I will get back to you on these questions on Tuesday if that is OK. I did manage to get openmeetings to work via https, I do not have it fully scripted just yet, but close. This is using the self-signed CA and cert method described on the link.
The reason I wen't this way in the first place was because when I enter an openmeetings room, I was not being presented a list of audio hardware to use. I was told that chrome needs https to access microphone. Well, even with the https, after enabling flash, after entering a room I click gear widget. It has choose webcam: Disabled, choose microphone disabled. On the right side it says: "Click to Enable Adobe Flash Player". I click, flash player seems to enable OK (keep in mind this is with PepperFlash). I can do recordings tests, etc. But still only option for microphone is Disabled. If I click widget again, setting is the same. If I restart chrome, and log back in, I do not have to enable flash this time, but still for microphone option is Disabled I know chromium can see my audio hardware, if I go to chromium -> settings -> content settings -> microphone, the correct device is listed there. My only option is "Ask before accessing (recommended)", otherwise mic is completely disabled. There are no sites listed in the blocked or allowed lists below. It would seem openmeetings is not asking to chromium to use microphone. Am I doing something wrong? Will the self signed cert method work to enable this? -Dave On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik <[email protected]> wrote: > Do you have these options in your version? > What is the error? > > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <[email protected]> wrote: >> >> I just tried srcstorepass, deststorepass, and storepass, none seem to >> accept an argument despite what the help page said. >> >> -Dave >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik <[email protected]> >> wrote: >> > here is mine output: (src and dest keystore options are highlighted) >> > >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore --help >> > >> > keytool -importkeystore [OPTION]... >> > >> > Imports one or all entries from another keystore >> > >> > Options: >> > >> > -srckeystore <srckeystore> source keystore name >> > -destkeystore <destkeystore> destination keystore name >> > -srcstoretype <srcstoretype> source keystore type >> > -deststoretype <deststoretype> destination keystore type >> > -srcstorepass <arg> source keystore password >> > -deststorepass <arg> destination keystore password >> > -srcprotected source keystore password >> > protected >> > -srcprovidername <srcprovidername> source keystore provider name >> > -destprovidername <destprovidername> destination keystore provider >> > name >> > -srcalias <srcalias> source alias >> > -destalias <destalias> destination alias >> > -srckeypass <arg> source key password >> > -destkeypass <arg> destination key password >> > -noprompt do not prompt >> > -providerclass <providerclass> provider class name >> > -providerarg <arg> provider argument >> > -providerpath <pathlist> provider classpath >> > -v verbose output >> > >> > Use "keytool -help" for all available commands >> > >> > >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <[email protected]> wrote: >> >> >> >> keytool --help does not list -keystorepass as an option for me. here >> >> is what we have to work with: >> >> >> >> #which keytool >> >> /usr/bin/keytool >> >> >> >> #namei /usr/bin/keytool >> >> f: /usr/bin/keytool >> >> d / >> >> d usr >> >> d bin >> >> l keytool -> /etc/alternatives/keytool >> >> d / >> >> d etc >> >> d alternatives >> >> l keytool -> >> >> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> >> d / >> >> d usr >> >> d lib >> >> d jvm >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64 >> >> d jre >> >> d bin >> >> - keytool >> >> >> >> #rpm -qf >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64 >> >> >> >> #keytool -help >> >> Key and Certificate Management Tool >> >> >> >> Commands: >> >> >> >> -certreq Generates a certificate request >> >> -changealias Changes an entry's alias >> >> -delete Deletes an entry >> >> -exportcert Exports certificate >> >> -genkeypair Generates a key pair >> >> -genseckey Generates a secret key >> >> -gencert Generates certificate from a certificate request >> >> -importcert Imports a certificate or a certificate chain >> >> -importpass Imports a password >> >> -importkeystore Imports one or all entries from another keystore >> >> -keypasswd Changes the key password of an entry >> >> -list Lists entries in a keystore >> >> -printcert Prints the content of a certificate >> >> -printcertreq Prints the content of a certificate request >> >> -printcrl Prints the content of a CRL file >> >> -storepasswd Changes the store password of a keystore >> >> >> >> Use "keytool -command_name -help" for usage of command_name >> >> >> >> >> >> I think we have the openjdk on the linux (perhaps other platforms too) >> >> and not the Sun/oracle implementation so as to get around license >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on linux, it >> >> doesn't have keystorepass either. >> >> >> >> >> >> -Dave >> >> >> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik >> >> <[email protected]> >> >> wrote: >> >> > Can you run "keytool --help" and check possible options? >> >> > >> >> > For real server it might be better to set up "let's encrypt" free >> >> > certificate (script was posted some time ago) >> >> > >> >> > WBR, Maxim >> >> > (from mobile, sorry for the typos) >> >> > >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <[email protected]> wrote: >> >> >> >> >> >> I am working through these steps on rhel6 which is a close cousin to >> >> >> centos 6. >> >> >> >> >> >> I have the same issue, -keystorepass is not a valid argument to >> >> >> keytool. >> >> >> >> >> >> Instead, you can just leave that argument off (and the pass ) since >> >> >> then keytool will just prompt. >> >> >> >> >> >> This still poses a problem for me because I am trying to have the >> >> >> entire setup in a script. Perhaps I can write an expect script just >> >> >> for this one line. >> >> >> >> >> >> Anyhow, I will work to further get SSL working next year. It turns >> >> >> out >> >> >> my version of chrome requires it for sound. >> >> >> >> >> >> -Dave >> >> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов >> >> >> <[email protected]> wrote: >> >> >> > I do all by this instruction >> >> >> > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> > except >> >> >> > create in the beginning red5.key and red5.crt. >> >> >> > >> >> >> > In instruction error on this command: >> >> >> > keytool -import -alias root -keystore >> >> >> > /opt/red5401/conf/keystore.jks >> >> >> > -keystorepass password -trustcacerts -file red5.crt >> >> >> > >> >> >> > >> >> >> > >> >> >> > Error: >> >> >> > illegal option: -keystorepass >> >> >> > >> >> >> > >> >> >> > >> >> >> > In documentation >> >> >> > >> >> >> > >> >> >> > >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> >> > not exist that option so >> >> >> > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> > is >> >> >> > not >> >> >> > can’t be used, not relevant. >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------- >> >> >> > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> > >> >> >> > >> >> >> > >> >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> >> > Sent: Friday, December 29, 2017 11:12 AM >> >> >> > >> >> >> > >> >> >> > To: Openmeetings user-list >> >> >> > Subject: Re: Configure https on centos7 >> >> >> > >> >> >> > >> >> >> > >> >> >> > Please read documentation [1] and use search before asking >> >> >> > questions >> >> >> > >> >> >> > >> >> >> > >> >> >> > According to the steps from [2] "-srcstorepass changeit" this >> >> >> > means >> >> >> > "red5.p12" MUST have password "changeit" >> >> >> > >> >> >> > >> >> >> > >> >> >> > [1] >> >> >> > >> >> >> > >> >> >> > >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> >> > >> >> >> > [2] >> >> >> > >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов >> >> >> > <[email protected]> >> >> >> > wrote: >> >> >> > >> >> >> > Ø The idea here is… >> >> >> > >> >> >> > I can’t do this idea in practice, something doing not right. I >> >> >> > create >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not enough >> >> >> > information >> >> >> > in instruction to do this fast step-by-step. Later I will have >> >> >> > ‘real’ >> >> >> > certificate. >> >> >> > >> >> >> > >> >> >> > >> >> >> > Ø At the moment you are starting #3 above there should be NO >> >> >> > keystore.jks, >> >> >> > you already have renamed it to *.bak (prerequisite) >> >> >> > >> >> >> > What means #3? >> >> >> > >> >> >> > I renamed them, but *jks wasn’t there in the beginning was *jmx. >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > Ø Finally you are renaming passwords, they MUST match >> >> >> > >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999 -newkey >> >> >> > rsa:2048 >> >> >> > -keyout /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt” I >> >> >> > enter >> >> >> > “jmx.keystorepass=password” when it ask me enter password. If like >> >> >> > that >> >> >> > I >> >> >> > still have this error. >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------- >> >> >> > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> > >> >> >> > >> >> >> > >> >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> >> > Sent: Friday, December 29, 2017 10:27 AM >> >> >> > To: Openmeetings user-list >> >> >> > Subject: Re: Configure https on centos7 >> >> >> > >> >> >> > >> >> >> > >> >> >> > The idea here is >> >> >> > >> >> >> > 1) you are creating self-signed certificate (prerequisite) -> >> >> >> > red5.crt >> >> >> > >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) -> >> >> >> > red5.p12 >> >> >> > >> >> >> > 3) you are creating keystore based on signed red5.p12 -> >> >> >> > keystore.jks >> >> >> > >> >> >> > >> >> >> > >> >> >> > At the moment you are starting #3 above there should be NO >> >> >> > keystore.jks, >> >> >> > you >> >> >> > already have renamed it to *.bak (prerequisite) >> >> >> > >> >> >> > >> >> >> > >> >> >> > Finally you are renaming passwords, they MUST match >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов >> >> >> > <[email protected]> >> >> >> > wrote: >> >> >> > >> >> >> > Its standard, line “jmx.keystorepass=password” >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------- >> >> >> > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> > >> >> >> > >> >> >> > >> >> >> > From: Yakovlev N. [mailto:[email protected]] >> >> >> > Sent: Friday, December 29, 2017 7:51 AM >> >> >> > To: [email protected] >> >> >> > Subject: RE: Configure https on centos7 >> >> >> > >> >> >> > >> >> >> > >> >> >> > which passwords do you use in red5/conf/red5.properties ? >> >> >> > >> >> >> > >> >> >> > >> >> >> > From: Андрей Прицепов [mailto:[email protected]] >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM >> >> >> > To: [email protected] >> >> >> > Subject: Configure https on centos7 >> >> >> > >> >> >> > >> >> >> > >> >> >> > Use this instruction >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html . >> >> >> > For >> >> >> > beginning I configure self-signed certificate. >> >> >> > >> >> >> > Not all in instruction was wrote, so what I do first before >> >> >> > instruction >> >> >> > is >> >> >> > create self-signed sertificate: >> >> >> > >> >> >> > su - >> >> >> > mkdir /opt/prytsepov >> >> >> > >> >> >> > cd /opt/prytsepov >> >> >> > >> >> >> > yum install mod_ssl >> >> >> > >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 -keyout >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt >> >> >> > >> >> >> > >> >> >> > >> >> >> > Then I do by instruction: >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On this step >> >> >> > password >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey red5.key >> >> >> > -out >> >> >> > red5.p12 -name red5 -certfile red5.crt >> >> >> > >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore >> >> >> > red5.p12 >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore >> >> >> > /opt/red5401/conf/keystore.jks -alias red5 >> >> >> > >> >> >> > >> >> >> > >> >> >> > Here I see errors: >> >> >> > >> >> >> > keytool error:java.io.IOException:keystore password was incorrect >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > ------------------- >> >> >> > >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > WBR >> >> >> > Maxim aka solomax >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > WBR >> >> >> > Maxim aka solomax >> > >> > >> > >> > >> > -- >> > WBR >> > Maxim aka solomax > > > > > -- > WBR > Maxim aka solomax
