I just tried srcstorepass, deststorepass, and storepass, none seem to accept an argument despite what the help page said.
-Dave On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <[email protected]> wrote: > here is mine output: (src and dest keystore options are highlighted) > > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help > > keytool -importkeystore [OPTION]... > > Imports one or all entries from another keystore > > Options: > > -srckeystore <srckeystore> source keystore name > -destkeystore <destkeystore> destination keystore name > -srcstoretype <srcstoretype> source keystore type > -deststoretype <deststoretype> destination keystore type > -srcstorepass <arg> source keystore password > -deststorepass <arg> destination keystore password > -srcprotected source keystore password protected > -srcprovidername <srcprovidername> source keystore provider name > -destprovidername <destprovidername> destination keystore provider name > -srcalias <srcalias> source alias > -destalias <destalias> destination alias > -srckeypass <arg> source key password > -destkeypass <arg> destination key password > -noprompt do not prompt > -providerclass <providerclass> provider class name > -providerarg <arg> provider argument > -providerpath <pathlist> provider classpath > -v verbose output > > Use "keytool -help" for all available commands > > > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <[email protected]> wrote: >> >> keytool --help does not list -keystorepass as an option for me. here >> is what we have to work with: >> >> #which keytool >> /usr/bin/keytool >> >> #namei /usr/bin/keytool >> f: /usr/bin/keytool >> d / >> d usr >> d bin >> l keytool -> /etc/alternatives/keytool >> d / >> d etc >> d alternatives >> l keytool -> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> d / >> d usr >> d lib >> d jvm >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64 >> d jre >> d bin >> - keytool >> >> #rpm -qf >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64 >> >> #keytool -help >> Key and Certificate Management Tool >> >> Commands: >> >> -certreq Generates a certificate request >> -changealias Changes an entry's alias >> -delete Deletes an entry >> -exportcert Exports certificate >> -genkeypair Generates a key pair >> -genseckey Generates a secret key >> -gencert Generates certificate from a certificate request >> -importcert Imports a certificate or a certificate chain >> -importpass Imports a password >> -importkeystore Imports one or all entries from another keystore >> -keypasswd Changes the key password of an entry >> -list Lists entries in a keystore >> -printcert Prints the content of a certificate >> -printcertreq Prints the content of a certificate request >> -printcrl Prints the content of a CRL file >> -storepasswd Changes the store password of a keystore >> >> Use "keytool -command_name -help" for usage of command_name >> >> >> I think we have the openjdk on the linux (perhaps other platforms too) >> and not the Sun/oracle implementation so as to get around license >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it >> doesn't have keystorepass either. >> >> >> -Dave >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik <[email protected]> >> wrote: >> > Can you run "keytool --help" and check possible options? >> > >> > For real server it might be better to set up "let's encrypt" free >> > certificate (script was posted some time ago) >> > >> > WBR, Maxim >> > (from mobile, sorry for the typos) >> > >> > On Sat, Dec 30, 2017, 08:06 David Jentz <[email protected]> wrote: >> >> >> >> I am working through these steps on rhel6 which is a close cousin to >> >> centos 6. >> >> >> >> I have the same issue, -keystorepass is not a valid argument to >> >> keytool. >> >> >> >> Instead, you can just leave that argument off (and the pass ) since >> >> then keytool will just prompt. >> >> >> >> This still poses a problem for me because I am trying to have the >> >> entire setup in a script. Perhaps I can write an expect script just >> >> for this one line. >> >> >> >> Anyhow, I will work to further get SSL working next year. It turns out >> >> my version of chrome requires it for sound. >> >> >> >> -Dave >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов >> >> <[email protected]> wrote: >> >> > I do all by this instruction >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> > except >> >> > create in the beginning red5.key and red5.crt. >> >> > >> >> > In instruction error on this command: >> >> > keytool -import -alias root -keystore /opt/red5401/conf/keystore.jks >> >> > -keystorepass password -trustcacerts -file red5.crt >> >> > >> >> > >> >> > >> >> > Error: >> >> > illegal option: -keystorepass >> >> > >> >> > >> >> > >> >> > In documentation >> >> > >> >> > >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> > not exist that option so >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> > is >> >> > not >> >> > can’t