Yes that is the same for me. Moreover, storepass seems to work just fine. Maybe keytool arguments vary from java to java.
-Dave On Fri, Jan 5, 2018 at 3:29 AM, Maxim Solodovnik <[email protected]> wrote: > I guess "keystorepass" should be "storepass" could you check on your system? > > keytool -import --help > keytool -importcert [OPTION]... > > Imports a certificate or a certificate chain > > Options: > > -noprompt do not prompt > -trustcacerts trust certificates from cacerts > -protected password through protected mechanism > -alias <alias> alias name of the entry to process > -file <filename> input file name > -keypass <arg> key password > -keystore <keystore> keystore name > -storepass <arg> keystore password > -storetype <storetype> keystore type > -providername <providername> provider name > -providerclass <providerclass> provider class name > -providerarg <arg> provider argument > -providerpath <pathlist> provider classpath > -v verbose output > > > On Wed, Jan 3, 2018 at 10:39 AM, David Jentz <[email protected]> wrote: >> >> So I think I may have found the solution. May not have needed https >> all along. I know this is a bit off topic for the original thread, but >> I do not mean to create more work, so I will respond here. >> >> Still a bit preliminary here. Will post new details if I find them. >> >> have chromium-browser-63.0.3239.84-1.el6_9.x86_64 >> >> If I click the (i) in the address bar for my specific site, then click >> site settings, I can then switch microphone to "Allow" instead of >> "Ask(default)". I also do the same for flash. >> >> >> Anyhow, this appears to work just fine (or I'll get it soon). >> >> As for question about keystorepass srcstorepass and deststorepass, when I >> run >> keytool -importkeystore --help >> I get identical output to what you have listed (both srcstorepass and >> deststorepass) >> >> These items are on step 2 of the Steps for OM server guide. This step >> also seems to work just fine for me. >> >> I think, for me at least, the real problem is step 3 >> >> keytool -import -alias root -keystore /opt/red5/conf/keystore.jks >> -keystorepass changeit -trustcacerts -file ca.crt >> >> Where keystorepass is not an option. >> >> Instead, if I just use -storepass it seems to work just fine :-) >> >> Thank you! >> -Dave >> >> >> On Tue, Jan 2, 2018 at 8:42 AM, Maxim Solodovnik <[email protected]> >> wrote: >> > All your steps sounds correct to me >> > It works for me >> > I got this "Allow Flash" message from browser only once >> > >> > then everything works flawlessly >> > >> > I can create recording with my steps after Jan, 9, if it will help .... >> > not >> > sure how :( >> > >> > On Mon, Jan 1, 2018 at 2:17 AM, David Jentz <[email protected]> wrote: >> >> >> >> I will get back to you on these questions on Tuesday if that is OK. >> >> >> >> I did manage to get openmeetings to work via https, I do not have it >> >> fully scripted just yet, but close. This is using the self-signed CA >> >> and cert method described on the link. >> >> >> >> The reason I wen't this way in the first place was because when I >> >> enter an openmeetings room, I was not being presented a list of audio >> >> hardware to use. I was told that chrome needs https to access >> >> microphone. >> >> >> >> Well, even with the https, after enabling flash, after entering a room >> >> I click gear widget. It has choose webcam: Disabled, choose microphone >> >> disabled. On the right side it says: "Click to Enable Adobe Flash >> >> Player". I click, flash player seems to enable OK (keep in mind this >> >> is with PepperFlash). I can do recordings tests, etc. >> >> >> >> But still only option for microphone is Disabled. If I click widget >> >> again, setting is the same. >> >> If I restart chrome, and log back in, I do not have to enable flash >> >> this time, but still for microphone option is Disabled >> >> >> >> I know chromium can see my audio hardware, if I go to chromium -> >> >> settings -> content settings -> microphone, the correct device is >> >> listed there. My only option is "Ask before accessing (recommended)", >> >> otherwise mic is completely disabled. There are no sites listed in the >> >> blocked or allowed lists below. >> >> >> >> It would seem openmeetings is not asking to chromium to use >> >> microphone. Am I doing something wrong? Will the self signed cert >> >> method work to enable this? >> >> >> >> -Dave >> >> >> >> >> >> On Sat, Dec 30, 2017 at 9:48 PM, Maxim Solodovnik >> >> <[email protected]> >> >> wrote: >> >> > Do you have these options in your version? >> >> > What is the error? >> >> > >> >> > On