Thanks for sharing! On Wed, Feb 7, 2018 at 6:03 AM, <[email protected]> wrote:
> Setup OpenmMeetings 4.0.1 for SSL on Windows 10 using LE certificate > > Prerequisites: > Download Let's Encrypt portable client for Windows: > https://github.com/do-know/Crypt-LE/releases > OpenMeetings is installed in c:\red5401 > > Review the official documentation: https://openmeetings.apache. > org/RTMPSAndHTTPS.html > > On the Router, enable the following rules in /jffs/scripts/firewall-start > # Enable OpenMeetings HTTP/HTTPS forward to OM server internal IP > 192.168.0.135 (change it to your OM server's IP) > /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get > wan0_ipaddr) --dport 443 --to-destination 192.168.0.135:5443 > /usr/sbin/iptables -t nat -A PREROUTING -j DNAT -p tcp -d $(nvram get > wan0_ipaddr) --dport 80 --to-destination 192.168.0.135:5080 > > cmd > mkdir c:\SSL > set OPENSSL_CONF=c:\SSL\openssl.cnf > cd c:\SSL > mkdir c:\red5401\webapps\root\.well-known\acme-challenge > > My dynamic DNS web site -> OM.DYNU.NET. Change to your DNS entry. > > 1. Create a keystore and key using the same password: > keytool -genkey -keysize 2048 -alias red5 -keyalg RSA -keystore > red5/keystore.jks > Enter keystore password: > Re-enter new password: > What is your first and last name? > [Unknown]: om.dynu.net -> change to your DNS entry. > What is the name of your organizational unit? > [Unknown]: Dev > What is the name of your organization? > [Unknown]: OM > What is the name of your City or Locality? > [Unknown]: Somecity > What is the name of your State or Province? > [Unknown]: NY > What is the two-letter country code for this unit? > [Unknown]: US > Is CN=om.dynu.net, OU=Dev, O=OM, L=Somecity, ST=NY, C=US correct? > [no]: yes > > 2. Create a CSR from the keystore: > keytool -certreq -keyalg RSA -alias red5 -file red5/om.dynu.net.csr > -keystore red5/keystore.jks > > 3. Add the CA root certificate to the keystore (answer yes on cert already > exist in system wide CA keystore): > keytool -import -alias root -keystore red5/keystore.jks -trustcacerts > -file C:\SSL\isrgrootx1.pem.txt > > 4. Add the CA intermediate certificate to the keystore: > keytool -import -alias intermed -keystore red5/keystore.jks -trustcacerts > -file C:\SSL\intermediate-crt.txt > > 5. Generate an account key and domain key for each domain. You only need > to generate the account key once. > Domain key is best to be created for every separate set of names you are > creating certificates for. > openssl genrsa -out account.key 4096 > openssl genrsa -out red5/om.dynu.net-domain.key 2048 > > 6. Generate the SSL certificate for your domain: > le64 -key account.key -csr red5/om.dynu.net.csr -csr-key > red5/om.dynu.net-domain.key -crt red5/om.dynu.net.crt -domains " > om.dynu.net" -path C:\red5401\webapps\root\.well-known\acme-challenge > -unlink -live -legacy > > 7. Import the certificate you received: > keytool -import -alias red5 -keystore red5/keystore.jks -trustcacerts > -file red5/om.dynu.net.crt > > 8. Check the keystore certificates > keytool -list -keystore red5/keystore.jks > > 9. Overwrite the following keystore files with the new keystore.jks > copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.screen > copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\keystore.jks > copy /Y C:\SSL\red5\keystore.jks C:\red5401\conf\truststore.jks > > 10. Restart the Red5 Windows Service > net stop Red5 && sleep 10 && net start Red5 > > 11. Check the domain's SSL certificate: > https://www.ssllabs.com/ssltest/analyze.html?d=om.dynu.net&latest > > Note: To revoke a certificate execute: > le64 -key account.key -crt red5/om.dynu.net.crt -revoke -domains " > om.dynu.net" -live > > Bonus: > Windows batch script for renewal 20 days before expiration: > @echo off > c:\ssl\le64.exe --key c:\ssl\account.key --csr c:\ssl\red5\om.dynu.net.csr > --csr-key c:\ssl\red5\om.dynu.net-domain.key --crt > c:\ssl\red5\om.dynu.net.crt --domains "om.dynu.net" --path > c:\red5401\webapps\root\.well-known\acme-challenge --unlink --renew 20 > --issue-code 100 --live -legacy > if errorlevel 255 goto error > if errorlevel 100 goto renew > goto exit > :error > # add e-mail communication > goto exit > :renew > copy /Y c:\ssl\red5\keystore.jks c:\ssl\red5\keystore.jks.bak > keytool -delete -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass > <pass> > sleep 2 > keytool -import -alias red5 -keystore c:\ssl\red5\keystore.jks -storepass > <pass> -trustcacerts -file c:\ssl\red5\om.dynu.net.crt > sleep 2 > net stop Red5 > sleep 2 > copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.screen > copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\keystore.jks > copy /Y c:\ssl\red5\keystore.jks c:\red5401\conf\truststore.jks > net start Red5 > :exit > -- WBR Maxim aka solomax