be used, not relevant. >> >> > >> >> > >> >> > >> >> > ------------------- >> >> > >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> > >> >> > >> >> > >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> > Sent: Friday, December 29, 2017 11:12 AM >> >> > >> >> > >> >> > To: Openmeetings user-list >> >> > Subject: Re: Configure https on centos7 >> >> > >> >> > >> >> > >> >> > Please read documentation [1] and use search before asking questions >> >> > >> >> > >> >> > >> >> > According to the steps from [2] "-srcstorepass changeit" this means >> >> > "red5.p12" MUST have password "changeit" >> >> > >> >> > >> >> > >> >> > [1] >> >> > >> >> > >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> > >> >> > [2] >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> > >> >> > >> >> > >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов >> >> > <[email protected]> >> >> > wrote: >> >> > >> >> > Ø The idea here is… >> >> > >> >> > I can’t do this idea in practice, something doing not right. I create >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough >> >> > information >> >> > in instruction to do this fast step-by-step. Later I will have ‘real’ >> >> > certificate. >> >> > >> >> > >> >> > >> >> > Ø At the moment you are starting #3 above there should be NO >> >> > keystore.jks, >> >> > you already have renamed it to *.bak (prerequisite) >> >> > >> >> > What means #3? >> >> > >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx. >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > Ø Finally you are renaming passwords, they MUST match >> >> > >> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey >> >> > rsa:2048 >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I enter >> >> > “jmx.keystorepass=password” when it ask me enter password. If like >> >> > that >> >> > I >> >> > still have this error. >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > ------------------- >> >> > >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> > >> >> > >> >> > >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> > Sent: Friday, December 29, 2017 10:27 AM >> >> > To: Openmeetings user-list >> >> > Subject: Re: Configure https on centos7 >> >> > >> >> > >> >> > >> >> > The idea here is >> >> > >> >> > 1) you are creating self-signed certificate (prerequisite) -> >> >> > red5.crt >> >> > >> >> > 2) you are signing red5.crt with your fake CA (step 1) -> red5.p12 >> >> > >> >> > 3) you are creating keystore based on signed red5.p12 -> keystore.jks >> >> > >> >> > >> >> > >> >> > At the moment you are starting #3 above there should be NO >> >> > keystore.jks, >> >> > you >> >> > already have renamed it to *.bak (prerequisite) >> >> > >> >> > >> >> > >> >> > Finally you are renaming passwords, they MUST match >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов >> >> > <[email protected]> >> >> > wrote: >> >> > >> >> > Its standard, line “jmx.keystorepass=password” >> >> > >> >> > >> >> > >> >> > ------------------- >> >> > >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> > >> >> > >> >> > >> >> > From: Yakovlev N. [mailto:[email protected]] >> >> > Sent: Friday, December 29, 2017 7:51 AM >> >> > To: [email protected] >> >> > Subject: RE: Configure https on centos7 >> >> > >> >> > >> >> > >> >> > which passwords do you use in red5/conf/red5.properties ? >> >> > >> >> > >> >> > >> >> > From: Андрей Прицепов [mailto:[email protected]] >> >> > Sent: Thursday, December 28, 2017 5:36 PM >> >> > To: [email protected] >> >> > Subject: Configure https on centos7 >> >> > >> >> > >> >> > >> >> > Use this instruction >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html . >> >> > For >> >> > beginning I configure self-signed certificate. >> >> > >> >> > Not all in instruction was wrote, so what I do first before >> >> > instruction >> >> > is >> >> > create self-signed sertificate: >> >> > >> >> > su - >> >> > mkdir /opt/prytsepov >> >> > >> >> > cd /opt/prytsepov >> >> > >> >> > yum install mod_ssl >> >> > >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt >> >> > >> >> > >> >> > >> >> > Then I do by instruction: >> >> > this step edit sa.crt to red5.crt or it gives errors. On this step >> >> > password >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key -out >> >> > red5.p12 -name red5 -certfile red5.crt >> >> > >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore red5.p12 >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore >> >> > /opt/red5401/conf/keystore.jks -alias red5 >> >> > >> >> > >> >> > >> >> > Here I see errors: >> >> > >> >> > keytool error:java.io.IOException:keystore password was incorrect >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > ------------------- >> >> > >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > >> >> > WBR >> >> > Maxim aka solomax >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > >> >> > WBR >> >> > Maxim aka solomax > > > > > -- > WBR > Maxim aka solomax