Sun, Dec 31, 2017 at 1:40 AM, David Jentz <[email protected]> >> >> > wrote: >> >> >> >> >> >> I just tried srcstorepass, deststorepass, and storepass, none seem >> >> >> to >> >> >> accept an argument despite what the help page said. >> >> >> >> >> >> -Dave >> >> >> >> >> >> On Sat, Dec 30, 2017 at 9:51 AM, Maxim Solodovnik >> >> >> <[email protected]> >> >> >> wrote: >> >> >> > here is mine output: (src and dest keystore options are >> >> >> > highlighted) >> >> >> > >> >> >> > /usr/lib/jvm/java-8-openjdk-amd64/bin/keytool -importkeystore >> >> >> > --help >> >> >> > >> >> >> > keytool -importkeystore [OPTION]... >> >> >> > >> >> >> > Imports one or all entries from another keystore >> >> >> > >> >> >> > Options: >> >> >> > >> >> >> > -srckeystore <srckeystore> source keystore name >> >> >> > -destkeystore <destkeystore> destination keystore name >> >> >> > -srcstoretype <srcstoretype> source keystore type >> >> >> > -deststoretype <deststoretype> destination keystore type >> >> >> > -srcstorepass <arg> source keystore password >> >> >> > -deststorepass <arg> destination keystore >> >> >> > password >> >> >> > -srcprotected source keystore password >> >> >> > protected >> >> >> > -srcprovidername <srcprovidername> source keystore provider >> >> >> > name >> >> >> > -destprovidername <destprovidername> destination keystore >> >> >> > provider >> >> >> > name >> >> >> > -srcalias <srcalias> source alias >> >> >> > -destalias <destalias> destination alias >> >> >> > -srckeypass <arg> source key password >> >> >> > -destkeypass <arg> destination key password >> >> >> > -noprompt do not prompt >> >> >> > -providerclass <providerclass> provider class name >> >> >> > -providerarg <arg> provider argument >> >> >> > -providerpath <pathlist> provider classpath >> >> >> > -v verbose output >> >> >> > >> >> >> > Use "keytool -help" for all available commands >> >> >> > >> >> >> > >> >> >> > On Sun, Dec 31, 2017 at 12:44 AM, David Jentz <[email protected]> >> >> >> > wrote: >> >> >> >> >> >> >> >> keytool --help does not list -keystorepass as an option for me. >> >> >> >> here >> >> >> >> is what we have to work with: >> >> >> >> >> >> >> >> #which keytool >> >> >> >> /usr/bin/keytool >> >> >> >> >> >> >> >> #namei /usr/bin/keytool >> >> >> >> f: /usr/bin/keytool >> >> >> >> d / >> >> >> >> d usr >> >> >> >> d bin >> >> >> >> l keytool -> /etc/alternatives/keytool >> >> >> >> d / >> >> >> >> d etc >> >> >> >> d alternatives >> >> >> >> l keytool -> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> >> >> >> d / >> >> >> >> d usr >> >> >> >> d lib >> >> >> >> d jvm >> >> >> >> d java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64 >> >> >> >> d jre >> >> >> >> d bin >> >> >> >> - keytool >> >> >> >> >> >> >> >> #rpm -qf >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.144-0.b01.el6_9.x86_64/jre/bin/keytool >> >> >> >> java-1.8.0-openjdk-headless-1.8.0.144-0.b01.el6_9.x86_64 >> >> >> >> >> >> >> >> #keytool -help >> >> >> >> Key and Certificate Management Tool >> >> >> >> >> >> >> >> Commands: >> >> >> >> >> >> >> >> -certreq Generates a certificate request >> >> >> >> -changealias Changes an entry's alias >> >> >> >> -delete Deletes an entry >> >> >> >> -exportcert Exports certificate >> >> >> >> -genkeypair Generates a key pair >> >> >> >> -genseckey Generates a secret key >> >> >> >> -gencert Generates certificate from a certificate >> >> >> >> request >> >> >> >> -importcert Imports a certificate or a certificate chain >> >> >> >> -importpass Imports a password >> >> >> >> -importkeystore Imports one or all entries from another >> >> >> >> keystore >> >> >> >> -keypasswd Changes the key password of an entry >> >> >> >> -list Lists entries in a keystore >> >> >> >> -printcert Prints the content of a certificate >> >> >> >> -printcertreq Prints the content of a certificate request >> >> >> >> -printcrl Prints the content of a CRL file >> >> >> >> -storepasswd Changes the store password of a keystore >> >> >> >> >> >> >> >> Use "keytool -command_name -help" for usage of command_name >> >> >> >> >> >> >> >> >> >> >> >> I think we have the openjdk on the linux (perhaps other platforms >> >> >> >> too) >> >> >> >> and not the Sun/oracle implementation so as to get around license >> >> >> >> issues and be GPL. That said, I just checked the jdk1.8.0 on >> >> >> >> linux, >> >> >> >> it >> >> >> >> doesn't have keystorepass either. >> >> >> >> >> >> >> >> >> >> >> >> -Dave >> >> >> >> >> >> >> >> >> >> >> >> On Fri, Dec 29, 2017 at 7:06 PM, Maxim Solodovnik >> >> >> >> <[email protected]> >> >> >> >> wrote: >> >> >> >> > Can you run "keytool --help" and check possible options? >> >> >> >> > >> >> >> >> > For real server it might be better to set up "let's encrypt" >> >> >> >> > free >> >> >> >> > certificate (script was posted some time ago) >> >> >> >> > >> >> >> >> > WBR, Maxim >> >> >> >> > (from mobile, sorry for the typos) >> >> >> >> > >> >> >> >> > On Sat, Dec 30, 2017, 08:06 David Jentz <[email protected]> >> >> >> >> > wrote: >> >> >> >> >> >> >> >> >> >> I am working through these steps on rhel6 which is a close >> >> >> >> >> cousin >> >> >> >> >> to >> >> >> >> >> centos 6. >> >> >> >> >> >> >> >> >> >> I have the same issue, -keystorepass is not a valid argument >> >> >> >> >> to >> >> >> >> >> keytool. >> >> >> >> >> >> >> >> >> >> Instead, you can just leave that argument off (and the pass ) >> >> >> >> >> since >> >> >> >> >> then keytool will just prompt. >> >> >> >> >> >> >> >> >> >> This still poses a problem for me because I am trying to have >> >> >> >> >> the >> >> >> >> >> entire setup in a script. Perhaps I can write an expect script >> >> >> >> >> just >> >> >> >> >> for this one line. >> >> >> >> >> >> >> >> >> >> Anyhow, I will work to further get SSL working next year. It >> >> >> >> >> turns >> >> >> >> >> out >> >> >> >> >> my version of chrome requires it for sound. >> >> >> >> >> >> >> >> >> >> -Dave >> >> >> >> >> >> >> >> >> >> On Fri, Dec 29, 2017 at 4:32 AM, Андрей Прицепов >> >> >> >> >> <[email protected]> wrote: >> >> >> >> >> > I do all by this instruction >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> >> >> > except >> >> >> >> >> > create in the beginning red5.key and red5.crt. >> >> >> >> >> > >> >> >> >> >> > In instruction error on this command: >> >> >> >> >> > keytool -import -alias root -keystore >> >> >> >> >> > /opt/red5401/conf/keystore.jks >> >> >> >> >> > -keystorepass password -trustcacerts -file red5.crt >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Error: >> >> >> >> >> > illegal option: -keystorepass >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > In documentation >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> >> >> >> > not exist that option so >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> >> >> > is >> >> >> >> >> > not >> >> >> >> >> > can’t be used, not relevant. >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > ------------------- >> >> >> >> >> > >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> >> >> >> > Sent: Friday, December 29, 2017 11:12 AM >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > To: Openmeetings user-list >> >> >> >> >> > Subject: Re: Configure https on centos7 >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Please read documentation [1] and use search before asking >> >> >> >> >> > questions >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > According to the steps from [2] "-srcstorepass changeit" >> >> >> >> >> > this >> >> >> >> >> > means >> >> >> >> >> > "red5.p12" MUST have password "changeit" >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > [1] >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html >> >> >> >> >> > >> >> >> >> >> > [2] >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html#Steps_for_OM_server >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > On Fri, Dec 29, 2017 at 3:07 PM, Андрей Прицепов >> >> >> >> >> > <[email protected]> >> >> >> >> >> > wrote: >> >> >> >> >> > >> >> >> >> >> > Ø The idea here is… >> >> >> >> >> > >> >> >> >> >> > I can’t do this idea in practice, something doing not right. >> >> >> >> >> > I >> >> >> >> >> > create >> >> >> >> >> > red5.crt and red5.p12 but keystore.jks can’t create. Not >> >> >> >> >> > enough >> >> >> >> >> > information >> >> >> >> >> > in instruction to do this fast step-by-step. Later I will >> >> >> >> >> > have >> >> >> >> >> > ‘real’ >> >> >> >> >> > certificate. >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Ø At the moment you are starting #3 above there should be >> >> >> >> >> > NO >> >> >> >> >> > keystore.jks, >> >> >> >> >> > you already have renamed it to *.bak (prerequisite) >> >> >> >> >> > >> >> >> >> >> > What means #3? >> >> >> >> >> > >> >> >> >> >> > I renamed them, but *jks wasn’t there in the beginning was >> >> >> >> >> > *jmx. >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Ø Finally you are renaming passwords, they MUST match >> >> >> >> >> > >> >> >> >> >> > So when I do command “openssl req -x509 -nodes -days 99999 >> >> >> >> >> > -newkey >> >> >> >> >> > rsa:2048 >> >> >> >> >> > -keyout /opt/prytsepov/red5.key -out >> >> >> >> >> > /opt/prytsepov/red5.crt” I >> >> >> >> >> > enter >> >> >> >> >> > “jmx.keystorepass=password” when it ask me enter password. >> >> >> >> >> > If >> >> >> >> >> > like >> >> >> >> >> > that >> >> >> >> >> > I >> >> >> >> >> > still have this error. >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > ------------------- >> >> >> >> >> > >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > From: Maxim Solodovnik [mailto:[email protected]] >> >> >> >> >> > Sent: Friday, December 29, 2017 10:27 AM >> >> >> >> >> > To: Openmeetings user-list >> >> >> >> >> > Subject: Re: Configure https on centos7 >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > The idea here is >> >> >> >> >> > >> >> >> >> >> > 1) you are creating self-signed certificate (prerequisite) >> >> >> >> >> > -> >> >> >> >> >> > red5.crt >> >> >> >> >> > >> >> >> >> >> > 2) you are signing red5.crt with your fake CA (step 1) -> >> >> >> >> >> > red5.p12 >> >> >> >> >> > >> >> >> >> >> > 3) you are creating keystore based on signed red5.p12 -> >> >> >> >> >> > keystore.jks >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > At the moment you are starting #3 above there should be NO >> >> >> >> >> > keystore.jks, >> >> >> >> >> > you >> >> >> >> >> > already have renamed it to *.bak (prerequisite) >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Finally you are renaming passwords, they MUST match >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > On Fri, Dec 29, 2017 at 1:25 PM, Андрей Прицепов >> >> >> >> >> > <[email protected]> >> >> >> >> >> > wrote: >> >> >> >> >> > >> >> >> >> >> > Its standard, line “jmx.keystorepass=password” >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > ------------------- >> >> >> >> >> > >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > From: Yakovlev N. [mailto:[email protected]] >> >> >> >> >> > Sent: Friday, December 29, 2017 7:51 AM >> >> >> >> >> > To: [email protected] >> >> >> >> >> > Subject: RE: Configure https on centos7 >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > which passwords do you use in red5/conf/red5.properties ? >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > From: Андрей Прицепов [mailto:[email protected]] >> >> >> >> >> > Sent: Thursday, December 28, 2017 5:36 PM >> >> >> >> >> > To: [email protected] >> >> >> >> >> > Subject: Configure https on centos7 >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Use this instruction >> >> >> >> >> > http://openmeetings.apache.org/RTMPSAndHTTPS.html . >> >> >> >> >> > For >> >> >> >> >> > beginning I configure self-signed certificate. >> >> >> >> >> > >> >> >> >> >> > Not all in instruction was wrote, so what I do first before >> >> >> >> >> > instruction >> >> >> >> >> > is >> >> >> >> >> > create self-signed sertificate: >> >> >> >> >> > >> >> >> >> >> > su - >> >> >> >> >> > mkdir /opt/prytsepov >> >> >> >> >> > >> >> >> >> >> > cd /opt/prytsepov >> >> >> >> >> > >> >> >> >> >> > yum install mod_ssl >> >> >> >> >> > >> >> >> >> >> > openssl req -x509 -nodes -days 99999 -newkey rsa:2048 >> >> >> >> >> > -keyout >> >> >> >> >> > /opt/prytsepov/red5.key -out /opt/prytsepov/red5.crt >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Then I do by instruction: >> >> >> >> >> > this step edit sa.crt to red5.crt or it gives errors. On >> >> >> >> >> > this >> >> >> >> >> > step >> >> >> >> >> > password >> >> >> >> >> > left empty: openssl pkcs12 -export -in red5.crt -inkey >> >> >> >> >> > red5.key >> >> >> >> >> > -out >> >> >> >> >> > red5.p12 -name red5 -certfile red5.crt >> >> >> >> >> > >> >> >> >> >> > keytool -importkeystore -srcstorepass changeit -srckeystore >> >> >> >> >> > red5.p12 >> >> >> >> >> > -srcstoretype PKCS12 -deststorepass changeit -destkeystore >> >> >> >> >> > /opt/red5401/conf/keystore.jks -alias red5 >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > Here I see errors: >> >> >> >> >> > >> >> >> >> >> > keytool error:java.io.IOException:keystore password was >> >> >> >> >> > incorrect >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > ------------------- >> >> >> >> >> > >> >> >> >> >> > С уважением, Андрей Прицепов “Лаборатория Форт Крым” >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > -- >> >> >> >> >> > >> >> >> >> >> > WBR >> >> >> >> >> > Maxim aka solomax >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > -- >> >> >> >> >> > >> >> >> >> >> > WBR >> >> >> >> >> > Maxim aka solomax >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > WBR >> >> >> > Maxim aka solomax >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > WBR >> >> > Maxim aka solomax >> > >> > >> > >> > >> > -- >> > WBR >> > Maxim aka solomax > > > > > -- > WBR > Maxim aka solomax
