Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate Prerequisites: Download Let's Encrypt portable client for Windows: https://github.com/do-know/Crypt-LE/releases OpenMeetings is installed in c:\red5401
Review the official documentation: https://openmeetings.apache.org/RTMPSAndHTTPS.html On the Router, enable the following rules in /jffs/scripts/firewall-start # Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP 192.168.0.135 (change it to your OM server's IP) /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443 /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080 cmd mkdir c:\SSL set OPENSSL_CONF=c:\SSL\openssl.cnf cd c:\SSL mkdir c:\red5401\webapps\root\.well-known\acme-challenge My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry. 1. Create a keystore and key using the same password: keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore red5/keystore.jks Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: om.dynu.net -> change to your DNS entry. What is the name of your organizational unit? [Unknown]: Dev What is the name of your organization? [Unknown]: OM What is the name of your City or Locality? [Unknown]: Somecity What is the name of your State or Province? [Unknown]: NY What is the two-letter country code for this unit? [Unknown]: US Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct? [no]: yes 2. Create a CSR from the keystore: keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr -keystore red5/keystore.jks 3. Add the CA root certificate to the keystore (answer yes on cert already exist in system wide CA keystore): keytool -import -alias root -keystore red5/keystore.jks -trustcacerts -file C:\SSL\isrgrootx1.pem.txt 4. Add the CA intermediate certificate to the keystore: keytool -import -alias intermed -keystore red5/keystore.jks -trustcacerts -file C:\SSL\intermediate-crt.txt 5. Generate an account key and domain key for each domain. You only need to generate the account key once. Domain key is best to be created for every separate set of names you are creating certificates for. openssl genrsa -out account.key 4096 openssl genrsa -out red5/om.dynu.net-domain.key 2048 6. Generate the SSL certificate for your domain: le64 -key account.key -csr red5/om.dynu.net.csr -csr-key red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains "om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge -unlink -live -legacy 7. Import the certificate you received: keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts -file red5/om.dynu.net.crt 8. Check the keystore certificates keytool -list -keystore red5/keystore.jks 9. Overwrite the following keystore files with the new keystore.jks copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks 10. Restart the Red5 Windows Service net stop Red5 && sleep 10 && net start Red5 11. Check the domain's SSL certificate: https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest Note: To revoke a certificate execute: le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains "om.dynu.net" -live Bonus: Windows batch script for renewal 20 days before expiration: @echo off c:\ssl\le64.exe --key c:\ssl\account.key --csr c:\ssl\red5\om.dynu.net.csr --csr-key c:\ssl\red5\om.dynu.net-domain.key --crt c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20 --issue-code 100 --live -legacy if errorlevel 255 goto error if errorlevel 100 goto renew goto exit :error # add e-mail communication goto exit :renew copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass <pass> sleep 2 keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt sleep 2 net stop Red5 sleep 2 copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks net start Red5 :exit
