keytool --help does not list -keystorepass as an option for me. here
is what we have to work with:
#which keytool
/usr/bin/keytool
#namei /usr/bin/keytool
f: /usr/bin/keytool
d /
d usr
d bin
l keytool -> /etc/alternatives/keytool
d /
d etc
d alternatives
l keytool ->
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
d /
d usr
d lib
d jvm
d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64
d jre
d bin
- keytool
#rpm -qf
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool
java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64
#keytool -help
Key and Certificate Management Tool
Commands:
-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importpass Imports a password
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore
Use "keytool -command_name -help" for usage of command_name
I think we have the openjdk on the linux (perhaps other platforms too)
and not the Sun/oracle implementation so as to get around license
issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it
doesn't have keystorepass either.
-Dave
On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <[email protected]> wrote:
> Can you run "keytool --help" and check possible options?
>
> For real server it might be better to set up "let's encrypt" free
> certificate (script was posted some time ago)
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Sat, Dec 30, 2017, 08:06 David Jentz <[email protected]> wrote:
>>
>> I am working through these steps on rhel6 which is a close cousin to
>> centos 6.
>>
>> I have the same issue, -keystorepass is not a valid argument to keytool.
>>
>> Instead, you can just leave that argument off (and the pass ) since
>> then keytool will just prompt.
>>
>> This still poses a problem for me because I am trying to have the
>> entire setup in a script. Perhaps I can write an expect script just
>> for this one line.
>>
>> Anyhow, I will work to further get SSL working next year. It turns out
>> my version of chrome requires it for sound.
>>
>> -Dave
>>
>> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов
>> <[email protected]> wrote:
>> > I do all by this instruction
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> > except
>> > create in the beginning red5.key and red5.crt.
>> >
>> > In instruction error on this command:
>> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks
>> > -keystorepass password -trustcacerts -file red5.crt
>> >
>> >
>> >
>> > Error:
>> > illegal option: -keystorepass
>> >
>> >
>> >
>> > In documentation
>> >
>> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> > not exist that option so
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server is
>> > not
>> > can’t be used, not relevant.
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Maxim Solodovnik [mailto:[email protected]]
>> > Sent: Friday, December 29, 2017 11:12 AM
>> >
>> >
>> > To: Openmeetings user-list
>> > Subject: Re: Configure https on centos7
>> >
>> >
>> >
>> > Please read documentation [1] and use search before asking questions
>> >
>> >
>> >
>> > According to the steps from [2] "-srcstorepass changeit" this means
>> > "red5.p12" MUST have password "changeit"
>> >
>> >
>> >
>> > [1]
>> >
>> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
>> >
>> > [2]
>> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server
>> >
>> >
>> >
>> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов
>> > <[email protected]>
>> > wrote:
>> >
>> > Ø The idea here is…
>> >
>> > I can’t do this idea in practice, something doing not right. I create
>> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough
>> > information
>> > in instruction to do this fast step-by-step. Later I will have ‘real’
>> > certificate.
>> >
>> >
>> >
>> > Ø At the moment you are starting #3 above there should be NO
>> > keystore.jks,
>> > you already have renamed it to *.bak (prerequisite)
>> >
>> > What means #3?
>> >
>> > I renamed them, but *jks wasn’t there in the beginning was *jmx.
>> >
>> >
>> >
>> >
>> >
>> > Ø Finally you are renaming passwords, they MUST match
>> >
>> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey
>> > rsa:2048
>> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter
>> > “jmx.keystorepass=password” when it ask me enter password. If like that
>> > I
>> > still have this error.
>> >
>> >
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Maxim Solodovnik [mailto:[email protected]]
>> > Sent: Friday, December 29, 2017 10:27 AM
>> > To: Openmeetings user-list
>> > Subject: Re: Configure https on centos7
>> >
>> >
>> >
>> > The idea here is
>> >
>> > 1) you are creating self-signed certificate (prerequisite) -> red5.crt
>> >
>> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12
>> >
>> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks
>> >
>> >
>> >
>> > At the moment you are starting #3 above there should be NO keystore.jks,
>> > you
>> > already have renamed it to *.bak (prerequisite)
>> >
>> >
>> >
>> > Finally you are renaming passwords, they MUST match
>> >
>> >
>> >
>> >
>> >
>> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов
>> > <[email protected]>
>> > wrote:
>> >
>> > Its standard, line “jmx.keystorepass=password”
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> > From: Yakovlev N. [mailto:[email protected]]
>> > Sent: Friday, December 29, 2017 7:51 AM
>> > To: [email protected]
>> > Subject: RE: Configure https on centos7
>> >
>> >
>> >
>> > which passwords do you use in red5/conf/red5.properties ?
>> >
>> >
>> >
>> > From: Андрей Прицепов [mailto:[email protected]]
>> > Sent: Thursday, December 28, 2017 5:36 PM
>> > To: [email protected]
>> > Subject: Configure https on centos7
>> >
>> >
>> >
>> > Use this instruction http://openmeetings.apache.org/RTMPSAndHTTPS.html .
>> > For
>> > beginning I configure self-signed certificate.
>> >
>> > Not all in instruction was wrote, so what I do first before instruction
>> > is
>> > create self-signed sertificate:
>> >
>> > su -
>> > mkdir /opt/prytsepov
>> >
>> > cd /opt/prytsepov
>> >
>> > yum install mod_ssl
>> >
>> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout
>> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt
>> >
>> >
>> >
>> > Then I do by instruction:
>> > this step edit sa.crt to red5.crt or it gives errors. On this step
>> > password
>> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out
>> > red5.p12 -name red5 -certfile red5.crt
>> >
>> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12
>> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore
>> > /opt/red5401/conf/keystore.jks -alias red5
>> >
>> >
>> >
>> > Here I see errors:
>> >
>> > keytool error:java.io.IOException:keystore password was incorrect
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > -------------------
>> >
>> > С уважением, Андрей Прицепов “Лаборатория Форт Крым”
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > WBR
>> > Maxim aka solomax
>> >
>> >
>> >
>> >
>> >
>> > --
>> >
>> > WBR
>> > Maxim aka solomax
