->
<!-- Tomcat with SSL enabled -->
<bean id="tomcat.server" class="org.red5.server.tomcat.TomcatLoader"
depends-on="context.loader" init-method="start" lazy-init="true">
<property name="webappFolder" value="${red5.root}/webapps" />
<property name="connectors">
<list>
<bean name="httpConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:
${http.port}" />
<property name="redirectPort"
value="${https.port}" />
</bean>
<bean name="httpsConnector"
class="org.red5.server.tomcat.TomcatConnector">
<property name="secure" value="true" />
<property name="protocol"
value="org.apache.coyote.http11.Http11NioProtocol" />
<property name="address" value="${http.host}:
${https.port}" />
<property name="redirectPort"
value="${http.port}" />
<property name="connectionProperties">
<map>
<entry key="port" value="${https.port}" />
<entry key="redirectPort"
value="${http.port}" />
<entry key="SSLEnabled" value="true" />
<entry key="sslProtocol" value="TLS" />
<entry key="keystoreFile"
value="${rtmps.keystorefile}" />
<entry key="keystorePass"
value="${rtmps.keystorepass}" />
<entry key="keystoreType" value="JKS" />
<entry key="truststoreFile"
value="${rtmps.truststorefile}" />
<entry key="truststorePass"
value="${rtmps.truststorepass}" />
<entry key="clientAuth"
value="false" />
<entry key="allowUnsafeLegacyRenegotiation"
value="true" />
<entry key="maxKeepAliveRequests"
value="${http.max_keep_alive_requests}"/>
<entry key="useExecutor" value="true"/>
<entry key="maxThreads"
value="${http.max_threads}"/>
<entry key="acceptorThreadCount"
value="${http.acceptor_thread_count}"/>
<entry key="processorCache"
value="${http.processor_cache}"/>
</map>
</property>
</bean>
</list>
</property>
<property name="baseHost">
<bean class="org.apache.catalina.core.StandardHost">
<property name="name" value="${http.host}" />
</bean>
</property>
</bean>
You can now start up red5 from init if you followed the install
instructions. You should be able to connect to https://yourdomain.com.
If it complains the cert is not valid then you missed something in the
keystone process. This is the script I use to build my keystone from a
cron job just before it expires automatically so it should work.
--------------------
--------------------
...Hasta aquí.
Alvaro
........................................
El sáb, 18-06-2016 a las 13:09 -0400, Siovel Rodriguez escribió:
> Alvaro mis saludos y muchas gracias por su respuesta.
> Sobre lo que me responde: tengo los certificados y ya están agregados
> al keystore, pero no lo tengo por un dominio real, la verdad es que lo
> tengo publicado solamente por la IP (me imagino que no tenga que ver).
> proxyType lo he configurado de las 2 formas en none y best (que es lo
> que se recomienda en el sitio de openmeetings) y de ninguna forma
> funciona. Cuando ejecuto
> en la consola para ver los puertos:
> > netstat -antp
>
> aparece abierto el 5443, pero el 8443 que es el de rtmps no aparece
>
> Quedo a la espera de sus comentarios...
