I am working through these steps on rhel6 which is a close cousin to centos 6.
I have the same issue, -keystorepass is not a valid argument to keytool. Instead, you can just leave that argument off (and the pass ) since then keytool will just prompt. This still poses a problem for me because I am trying to have the entire setup in a script. Perhaps I can write an expect script just for this one line. Anyhow, I will work to further get SSL working next year. It turns out my version of chrome requires it for sound. -Dave On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов <[email protected]> wrote: > I do all by this instruction > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server except > create in the beginning red5.key and red5.crt. > > In instruction error on this command: > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks > -keystorepass password -trustcacerts -file red5.crt > > > > Error: > illegal option: -keystorepass > > > > In documentation > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html > not exist that option so > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is not > can’t be used, not relevant. > > > > ------------------- > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > From: Maxim Solodovnik [mailto:[email protected]] > Sent: Friday, December 29, 2017 11:12 AM > > > To: Openmeetings user-list > Subject: Re: Configure https on centos7 > > > > Please read documentation [1] and use search before asking questions > > > > According to the steps from [2] "-srcstorepass changeit" this means > "red5.p12" MUST have password "changeit" > > > > [1] > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html > > [2] http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server > > > > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов <[email protected]> > wrote: > > Ø The idea here is… > > I can’t do this idea in practice, something doing not right. I create > red5.crt and red5.p12 but keystore.jks can’t create. Not enough information > in instruction to do this fast step-by-step. Later I will have ‘real’ > certificate. > > > > Ø At the moment you are starting #3 above there should be NO keystore.jks, > you already have renamed it to *.bak (prerequisite) > > What means #3? > > I renamed them, but *jks wasn’t there in the beginning was *jmx. > > > > > > Ø Finally you are renaming passwords, they MUST match > > So when I do command “openssl req -x509 -nodes -days 99999 -newkey rsa:2048 > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter > “jmx.keystorepass=password” when it ask me enter password. If like that I > still have this error. > > > > > > ------------------- > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > From: Maxim Solodovnik [mailto:[email protected]] > Sent: Friday, December 29, 2017 10:27 AM > To: Openmeetings user-list > Subject: Re: Configure https on centos7 > > > > The idea here is > > 1) you are creating self-signed certificate (prerequisite) -> red5.crt > > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12 > > 3) you are creating keystore based on signed red5.p12 -> keystore.jks > > > > At the moment you are starting #3 above there should be NO keystore.jks, you > already have renamed it to *.bak (prerequisite) > > > > Finally you are renaming passwords, they MUST match > > > > > > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов <[email protected]> > wrote: > > Its standard, line “jmx.keystorepass=password” > > > > ------------------- > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > From: Yakovlev N. [mailto:[email protected]] > Sent: Friday, December 29, 2017 7:51 AM > To: [email protected] > Subject: RE: Configure https on centos7 > > > > which passwords do you use in red5/conf/red5.properties ? > > > > From: Андрей Прицепов [mailto:[email protected]] > Sent: Thursday, December 28, 2017 5:36 PM > To: [email protected] > Subject: Configure https on centos7 > > > > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html . For > beginning I configure self-signed certificate. > > Not all in instruction was wrote, so what I do first before instruction is > create self-signed sertificate: > > su - > mkdir /opt/prytsepov > > cd /opt/prytsepov > > yum install mod_ssl > > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt > > > > Then I do by instruction: > this step edit sa.crt to red5.crt or it gives errors. On this step password > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out > red5.p12 -name red5 -certfile red5.crt > > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 > -srcstoretype PKCS12 -deststorepass changeit -destkeystore > /opt/red5401/conf/keystore.jks -alias red5 > > > > Here I see errors: > > keytool error:java.io.IOException:keystore password was incorrect > > > > > > > > > > ------------------- > > С уважением, Андрей Прицепов “Лаборатория Форт Крым” > > > > > > > > -- > > WBR > Maxim aka solomax > > > > > > -- > > WBR > Maxim aka solomax
